Solved

Exchange server 2003 to 2010 migration

Posted on 2014-03-23
12
434 Views
Last Modified: 2014-04-12
We have done migration from exchange server 2003 to exchange server 2010.

We have successfully moved all the mailboxes and public folders to the exchange server 2010.
We have verified the mail flow and its working fine.
Still we have not done decommission of exchange server 2003 because we are facing issue with wild card ssl certificate.
Doamin name: xyz.contoso.com
FQSN name of exchange server 2003 - def-mail.xyz.contoso.com
FQDN name of exchange server 2010 - abc-mail.xyz.contoso.com

owa URL 2003: https://mail.contoso.com/exchange
Owa URL 2010: https://mail.contoso.com/owa

We have split dns configuration.
We purchased the Wild card SSL certificate with *.contoso.com

We have verified below things
2010 owa can be accessed externally and internally with url: https://mail.contoso.com/owa
and mail flow is working fine.

we are able to configure emails in cell phone with the url: https://mail.contoso.com and mail flow is working fine

outlook client can be configured externally and mail flow is working and no error found. but we have verified the server url after the outlook configuration. the server name is abc-mail.xyz.contoso.com. It should be mail.contoso.com. right?

When we are configure outlook internally then we are getting error message of "the name on the security certificate is invalid or does not match the name of the site"

From the outlook client we have done test email auto configuration the we are getting error of "autodiscover to https://contoso.com/autodiscover/autodiscover.xml failed (0x800c8203) "

kindly suggetst... we are stuck over here...
0
Comment
Question by:rigelnet
  • 3
  • 2
  • 2
  • +5
12 Comments
 
LVL 5

Expert Comment

by:arjunvyavahare
ID: 39948463
Hi,

Suggest you to go through below url, which contains the steps to resolve this issue:-

http://blogs.technet.com/b/tips_from_the_inside/archive/2012/01/11/autodiscover-fails-for-one-or-more-users.aspx

Regards,
Arjun
0
 
LVL 19

Expert Comment

by:R--R
ID: 39948479
check this from http://technet.microsoft.com may help you.

http://technet.microsoft.com/en-us/library/cc535023(v=exchg.80).aspx

Set-OutlookProvider EXPR -CertPrincipalName msstd:*.contoso.com.com
Set-OutlookProvider EXCH -CertPrincipalName msstd:*.contoso.com.com

also check if internalurl and external url is configured as mail.contoso.com of webservices and clientaccessserver.

Check this from http://premnair.wordpress.com

http://premnair.wordpress.com/2010/07/03/configure-ews-autodiscover-owa-oab-ecp-on-exchange-server-2010/
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39948484
What is your autodiscover Host(A) record ?
I don't see any record mentioned above.
Since you have split dns in place https://contoso.com would give you error because you must be having domain controllers blank fqdn records present in AD zone contoso.com which might be the cause of autodiscover query failure, its likely dns name resolution failure

Please configure autodiscover.contoso.com entry in dns pointing to Exchange 2010 CAS server and check

Mahesh
0
 
LVL 27

Expert Comment

by:davorin
ID: 39948514
Exchange server name abc-mail.xyz.contoso.com in outlook is just fine. mail.contoso.com and *.contoso.com should be configured in exchange proxy settings.

For internal configuration the problem is (not 100% sure) that you are using dual level subdomain. If the internal server name yould be abc-mail.contoso.com or xyz.contoso.com it should be fine, but you are using abc-mail.XYZ.contoso.com

http://en.wikipedia.org/wiki/Wildcard_certificate
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39948749
I would go one step further.
Change to use an RPC CAS Array address instead (which everyone with Exchange 2010 should do). That will be an internal only host name that exists in DNS only. That will stop you from using the server's real name, and if you start using a load balancer or migrate to another Exchange 2010 server it will make the decommissioning of the existing server much easier.

Simon.
0
 
LVL 12

Assisted Solution

by:Md. Mojahid
Md. Mojahid earned 125 total points
ID: 39949733
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 11

Accepted Solution

by:
hecgomrec earned 250 total points
ID: 39950190
When you setup Exchange Server it creates a default self-signed certificate for internal use and the common name on it is usually the machinename.domainname, when you installed the new certificate you did with your external (internet facing) name which is normal but now you need to replace the fully qualified domain name (FQDN) of the URL that is stored in the following objects:

The Service Connection Point for the Autodiscover
The InternalUrl of Exchange Web Service (EWS)
The InternalUrl of the OAB Web service


Here is what worked for me: http://support.microsoft.com/kb/940726

Make sure your DNS match the settings you just changed.
0
 

Author Comment

by:rigelnet
ID: 39950474
Still we are facing below issue

When we are configure outlook internally then we are getting error message of "the name on the security certificate is invalid or does not match the name of the site"

we have configured autodiscover host A record is : mail.contoso.com

external url: https://mail.contoso.com
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39950641
You haven't changed all of the URLs.
Go through my article here: http://semb.ee/hostnames

It outlines everything that needs to be changed.

Simon.
0
 

Author Comment

by:rigelnet
ID: 39951346
For more clear view ,

We have done migration from exchange server 2003 to exchange server 2010.

We have successfully moved all the mailboxes and public folders to the exchange server 2010.
We have verified the mail flow and its working fine.
Still we have not done decommission of exchange server 2003 because we are facing issue with wild card ssl certificate.
Doamin name: willoughby.castnylon.com
FQSN name of exchange server 2003 - Jabba.willoughby.castnylon.com
FQDN name of exchange server 2010 - Cnl-mail.willoughby.castnylon.com

owa URL 2003: http://mail.castnylon.com/exchange
Owa URL 2010: https://mail.castnylon.com/owa

We have split dns configuration.
We purchased the Wild card SSL certificate with *.castnylon.com

We have verified below things
2010 owa can be accessed externally and internally with url: https://mail.castnylon.com/owa
and mail flow is working fine.

we are able to configure emails in cell phone with the url: https://mail.castnylon.com and mail flow is working fine

outlook client can be configured externally and mail flow is working and no error found. but we have verified the server url after the outlook configuration. the server name is cnl-mail.willoughby.castnylon.com It should be mail.castnylon.com. right?

When we are configure outlook internally then we are getting error message of "the name on the security certificate is invalid or does not match the name of the site"

From the outlook client we have done test email auto configuration the we are getting error of "autodiscover to https://castnylon.com/autodiscover/autodiscover.xml failed (0x800c8203) "

kindly suggest... we are stuck over here...
Error1.JPG
Error2.JPG
Error3.JPG
Error4.JPG
Error5.JPG
Error6.JPG
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39951523
Please follow the indications I gave you... you will fix your issues... I had the same error when I did my migration.

All your settings should match, internal and external.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 125 total points
ID: 39953018
"but we have verified the server url after the outlook configuration. the server name is cnl-mail.willoughby.castnylon.com It should be mail.castnylon.com. right?"

No.

The server name will always be the server's REAL name.
If you are getting SSL prompts then that is NOT the cause of them, it is because you have missed one of the URLs.

Simon.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now