Solved

Cannot make migration endpoint connection

Posted on 2014-10-14
22
1,139 Views
Last Modified: 2014-11-12
I am working on setting up a migration from exchange 2010 to Office 365 Exchange online.
I am trying to create a migration endpoint.  I have setup outlook anywhere on my in house server.  
I have a SSL cert that I have installed and assigned to IIS.
I can go to OWA externally and I do not get any cert errors.
I can setup outlook externally and access mailbox with no errors.
I have tried running the testexchangeconnectivity and it will go through all the steps except it has wrong name in cert due to the fact that you cannot set any servers manually in that test.
Not sure what I am missing?  When I try and create a migration endpoint and manually put in the exchange and rpc server it says cannot connect to server make sure that the endpoint settings are correct and that the certificate is valid. As far as I can tell that is all correct.  I am also using basic authentication and full access settings under advanced.
Any ideas would be greatly appreciated!
0
Comment
Question by:DaveKall42
  • 12
  • 9
22 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40380470
The test will use Autodiscover to determine the EndPoint, so does the Autodiscover test work happily?

Does the certificate include auto discover.yourdomain.com and have you setup an A record called autodiscover that points to the IP Address of your Exchange 2010 server?

What do you mean the test on the test site works apart from the cert having the wrong name?  Does it find your Exchange server or another server?

Is the certificate from a trusted 3rd party SSL certificate provider?  If it isn't - it won't work.

Alan
0
 

Author Comment

by:DaveKall42
ID: 40380487
Yes, I do have autodiscover.<domain> setup as an A record.  I don't have that in my cert though. When I do the test on the test site it is looking for the above name, not the actual fqdn of my mail server.  I cannot set in the test the actual fqdn of the server.  As I said I can do OWA and outlook anywhere with outlook with no cert issues. As far as I can tell it is from a trusted 3rd party ssl provider.  Again, I am not getting any errors from OWA or outlook. I am also not using autodiscover when creating my migration endpoint.  I am putting in the fqdn and rpc fqdn servers.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 40380511
Okay - if you added the A record you need autodiscover included in your SSL certificate.

So - you either need to re-key your SSL certificate to include autodiscover (if you have a SAN cert), or the easier way is to delete the Autodiscover A record and setup an SRV record pointing to the FQDN that is included in your SSL certificate and then Autodiscover will use the SRV record to locate and configure the Endpoint happily.

Guide for how to configure the SRV record (ignore the Exchange version):

http://support.microsoft.com/kb/940881

Of course - if your Domain host doesn't support SRV records (some do / some don't), then you can't use that option, so you will need a SAN certificate (multiple names included) that includes autodiscover.yourdomain.com and then things will fall into place.

Alan
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40380520
Another option (that I haven't tested) is to configure an Autodiscover CNAME record and point that to the FQDN included in your SSL certificate.

Just make sure you only have one method for Autodicover, not multiple.  Either an A record, a CNAME record or an SRV record.
0
 

Author Comment

by:DaveKall42
ID: 40380534
I have an A record for the fqdn and one for autodiscover.  I guess where I am confused is that when creating my migration endpoint I am going past the autodiscover and putting in the servers fqdn manually so it shouldn't matter what is there for autodiscover correct?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40380685
For confirmation, run the Outlook Anywhere test on the test site using Autodiscover and if that passes, then the Endpoint creation should be trouble-free, or is that the test you ran?
0
 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
ID: 40380862
You do not need autodiscover to work externally, just make sure that the Outlook anywhere endpoint matches the server name on that certificate. As Alan suggested, making sure that the Outlook Anywhere test from ExRCA passes is what you need.

Alternatively, you can just get a free cert from sites like StartSSL/Comodo for the endpoint you are missing.
0
 

Author Comment

by:DaveKall42
ID: 40395928
Ok, I was able to get it to work with the SRV record.  Now when I try and set up the batch, the option for cutover is greyed out?  Any idea as to why that would be?
Can I still do the migration in a hybrid method?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40395941
Have you tried to setup directory sync prior to the migration?
0
 

Author Comment

by:DaveKall42
ID: 40396083
This is not the azure directory sync tool correct?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40396318
Think so. I tried to setup directory sync and lost the cutover option but once that had been stopped, it came back.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:DaveKall42
ID: 40397991
Well I tried to setup the dirsync before doing all this but never made it through the whole process. I have since removed the dirsync software from the server so nothing should be syncing.  Is there a setting in Exchange online that needs to be changed?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398057
Thought so.  You just need to stop the dirsync before the cutover will become available.

Once it has stopped, you should be able to start the cutover.
0
 

Author Comment

by:DaveKall42
ID: 40398061
Actually I found that.  Its working now.  Thanks for all your help!
One question.  You can go to dirsync after the migration is over?  i.e.: SSO type setup
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398127
Yes - absolutely, but it's sensible to have two domain controllers available your side because if you only have one and it is down, you won't be able to login to 365 at all!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398128
Oh - and you're welcome :)

Alan
0
 

Author Comment

by:DaveKall42
ID: 40398198
We have 2 actually so that will be fine.  :)   So basically just run the dirsync utility after the migration and will it correspond then to the mailboxes that have been moved over automatically?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398206
Basically - yes.  If you can get it configured (it's not a walk in the park)!  I'm doing exactly that tomorrow post 365 migration!

It will sync the AD accounts on premise with the Office 365 accounts and that will keep the passwords in sync.
0
 

Author Comment

by:DaveKall42
ID: 40398209
Yes, I tried running it previously and it was not fun at all. Erred out at almost every step for one reason or another.  :/
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398217
Glad it isn't just me then!
0
 

Author Comment

by:DaveKall42
ID: 40406966
Hi Alan,
Just curious how the dirsync went?

Dave
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40406972
It didn't! Ended up firefighting other issues unfortunately. May tackle it again but not sure if / when. Sorry.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now