Solved

Cannot make migration endpoint connection

Posted on 2014-10-14
22
1,341 Views
Last Modified: 2014-11-12
I am working on setting up a migration from exchange 2010 to Office 365 Exchange online.
I am trying to create a migration endpoint.  I have setup outlook anywhere on my in house server.  
I have a SSL cert that I have installed and assigned to IIS.
I can go to OWA externally and I do not get any cert errors.
I can setup outlook externally and access mailbox with no errors.
I have tried running the testexchangeconnectivity and it will go through all the steps except it has wrong name in cert due to the fact that you cannot set any servers manually in that test.
Not sure what I am missing?  When I try and create a migration endpoint and manually put in the exchange and rpc server it says cannot connect to server make sure that the endpoint settings are correct and that the certificate is valid. As far as I can tell that is all correct.  I am also using basic authentication and full access settings under advanced.
Any ideas would be greatly appreciated!
0
Comment
Question by:DaveKall42
  • 12
  • 9
22 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40380470
The test will use Autodiscover to determine the EndPoint, so does the Autodiscover test work happily?

Does the certificate include auto discover.yourdomain.com and have you setup an A record called autodiscover that points to the IP Address of your Exchange 2010 server?

What do you mean the test on the test site works apart from the cert having the wrong name?  Does it find your Exchange server or another server?

Is the certificate from a trusted 3rd party SSL certificate provider?  If it isn't - it won't work.

Alan
0
 

Author Comment

by:DaveKall42
ID: 40380487
Yes, I do have autodiscover.<domain> setup as an A record.  I don't have that in my cert though. When I do the test on the test site it is looking for the above name, not the actual fqdn of my mail server.  I cannot set in the test the actual fqdn of the server.  As I said I can do OWA and outlook anywhere with outlook with no cert issues. As far as I can tell it is from a trusted 3rd party ssl provider.  Again, I am not getting any errors from OWA or outlook. I am also not using autodiscover when creating my migration endpoint.  I am putting in the fqdn and rpc fqdn servers.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 40380511
Okay - if you added the A record you need autodiscover included in your SSL certificate.

So - you either need to re-key your SSL certificate to include autodiscover (if you have a SAN cert), or the easier way is to delete the Autodiscover A record and setup an SRV record pointing to the FQDN that is included in your SSL certificate and then Autodiscover will use the SRV record to locate and configure the Endpoint happily.

Guide for how to configure the SRV record (ignore the Exchange version):

http://support.microsoft.com/kb/940881

Of course - if your Domain host doesn't support SRV records (some do / some don't), then you can't use that option, so you will need a SAN certificate (multiple names included) that includes autodiscover.yourdomain.com and then things will fall into place.

Alan
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40380520
Another option (that I haven't tested) is to configure an Autodiscover CNAME record and point that to the FQDN included in your SSL certificate.

Just make sure you only have one method for Autodicover, not multiple.  Either an A record, a CNAME record or an SRV record.
0
 

Author Comment

by:DaveKall42
ID: 40380534
I have an A record for the fqdn and one for autodiscover.  I guess where I am confused is that when creating my migration endpoint I am going past the autodiscover and putting in the servers fqdn manually so it shouldn't matter what is there for autodiscover correct?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40380685
For confirmation, run the Outlook Anywhere test on the test site using Autodiscover and if that passes, then the Endpoint creation should be trouble-free, or is that the test you ran?
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 40380862
You do not need autodiscover to work externally, just make sure that the Outlook anywhere endpoint matches the server name on that certificate. As Alan suggested, making sure that the Outlook Anywhere test from ExRCA passes is what you need.

Alternatively, you can just get a free cert from sites like StartSSL/Comodo for the endpoint you are missing.
0
 

Author Comment

by:DaveKall42
ID: 40395928
Ok, I was able to get it to work with the SRV record.  Now when I try and set up the batch, the option for cutover is greyed out?  Any idea as to why that would be?
Can I still do the migration in a hybrid method?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40395941
Have you tried to setup directory sync prior to the migration?
0
 

Author Comment

by:DaveKall42
ID: 40396083
This is not the azure directory sync tool correct?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40396318
Think so. I tried to setup directory sync and lost the cutover option but once that had been stopped, it came back.
0
 

Author Comment

by:DaveKall42
ID: 40397991
Well I tried to setup the dirsync before doing all this but never made it through the whole process. I have since removed the dirsync software from the server so nothing should be syncing.  Is there a setting in Exchange online that needs to be changed?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398057
Thought so.  You just need to stop the dirsync before the cutover will become available.

Once it has stopped, you should be able to start the cutover.
0
 

Author Comment

by:DaveKall42
ID: 40398061
Actually I found that.  Its working now.  Thanks for all your help!
One question.  You can go to dirsync after the migration is over?  i.e.: SSO type setup
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398127
Yes - absolutely, but it's sensible to have two domain controllers available your side because if you only have one and it is down, you won't be able to login to 365 at all!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398128
Oh - and you're welcome :)

Alan
0
 

Author Comment

by:DaveKall42
ID: 40398198
We have 2 actually so that will be fine.  :)   So basically just run the dirsync utility after the migration and will it correspond then to the mailboxes that have been moved over automatically?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398206
Basically - yes.  If you can get it configured (it's not a walk in the park)!  I'm doing exactly that tomorrow post 365 migration!

It will sync the AD accounts on premise with the Office 365 accounts and that will keep the passwords in sync.
0
 

Author Comment

by:DaveKall42
ID: 40398209
Yes, I tried running it previously and it was not fun at all. Erred out at almost every step for one reason or another.  :/
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398217
Glad it isn't just me then!
0
 

Author Comment

by:DaveKall42
ID: 40406966
Hi Alan,
Just curious how the dirsync went?

Dave
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40406972
It didn't! Ended up firefighting other issues unfortunately. May tackle it again but not sure if / when. Sorry.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question