?
Solved

Cannot make migration endpoint connection

Posted on 2014-10-14
22
Medium Priority
?
2,163 Views
Last Modified: 2014-11-12
I am working on setting up a migration from exchange 2010 to Office 365 Exchange online.
I am trying to create a migration endpoint.  I have setup outlook anywhere on my in house server.  
I have a SSL cert that I have installed and assigned to IIS.
I can go to OWA externally and I do not get any cert errors.
I can setup outlook externally and access mailbox with no errors.
I have tried running the testexchangeconnectivity and it will go through all the steps except it has wrong name in cert due to the fact that you cannot set any servers manually in that test.
Not sure what I am missing?  When I try and create a migration endpoint and manually put in the exchange and rpc server it says cannot connect to server make sure that the endpoint settings are correct and that the certificate is valid. As far as I can tell that is all correct.  I am also using basic authentication and full access settings under advanced.
Any ideas would be greatly appreciated!
0
Comment
Question by:DaveKall42
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 9
22 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40380470
The test will use Autodiscover to determine the EndPoint, so does the Autodiscover test work happily?

Does the certificate include auto discover.yourdomain.com and have you setup an A record called autodiscover that points to the IP Address of your Exchange 2010 server?

What do you mean the test on the test site works apart from the cert having the wrong name?  Does it find your Exchange server or another server?

Is the certificate from a trusted 3rd party SSL certificate provider?  If it isn't - it won't work.

Alan
0
 

Author Comment

by:DaveKall42
ID: 40380487
Yes, I do have autodiscover.<domain> setup as an A record.  I don't have that in my cert though. When I do the test on the test site it is looking for the above name, not the actual fqdn of my mail server.  I cannot set in the test the actual fqdn of the server.  As I said I can do OWA and outlook anywhere with outlook with no cert issues. As far as I can tell it is from a trusted 3rd party ssl provider.  Again, I am not getting any errors from OWA or outlook. I am also not using autodiscover when creating my migration endpoint.  I am putting in the fqdn and rpc fqdn servers.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 40380511
Okay - if you added the A record you need autodiscover included in your SSL certificate.

So - you either need to re-key your SSL certificate to include autodiscover (if you have a SAN cert), or the easier way is to delete the Autodiscover A record and setup an SRV record pointing to the FQDN that is included in your SSL certificate and then Autodiscover will use the SRV record to locate and configure the Endpoint happily.

Guide for how to configure the SRV record (ignore the Exchange version):

http://support.microsoft.com/kb/940881

Of course - if your Domain host doesn't support SRV records (some do / some don't), then you can't use that option, so you will need a SAN certificate (multiple names included) that includes autodiscover.yourdomain.com and then things will fall into place.

Alan
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40380520
Another option (that I haven't tested) is to configure an Autodiscover CNAME record and point that to the FQDN included in your SSL certificate.

Just make sure you only have one method for Autodicover, not multiple.  Either an A record, a CNAME record or an SRV record.
0
 

Author Comment

by:DaveKall42
ID: 40380534
I have an A record for the fqdn and one for autodiscover.  I guess where I am confused is that when creating my migration endpoint I am going past the autodiscover and putting in the servers fqdn manually so it shouldn't matter what is there for autodiscover correct?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40380685
For confirmation, run the Outlook Anywhere test on the test site using Autodiscover and if that passes, then the Endpoint creation should be trouble-free, or is that the test you ran?
0
 
LVL 42

Expert Comment

by:Vasil Michev (MVP)
ID: 40380862
You do not need autodiscover to work externally, just make sure that the Outlook anywhere endpoint matches the server name on that certificate. As Alan suggested, making sure that the Outlook Anywhere test from ExRCA passes is what you need.

Alternatively, you can just get a free cert from sites like StartSSL/Comodo for the endpoint you are missing.
0
 

Author Comment

by:DaveKall42
ID: 40395928
Ok, I was able to get it to work with the SRV record.  Now when I try and set up the batch, the option for cutover is greyed out?  Any idea as to why that would be?
Can I still do the migration in a hybrid method?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40395941
Have you tried to setup directory sync prior to the migration?
0
 

Author Comment

by:DaveKall42
ID: 40396083
This is not the azure directory sync tool correct?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40396318
Think so. I tried to setup directory sync and lost the cutover option but once that had been stopped, it came back.
0
 

Author Comment

by:DaveKall42
ID: 40397991
Well I tried to setup the dirsync before doing all this but never made it through the whole process. I have since removed the dirsync software from the server so nothing should be syncing.  Is there a setting in Exchange online that needs to be changed?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398057
Thought so.  You just need to stop the dirsync before the cutover will become available.

Once it has stopped, you should be able to start the cutover.
0
 

Author Comment

by:DaveKall42
ID: 40398061
Actually I found that.  Its working now.  Thanks for all your help!
One question.  You can go to dirsync after the migration is over?  i.e.: SSO type setup
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398127
Yes - absolutely, but it's sensible to have two domain controllers available your side because if you only have one and it is down, you won't be able to login to 365 at all!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398128
Oh - and you're welcome :)

Alan
0
 

Author Comment

by:DaveKall42
ID: 40398198
We have 2 actually so that will be fine.  :)   So basically just run the dirsync utility after the migration and will it correspond then to the mailboxes that have been moved over automatically?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398206
Basically - yes.  If you can get it configured (it's not a walk in the park)!  I'm doing exactly that tomorrow post 365 migration!

It will sync the AD accounts on premise with the Office 365 accounts and that will keep the passwords in sync.
0
 

Author Comment

by:DaveKall42
ID: 40398209
Yes, I tried running it previously and it was not fun at all. Erred out at almost every step for one reason or another.  :/
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398217
Glad it isn't just me then!
0
 

Author Comment

by:DaveKall42
ID: 40406966
Hi Alan,
Just curious how the dirsync went?

Dave
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40406972
It didn't! Ended up firefighting other issues unfortunately. May tackle it again but not sure if / when. Sorry.
0

Featured Post

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
This article outlines some of the reasons why an email message gets flagged as spam on a recipient's end.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question