Office 365 Migration Endpoint

Trying to set up the endpoint for an Exchange 2010 to Office 365 migration.

What is working:

- Outlook Anywhere configured
- UC Certificate in use
- Passes all https://testconnectivity.microsoft.com/ tests  *see notes at bottom on this
- Can connect to mailbox externally via Outlook & OWA
- Account being used for privileges has full access to all mailboxes
- Checked over ActiveSync IIS settings, all set correct

When creating the new batch I put in an email address (have tried various just in case), and then I put in the account with privileges as domain\username, along with its password.

Sits for awhile and comes back with:

We couldn't detect your server settings. Please enter them. The migration service failed to detect the migration endpoint using the Autodiscover service. Please enter the migration endpoint settings or go back to the first step and retry using the Autodiscover service. Consider using the Exchange Remote Connectivity Analyzer ‎(https://testexchangeconnectivity.com)‎ to diagnose the connectivity issues.

So I put those in.

Exchange Server:  server.domain.local
RPC Proxy Server:  mail.domain.com
Authentication: Basic
Mailbox Permission: Full Access

Comes back with:

We couldn't discover the migration endpoint. Consider using the Exchange Remote Connectivity Analyzer (https://testexchangeconnectivity.com) to diagnose the connectivity issues.

Few Notes:

If I use the administrator account to try to run the Exchange ActiveSync test I get:

An ActiveSync session is being attempted with the server.
       Errors were encountered while testing the Exchange ActiveSync session.
       
      Additional Details
       
      Test Steps
       
      Attempting to send the OPTIONS command to the server.
       Testing of the OPTIONS command failed. For more information, see Additional Details.
       
      Additional Details
       
An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
HTTP Response Headers:
Content-Length: 1233
Cache-Control: private
Content-Type: text/html
Date: Thu, 11 Sep 2014 23:35:04 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Elapsed Time: 273 ms.


If I use another account it works.  All other tests pass with admin account.  I believe this is fine though, if I recall the administrator account doesn't have access to activesync.

I have tried giving full access permission to another account and using that, get the same errors when trying to create the endpoint.

Yesterday i created the endpoint and it found everything fine, came back today to start and it was not working.  I deleted the endpoint from Office 365 and this is where I am now.

Any help would be greatly appreciated.
LVL 2
DerekFGAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
Forget the Activesync test - please use the Outlook Autodiscover test.

As long as Outlook Anywhere works happily and can be auto-configured, then the Endpoint should automatically be created and you can start the cutover migration.

Alan
0
DerekFGAuthor Commented:
Connectivity Test Successful with Warnings

The Microsoft Connectivity Analyzer is attempting to test Autodiscover for administrator@domain.com.
       Autodiscover was tested successfully.
       
      Additional Details
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service was tested successfully.
       
      Additional Details
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
      Test Steps
      Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml
       Testing of the Autodiscover URL was successful.
       
      Additional Details
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.domain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Additional Details
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
      Validating the certificate name.
       The certificate name was validated successfully.
       
      Additional Details
      Certificate trust is being validated.
       The certificate is trusted and all certificates are present in the chain.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.domain.com, OU=Domain Control Validated.
       One or more certificate chains were constructed successfully.
       
      Additional Details
      Analyzing the certificate chains for compatibility problems with versions of Windows.
       Potential compatibility problems were identified with some versions of Windows.
       
      Additional Details
       
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 5 ms.
      Testing the certificate date to confirm the certificate is valid.
       Date validation passed. The certificate hasn't expired.
       
      Additional Details
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
      Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
       
      Additional Details
       
      Test Steps

--

Seems fine, domain.com would be directed to their off-site website, but autodiscover goes through with just the one warning.  From what I have looked up on it, that is fine as well.

I connected to the Office 365 through powershell and ran:

Test-MigrationServerAvailability -ExchangeOutlookAnywhere -Autodiscover -EmailAddress administrator@domain.com -Credentials $credentials

Comes back with:

RunspaceId         : 1bc172b3-c7a3-4491-9923-0a6c603c2e52
Result             : Failed
Message            : The migration service failed to detect the migration endpoint using the Autodiscover service. Plea
                     se enter the migration endpoint settings or go back to the first step and retry using the Autodisc
                     over service. Consider using the Exchange Remote Connectivity Analyzer (https://testexchangeconnec
                     tivity.com) to diagnose the connectivity issues.
ConnectionSettings :
SupportsCutover    : True
ErrorDetail        : Microsoft.Exchange.WebServices.Data.AutodiscoverLocalException: The Autodiscover service couldn't
                     be located.
                        at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetSettings[TGetSettingsResp
                     onseCollection,TSettingName](List`1 identities, List`1 settings, Nullable`1 requestedVersion, GetS
                     ettingsMethod`2 getSettingsMethod, Func`1 getDomainMethod)
                        at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetUserSettings(List`1 smtpA
                     ddresses, List`1 settings)
                        at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.InternalGetSoapUserSettings(
                     String smtpAddress, List`1 requestedSettings)
                        at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetUserSettings(String userS
                     mtpAddress, UserSettingName[] userSettingNames)
                        at Microsoft.Exchange.Migration.MigrationAutodiscoverClient.GetUserSettings(ExchangeVersion exc
                     hangeVersion, NetworkCredential credential, String emailAddress)
IsValid            : True
Identity           :
ObjectState        : New
0
DerekFGAuthor Commented:
Okay, well.. i changed mail.domain.com to autodiscover.domain.com after it couldn't find the settings on its own and it created the endpoint....

Just yesterday it found mail.domain.com fine as the endpoint, so I am a bit confused.  I only thought to try this since when running the above test it failed on domain.com but worked with autodiscover.domain.com.

Going to start it and see if I run into any further issues.
0
Alan HardistyCo-OwnerCommented:
Oh well - sounds like you have a DNS problem as it isn't replicating properly, but as long as it created the endpoint, you should be able to commence the batch file.

Alan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DerekFGAuthor Commented:
The DNS addition of autodiscover.domain.com was done at the same time as the initial endpoint was setup that worked with mail.domain.com.  I'm thinking that after autodiscover record picked up, that is where it started to fail.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.