Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange server 2003 to 2010 migration

Posted on 2014-03-23
12
438 Views
Last Modified: 2014-04-12
We have done migration from exchange server 2003 to exchange server 2010.

We have successfully moved all the mailboxes and public folders to the exchange server 2010.
We have verified the mail flow and its working fine.
Still we have not done decommission of exchange server 2003 because we are facing issue with wild card ssl certificate.
Doamin name: xyz.contoso.com
FQSN name of exchange server 2003 - def-mail.xyz.contoso.com
FQDN name of exchange server 2010 - abc-mail.xyz.contoso.com

owa URL 2003: https://mail.contoso.com/exchange
Owa URL 2010: https://mail.contoso.com/owa

We have split dns configuration.
We purchased the Wild card SSL certificate with *.contoso.com

We have verified below things
2010 owa can be accessed externally and internally with url: https://mail.contoso.com/owa
and mail flow is working fine.

we are able to configure emails in cell phone with the url: https://mail.contoso.com and mail flow is working fine

outlook client can be configured externally and mail flow is working and no error found. but we have verified the server url after the outlook configuration. the server name is abc-mail.xyz.contoso.com. It should be mail.contoso.com. right?

When we are configure outlook internally then we are getting error message of "the name on the security certificate is invalid or does not match the name of the site"

From the outlook client we have done test email auto configuration the we are getting error of "autodiscover to https://contoso.com/autodiscover/autodiscover.xml failed (0x800c8203) "

kindly suggetst... we are stuck over here...
0
Comment
Question by:rigelnet
  • 3
  • 2
  • 2
  • +5
12 Comments
 
LVL 5

Expert Comment

by:arjunvyavahare
ID: 39948463
Hi,

Suggest you to go through below url, which contains the steps to resolve this issue:-

http://blogs.technet.com/b/tips_from_the_inside/archive/2012/01/11/autodiscover-fails-for-one-or-more-users.aspx

Regards,
Arjun
0
 
LVL 19

Expert Comment

by:R--R
ID: 39948479
check this from http://technet.microsoft.com may help you.

http://technet.microsoft.com/en-us/library/cc535023(v=exchg.80).aspx

Set-OutlookProvider EXPR -CertPrincipalName msstd:*.contoso.com.com
Set-OutlookProvider EXCH -CertPrincipalName msstd:*.contoso.com.com

also check if internalurl and external url is configured as mail.contoso.com of webservices and clientaccessserver.

Check this from http://premnair.wordpress.com

http://premnair.wordpress.com/2010/07/03/configure-ews-autodiscover-owa-oab-ecp-on-exchange-server-2010/
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39948484
What is your autodiscover Host(A) record ?
I don't see any record mentioned above.
Since you have split dns in place https://contoso.com would give you error because you must be having domain controllers blank fqdn records present in AD zone contoso.com which might be the cause of autodiscover query failure, its likely dns name resolution failure

Please configure autodiscover.contoso.com entry in dns pointing to Exchange 2010 CAS server and check

Mahesh
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 27

Expert Comment

by:davorin
ID: 39948514
Exchange server name abc-mail.xyz.contoso.com in outlook is just fine. mail.contoso.com and *.contoso.com should be configured in exchange proxy settings.

For internal configuration the problem is (not 100% sure) that you are using dual level subdomain. If the internal server name yould be abc-mail.contoso.com or xyz.contoso.com it should be fine, but you are using abc-mail.XYZ.contoso.com

http://en.wikipedia.org/wiki/Wildcard_certificate
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39948749
I would go one step further.
Change to use an RPC CAS Array address instead (which everyone with Exchange 2010 should do). That will be an internal only host name that exists in DNS only. That will stop you from using the server's real name, and if you start using a load balancer or migrate to another Exchange 2010 server it will make the decommissioning of the existing server much easier.

Simon.
0
 
LVL 12

Assisted Solution

by:Md. Mojahid
Md. Mojahid earned 125 total points
ID: 39949733
0
 
LVL 11

Accepted Solution

by:
hecgomrec earned 250 total points
ID: 39950190
When you setup Exchange Server it creates a default self-signed certificate for internal use and the common name on it is usually the machinename.domainname, when you installed the new certificate you did with your external (internet facing) name which is normal but now you need to replace the fully qualified domain name (FQDN) of the URL that is stored in the following objects:

The Service Connection Point for the Autodiscover
The InternalUrl of Exchange Web Service (EWS)
The InternalUrl of the OAB Web service


Here is what worked for me: http://support.microsoft.com/kb/940726 

Make sure your DNS match the settings you just changed.
0
 

Author Comment

by:rigelnet
ID: 39950474
Still we are facing below issue

When we are configure outlook internally then we are getting error message of "the name on the security certificate is invalid or does not match the name of the site"

we have configured autodiscover host A record is : mail.contoso.com

external url: https://mail.contoso.com
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39950641
You haven't changed all of the URLs.
Go through my article here: http://semb.ee/hostnames

It outlines everything that needs to be changed.

Simon.
0
 

Author Comment

by:rigelnet
ID: 39951346
For more clear view ,

We have done migration from exchange server 2003 to exchange server 2010.

We have successfully moved all the mailboxes and public folders to the exchange server 2010.
We have verified the mail flow and its working fine.
Still we have not done decommission of exchange server 2003 because we are facing issue with wild card ssl certificate.
Doamin name: willoughby.castnylon.com
FQSN name of exchange server 2003 - Jabba.willoughby.castnylon.com
FQDN name of exchange server 2010 - Cnl-mail.willoughby.castnylon.com

owa URL 2003: http://mail.castnylon.com/exchange
Owa URL 2010: https://mail.castnylon.com/owa

We have split dns configuration.
We purchased the Wild card SSL certificate with *.castnylon.com

We have verified below things
2010 owa can be accessed externally and internally with url: https://mail.castnylon.com/owa
and mail flow is working fine.

we are able to configure emails in cell phone with the url: https://mail.castnylon.com and mail flow is working fine

outlook client can be configured externally and mail flow is working and no error found. but we have verified the server url after the outlook configuration. the server name is cnl-mail.willoughby.castnylon.com It should be mail.castnylon.com. right?

When we are configure outlook internally then we are getting error message of "the name on the security certificate is invalid or does not match the name of the site"

From the outlook client we have done test email auto configuration the we are getting error of "autodiscover to https://castnylon.com/autodiscover/autodiscover.xml failed (0x800c8203) "

kindly suggest... we are stuck over here...
Error1.JPG
Error2.JPG
Error3.JPG
Error4.JPG
Error5.JPG
Error6.JPG
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39951523
Please follow the indications I gave you... you will fix your issues... I had the same error when I did my migration.

All your settings should match, internal and external.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 125 total points
ID: 39953018
"but we have verified the server url after the outlook configuration. the server name is cnl-mail.willoughby.castnylon.com It should be mail.castnylon.com. right?"

No.

The server name will always be the server's REAL name.
If you are getting SSL prompts then that is NOT the cause of them, it is because you have missed one of the URLs.

Simon.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
This video discusses moving either the default database or any database to a new volume.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question