Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange 2007 to 2010 Migration-Activesync

Posted on 2014-02-21
3
Medium Priority
?
767 Views
Last Modified: 2014-02-24
Hello:

I am in the process of migrating from SBS 2008 to Windows Server 2008 R2 and Exchange 2010. So far, the migration has gone well, but I am running into a bit of a snag as far as Outlook Anywhere, Outlook Autodiscover, Exchange ActiveSync and Exchange ActiveSync Autodiscover are concerned. We have installed a UCC SAN certificate from Go Daddy on both servers (EXCHANGE2007 and EXCHANGE2010) with the following names: autodiscover.domain.com, legacy.domain.com, mail.domain.com, EXCHANGE2007.domain.com, EXCHANGE2010.domain.com, domain.com. The certificate is working just fine from outside the network (i.e., no errors). I have added the "autodiscover" name to the DNS that is hosted by our ISP and have added A records to our internal DNS for both "legacy" (points to EXCHANGE2007) and "autodiscover" (points to EXCHANGE2010) and changed the internal DNS record for  "mail" to point to EXCHANGE2010. From inside the network, everything seems to work as expected. To test, I created two test users (TEST1 and TEST2) and moved the mailbox of TEST2 to the EXCHANGE2010 server (after populating both mailboxes with test emails). Internally, the user (TEST1) whose mailbox resides on EXCHANGE2007 is being redirected to that server when they log in using OWA 2007 and the user whose mailbox is on EXCHANGE2010 (TEST2) is going to OWA 2010.

To test externally, I have opened ports 443 and 80 on our Sonicwall firewall and pointed it to the internal IP of the EXCHANGE2010 server. Everything seems to work well as far as OWA is concerned. By that I mean it mirrors what I see internally. However, all users who use an IPhone to connect remotely lose their connection to the server. When I use Microsoft's Remote Connectivity Analyzer to check Exchange ActiveSync, it results in an error of "Testing of OPTIONS command failed with a 403 forbidden response, Forbidden: Access is denied, You do not have permission to view this directory or page using the credentials that you supplied".

Since we have several users who connect with their IPhone from outside, I panicked and disabled the firewall rule that opened ports 443 and 80 to the EXCHANGE2010 server. I don't know if this matters or not, but the original firewall rules pointing ports 443 and 80 to EXCHANGE2007 were still active when I created the firewall rules to EXCHANGE2010 and I am not sure if I should have disabled these first.

I am sorry for such a longwinded post, but I feel I am very close to getting this to work and I need help!

Thank you very much and please let me know if additional information is needed.
0
Comment
Question by:ctsuhako
  • 2
3 Comments
 
LVL 8

Accepted Solution

by:
Jeff Perry earned 2000 total points
ID: 39878001
0
 

Author Comment

by:ctsuhako
ID: 39883599
Thank you. The solution seemed to be to leave the External URL on the Exchange 2007 CAS empy.
0
 
LVL 8

Expert Comment

by:Jeff Perry
ID: 39883746
You are welcome, glad you got it working.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question