Solved

Exchange ActiveSync Multiple Exchange Servers on One domain

Posted on 2014-03-11
8
1,339 Views
Last Modified: 2014-04-13
Hi All,

I have a small issue that i have run into during an upgrade.

Client has SBS 2003 with Exchange 2003.  I have installed a new Windows Server 2012 with Exchange 2010.

I have moved 2 test users mailboxes to the new server.  All good, and it all works via outlook in the office.

The 2 exchange servers are communicating with each other and passing mail correctly.

I can't however get exchange active sync to work for both servers at the same time.

If i forward port 443 to the new server, then exchange activesync to mobile works for the moved mailboxes but not the old non moved mailboxes.  If i leave port 443 pointing to the old server then the users on that server can use active sync.

Is there a way to allow users on either server to have phone access to their respective mailbox.

ie.  Can you run activesync on 2 servers and have the old server re-direct traffic to the new server for the moved mailboxes?

As a side note.  Outlook web access also doesn't work remotely for users on the new server unless i redirect traffic which of course breaks connectivity to the old server.

Internally OWA works as i can point to either server from within the network.

Any advise would be appreciated.

Thanks
0
Comment
Question by:DKajfes
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 39922623
For both exchange server work they need configure in coexists mode.

Please refer below articles to configure coexists:
http://technet.microsoft.com/en-us/library/dd638130(v=exchg.141).aspx

http://technet.microsoft.com/en-us/library/ee332348(v=exchg.141).aspx
0
 
LVL 8

Expert Comment

by:N-W
ID: 39922729
Here's a simpler article on how to configure Exchange for your requirements: http://exchangeserverpro.com/exchange-2003-2010-coexistence/

In short, unless you are running ISA2007 or similar, you will need multiple public IPs to differentiate between the two servers for OWA/ActiveSync connections.
0
 

Author Comment

by:DKajfes
ID: 39922802
Thanks for the links, however I really only need activesync to work.  OWA is not an issue as they have not been shown how to use it yet.

At this stage the public IP points to Exchange 2003 server, not the new 2010.

Should I redirect traffic to 2010 then link back to 2003?

Can I somehow make activesync work with 2010 via 2003?

Thanks
0
 
LVL 8

Expert Comment

by:N-W
ID: 39922837
Unfortunately you can't unless your running ISA 2006 or another similar reverse proxy engine.

If you don't have a reverse proxy, you'll need two public IPs (one to point to Exchange 2003 and the other to Exchange 2010).
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39923090
ActiveSync should proxy to the Exchange 2003 server. It is only OWA that requires separate IP addresses.
This is outlined in the Proxy and Redirection article on TechNet.
http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx

What can happen, particularly with SBS 2003 servers, is that the configuration of the server isn't correct, usually around authentication settings and the proxy fails.

Running the Exchange 2003 BPA (Download from Microsoft), the Exchange 2010 BPA (in the toolbox) and also the external testing tool at http://exrca.com/ can often pinpoint where the configuration is wrong.

Simon.
0
 

Author Comment

by:DKajfes
ID: 39928666
Thanks Simon, I read the article you linked above, and modified the authentication settings.  Still no Joy.  BPA doesn't reveal anything wrong.

So I modified authentication settings as per the article, I opened port 443 for active sync to the new server.

I have a SSL certificate for our mail domain, and assigned the services to it.

Users on the new server can now login via mobile devices - its really slow however. But works. takes over 60 seconds to sync, while old server does it in 2 or 3 seconds.

Users on the old server now get an invalid certificate error.  and I can't connect.

If I set the port redirection back to the old 2003 server, users on the old server can't login due to certificate error until I go back to the new server and un assign services to the SSL cert.  

I can't understand what is going on with the SSL.  

The old server was setup years ago with eg "mail.domain1.com.au"  its not their primary address anymore - they use "mail.domain2.com.au" now.

The new server was setup with "mail.domain2.com.au" as the primary domain when I setup exchange 2010.   I did get a certificate which included both domain1 and domain2 on it.

Exchange 2010 server is on the same local domain as exchange 2003 and the DC.  Internally on the network all users are able to use outlook irrespective of which server their mailbox is on.

Could the ssl have something to do with it?

Thanks.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 300 total points
ID: 39928867
ActiveSync is very sensitive to SSL errors.
How long is the Exchange 2003 server going to be hanging around for? In cases like this I will often reset the virtual directories.
http://support.microsoft.com/kb/883380

In their default state they should allow the proxying to occur.

Otherwise accelerate the migration and troubleshoot it once everyone is on Exchange 2010. That is much easier, the Exchange 2003 version of ActiveSync is a horrible kludge (it was a bolt on) so breaks easily and is a pig to troubleshoot.

Simon.
0
 

Author Closing Comment

by:DKajfes
ID: 39998063
Thanks Simon,  Was not able to get a solution to this so i have decided to accelerate the migration. Thanks.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The viewer will learn how to create a normally distributed random variable in Excel, use a normal distribution to simulate the return on an investment over a period of years, Create a Monte Carlo simulation using a normal random variable, and calcul…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now