Solved

Cannot access Exchange 2010 with smartphone

Posted on 2014-03-04
8
1,031 Views
Last Modified: 2014-11-12
We have set up an Exchange 2010 server along side Exchange 2003 for testing and have moved a dozen or so users over, including me. I can send and receive mail OK.  I could access my mail before on my Windows phone or Android device before I moved my mailbox by using the IP address on our internet facing router in the settings when I configured my devices.

Inbound connections from the router goes to our Watchguard device which sends mail to the IP of our spam filter, a WatchGuard device. From there it is all sent to the IP address of Exchange 2003 server. Since I moved my mailbox to the Exchange 2010 server I cannot get mail on my phone or tablet anymore. I assume it is because the spam filter is sending everything to the IP of the Exchange 2003 server, but why are the send-receive connectors not putting me thru to the new Exchange 2010 server?
0
Comment
Question by:LarryDAH
  • 3
  • 3
  • 2
8 Comments
 
LVL 10

Expert Comment

by:Vijaya Babu Sekar
ID: 39905309
You can enable the inheritance from ADUC-> user's properties-> security->advanced-> enabled the inheritance, then you can check. Thanks.
0
 

Author Comment

by:LarryDAH
ID: 39906399
I enabled it for my account but still no email. Also, for some reason, it keeps resetting back to 'disabled'.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39906928
If your 2003 Server is still your "MAIN" server you are not going to be able to open a much newer mailbox on your 2010 Server.  This is by design.

Put your 2010 server as your "Main" server by changing in your router and DNS Server all records that points to your old server to point the new one.

You are going to get your messages back in your mobile and in your computer, but this will bring some issues somewhere else, your OWA will need to be setup and redirected to match the new server settings and if someone uses OWA and is on the 2003 server they won't be able to open their mailboxes... like you where not able to open yours from the phone.

Users will get the following error:

"Your request couldn't be completed because no server with the correct security settings was found to handle the request. If the problem continues, contact your helpdesk."


Reason:   You haven’t set Exchange 2010’s CAS server for it to know what is the URL for your Exchange 2010 Outlook Web App and what is the URL for your legacy Exchange 2003 Outlook Web Access.

Solution:  Open Exchange Management Shell and execute the following by replacing the server with yours:

Get-OwaVirtualDirectory -server internalCASserverName | Set-OwaVirtualDirectory -externalURL https://webmail.yourDomain.com/OWA -Exchange2003URL https://legacy.yourDomain.com/exchange 


If your mail flow stop, you might need to add in your 2010 using the EMC under Server Configuration->Hub Transport-Default ServerName receive connector, properties, permission groups "Anonymous users".

You will also have to install a certificate, if your internal and external domains are not the same on the certificate and you can get a "general" certificate or one with up to 5 names on it your users will get the following error message on outlook:

Outlook 2007 security warning: "The name of the security certificate is invalid or does not match the name of the site"

Follow this link to fix that: http://support.microsoft.com/kb/940726
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:LarryDAH
ID: 39907937
Well, I was hoping for some time to do testing. Do you mean that any user who accesses their email via a smartphone, tablet, etc will either need to stay on 2003 during the test to keep their connection?

So the 2010 test users won't have phone access or OWA until I move everyone over and point everything to the 2010 server as the main one?
0
 
LVL 10

Expert Comment

by:Vijaya Babu Sekar
ID: 39908382
If your account has admin permission, it will not work inheritance. That's why Ms recommemdaed xadm id for administrative purpose and normal account should be used for normal operation. If you enabled inheritance for your administrative account, it will disabled automatically, Thanks for understanding.
0
 
LVL 11

Accepted Solution

by:
hecgomrec earned 500 total points
ID: 39909338
No.!!! As I explained before:

The 2003 box won't open 2010 mailboxes and 2010 box won't open 2003 mailboxes.

When I say box.... I'm talking about OWA and ActiveSync...  remember... when you use a mobile device you're connecting to the server using any of the virtual directory services (SMTP, IMAP, POP or ActiveSync) therefore you can't expect they will have access to each other specially not from 2003 to 2010 but if you follow my suggestion your 2010 will be able to find your and open your 2003 mailboxes.

Now, I'm not sure about Windows devices (not have configured any yet) but I can tell you that latest Android OS will ask for permission on the devices if not accepted the user can't get or send emails because with 2010 you can do lots of things to the phone remotely, like wipe it, reset it, cancel cameras, cancel wifi, etc. This doesn't happen with iOS or BB they will just get disconnected at about 28% of the transfer from 2003 to 2010 and then back to normal when finish.

When I started mine migration I had same issue... like 3 weeks ago... I fixed the issue with the step I gave you... I'm still not done moving my mailboxes, the new box is in control and all users are getting their emails regardless their connection to the server.
0
 

Author Comment

by:LarryDAH
ID: 39909444
Vijaya, does that mean if I use the xadm account to enable inheritance for my account I can sync my phone again to my email box on 2010?
0
 
LVL 10

Expert Comment

by:Vijaya Babu Sekar
ID: 39911585
No Xadm account will not work with the iPhone. Because it will not allow inheritance, you may try to your normal account. That means should not have any administrative privileges with inheritance. Thanks.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This video discusses moving either the default database or any database to a new volume.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now