Solved

Office 365 Migration Endpoint

Posted on 2014-09-11
5
3,169 Views
Last Modified: 2014-09-17
Trying to set up the endpoint for an Exchange 2010 to Office 365 migration.

What is working:

- Outlook Anywhere configured
- UC Certificate in use
- Passes all https://testconnectivity.microsoft.com/ tests  *see notes at bottom on this
- Can connect to mailbox externally via Outlook & OWA
- Account being used for privileges has full access to all mailboxes
- Checked over ActiveSync IIS settings, all set correct

When creating the new batch I put in an email address (have tried various just in case), and then I put in the account with privileges as domain\username, along with its password.

Sits for awhile and comes back with:

We couldn't detect your server settings. Please enter them. The migration service failed to detect the migration endpoint using the Autodiscover service. Please enter the migration endpoint settings or go back to the first step and retry using the Autodiscover service. Consider using the Exchange Remote Connectivity Analyzer ‎(https://testexchangeconnectivity.com)‎ to diagnose the connectivity issues.

So I put those in.

Exchange Server:  server.domain.local
RPC Proxy Server:  mail.domain.com
Authentication: Basic
Mailbox Permission: Full Access

Comes back with:

We couldn't discover the migration endpoint. Consider using the Exchange Remote Connectivity Analyzer (https://testexchangeconnectivity.com) to diagnose the connectivity issues.

Few Notes:

If I use the administrator account to try to run the Exchange ActiveSync test I get:

An ActiveSync session is being attempted with the server.
       Errors were encountered while testing the Exchange ActiveSync session.
       
      Additional Details
       
      Test Steps
       
      Attempting to send the OPTIONS command to the server.
       Testing of the OPTIONS command failed. For more information, see Additional Details.
       
      Additional Details
       
An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
HTTP Response Headers:
Content-Length: 1233
Cache-Control: private
Content-Type: text/html
Date: Thu, 11 Sep 2014 23:35:04 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Elapsed Time: 273 ms.


If I use another account it works.  All other tests pass with admin account.  I believe this is fine though, if I recall the administrator account doesn't have access to activesync.

I have tried giving full access permission to another account and using that, get the same errors when trying to create the endpoint.

Yesterday i created the endpoint and it found everything fine, came back today to start and it was not working.  I deleted the endpoint from Office 365 and this is where I am now.

Any help would be greatly appreciated.
0
Comment
Question by:DerekFG
  • 3
  • 2
5 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40318373
Forget the Activesync test - please use the Outlook Autodiscover test.

As long as Outlook Anywhere works happily and can be auto-configured, then the Endpoint should automatically be created and you can start the cutover migration.

Alan
0
 
LVL 2

Author Comment

by:DerekFG
ID: 40318378
Connectivity Test Successful with Warnings

The Microsoft Connectivity Analyzer is attempting to test Autodiscover for administrator@domain.com.
       Autodiscover was tested successfully.
       
      Additional Details
       
      Test Steps
       
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service was tested successfully.
       
      Additional Details
       
      Test Steps
       
      Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml
       Testing of this potential Autodiscover URL failed.
       
      Additional Details
       
      Test Steps
      Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml
       Testing of the Autodiscover URL was successful.
       
      Additional Details
       
      Test Steps
       
      Attempting to resolve the host name autodiscover.domain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host autodiscover.domain.com to ensure it's listening and open.
       The port was opened successfully.
       
      Additional Details
      Testing the SSL certificate to make sure it's valid.
       The certificate passed all validation requirements.
       
      Additional Details
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.domain.com on port 443.
       The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       
      Additional Details
      Validating the certificate name.
       The certificate name was validated successfully.
       
      Additional Details
      Certificate trust is being validated.
       The certificate is trusted and all certificates are present in the chain.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mail.domain.com, OU=Domain Control Validated.
       One or more certificate chains were constructed successfully.
       
      Additional Details
      Analyzing the certificate chains for compatibility problems with versions of Windows.
       Potential compatibility problems were identified with some versions of Windows.
       
      Additional Details
       
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
Elapsed Time: 5 ms.
      Testing the certificate date to confirm the certificate is valid.
       Date validation passed. The certificate hasn't expired.
       
      Additional Details
      Checking the IIS configuration for client certificate authentication.
       Client certificate authentication wasn't detected.
       
      Additional Details
      Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
       
      Additional Details
       
      Test Steps

--

Seems fine, domain.com would be directed to their off-site website, but autodiscover goes through with just the one warning.  From what I have looked up on it, that is fine as well.

I connected to the Office 365 through powershell and ran:

Test-MigrationServerAvailability -ExchangeOutlookAnywhere -Autodiscover -EmailAddress administrator@domain.com -Credentials $credentials

Comes back with:

RunspaceId         : 1bc172b3-c7a3-4491-9923-0a6c603c2e52
Result             : Failed
Message            : The migration service failed to detect the migration endpoint using the Autodiscover service. Plea
                     se enter the migration endpoint settings or go back to the first step and retry using the Autodisc
                     over service. Consider using the Exchange Remote Connectivity Analyzer (https://testexchangeconnec
                     tivity.com) to diagnose the connectivity issues.
ConnectionSettings :
SupportsCutover    : True
ErrorDetail        : Microsoft.Exchange.WebServices.Data.AutodiscoverLocalException: The Autodiscover service couldn't
                     be located.
                        at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetSettings[TGetSettingsResp
                     onseCollection,TSettingName](List`1 identities, List`1 settings, Nullable`1 requestedVersion, GetS
                     ettingsMethod`2 getSettingsMethod, Func`1 getDomainMethod)
                        at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetUserSettings(List`1 smtpA
                     ddresses, List`1 settings)
                        at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.InternalGetSoapUserSettings(
                     String smtpAddress, List`1 requestedSettings)
                        at Microsoft.Exchange.WebServices.Autodiscover.AutodiscoverService.GetUserSettings(String userS
                     mtpAddress, UserSettingName[] userSettingNames)
                        at Microsoft.Exchange.Migration.MigrationAutodiscoverClient.GetUserSettings(ExchangeVersion exc
                     hangeVersion, NetworkCredential credential, String emailAddress)
IsValid            : True
Identity           :
ObjectState        : New
0
 
LVL 2

Author Comment

by:DerekFG
ID: 40318399
Okay, well.. i changed mail.domain.com to autodiscover.domain.com after it couldn't find the settings on its own and it created the endpoint....

Just yesterday it found mail.domain.com fine as the endpoint, so I am a bit confused.  I only thought to try this since when running the above test it failed on domain.com but worked with autodiscover.domain.com.

Going to start it and see if I run into any further issues.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 40318715
Oh well - sounds like you have a DNS problem as it isn't replicating properly, but as long as it created the endpoint, you should be able to commence the batch file.

Alan
0
 
LVL 2

Author Closing Comment

by:DerekFG
ID: 40328630
The DNS addition of autodiscover.domain.com was done at the same time as the initial endpoint was setup that worked with mail.domain.com.  I'm thinking that after autodiscover record picked up, that is where it started to fail.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
In a previous video Micro Tutorial here at Experts Exchange (http://www.experts-exchange.com/videos/1358/How-to-get-a-free-trial-of-Office-365-with-the-Office-2016-desktop-applications.html), I explained how to get a free, one-month trial of Office …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now