Solved

Cannot make migration endpoint connection

Posted on 2014-10-14
22
1,435 Views
Last Modified: 2014-11-12
I am working on setting up a migration from exchange 2010 to Office 365 Exchange online.
I am trying to create a migration endpoint.  I have setup outlook anywhere on my in house server.  
I have a SSL cert that I have installed and assigned to IIS.
I can go to OWA externally and I do not get any cert errors.
I can setup outlook externally and access mailbox with no errors.
I have tried running the testexchangeconnectivity and it will go through all the steps except it has wrong name in cert due to the fact that you cannot set any servers manually in that test.
Not sure what I am missing?  When I try and create a migration endpoint and manually put in the exchange and rpc server it says cannot connect to server make sure that the endpoint settings are correct and that the certificate is valid. As far as I can tell that is all correct.  I am also using basic authentication and full access settings under advanced.
Any ideas would be greatly appreciated!
0
Comment
Question by:DaveKall42
  • 12
  • 9
22 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40380470
The test will use Autodiscover to determine the EndPoint, so does the Autodiscover test work happily?

Does the certificate include auto discover.yourdomain.com and have you setup an A record called autodiscover that points to the IP Address of your Exchange 2010 server?

What do you mean the test on the test site works apart from the cert having the wrong name?  Does it find your Exchange server or another server?

Is the certificate from a trusted 3rd party SSL certificate provider?  If it isn't - it won't work.

Alan
0
 

Author Comment

by:DaveKall42
ID: 40380487
Yes, I do have autodiscover.<domain> setup as an A record.  I don't have that in my cert though. When I do the test on the test site it is looking for the above name, not the actual fqdn of my mail server.  I cannot set in the test the actual fqdn of the server.  As I said I can do OWA and outlook anywhere with outlook with no cert issues. As far as I can tell it is from a trusted 3rd party ssl provider.  Again, I am not getting any errors from OWA or outlook. I am also not using autodiscover when creating my migration endpoint.  I am putting in the fqdn and rpc fqdn servers.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 40380511
Okay - if you added the A record you need autodiscover included in your SSL certificate.

So - you either need to re-key your SSL certificate to include autodiscover (if you have a SAN cert), or the easier way is to delete the Autodiscover A record and setup an SRV record pointing to the FQDN that is included in your SSL certificate and then Autodiscover will use the SRV record to locate and configure the Endpoint happily.

Guide for how to configure the SRV record (ignore the Exchange version):

http://support.microsoft.com/kb/940881

Of course - if your Domain host doesn't support SRV records (some do / some don't), then you can't use that option, so you will need a SAN certificate (multiple names included) that includes autodiscover.yourdomain.com and then things will fall into place.

Alan
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40380520
Another option (that I haven't tested) is to configure an Autodiscover CNAME record and point that to the FQDN included in your SSL certificate.

Just make sure you only have one method for Autodicover, not multiple.  Either an A record, a CNAME record or an SRV record.
0
 

Author Comment

by:DaveKall42
ID: 40380534
I have an A record for the fqdn and one for autodiscover.  I guess where I am confused is that when creating my migration endpoint I am going past the autodiscover and putting in the servers fqdn manually so it shouldn't matter what is there for autodiscover correct?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40380685
For confirmation, run the Outlook Anywhere test on the test site using Autodiscover and if that passes, then the Endpoint creation should be trouble-free, or is that the test you ran?
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 40380862
You do not need autodiscover to work externally, just make sure that the Outlook anywhere endpoint matches the server name on that certificate. As Alan suggested, making sure that the Outlook Anywhere test from ExRCA passes is what you need.

Alternatively, you can just get a free cert from sites like StartSSL/Comodo for the endpoint you are missing.
0
 

Author Comment

by:DaveKall42
ID: 40395928
Ok, I was able to get it to work with the SRV record.  Now when I try and set up the batch, the option for cutover is greyed out?  Any idea as to why that would be?
Can I still do the migration in a hybrid method?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40395941
Have you tried to setup directory sync prior to the migration?
0
 

Author Comment

by:DaveKall42
ID: 40396083
This is not the azure directory sync tool correct?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40396318
Think so. I tried to setup directory sync and lost the cutover option but once that had been stopped, it came back.
0
 

Author Comment

by:DaveKall42
ID: 40397991
Well I tried to setup the dirsync before doing all this but never made it through the whole process. I have since removed the dirsync software from the server so nothing should be syncing.  Is there a setting in Exchange online that needs to be changed?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398057
Thought so.  You just need to stop the dirsync before the cutover will become available.

Once it has stopped, you should be able to start the cutover.
0
 

Author Comment

by:DaveKall42
ID: 40398061
Actually I found that.  Its working now.  Thanks for all your help!
One question.  You can go to dirsync after the migration is over?  i.e.: SSO type setup
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398127
Yes - absolutely, but it's sensible to have two domain controllers available your side because if you only have one and it is down, you won't be able to login to 365 at all!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398128
Oh - and you're welcome :)

Alan
0
 

Author Comment

by:DaveKall42
ID: 40398198
We have 2 actually so that will be fine.  :)   So basically just run the dirsync utility after the migration and will it correspond then to the mailboxes that have been moved over automatically?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398206
Basically - yes.  If you can get it configured (it's not a walk in the park)!  I'm doing exactly that tomorrow post 365 migration!

It will sync the AD accounts on premise with the Office 365 accounts and that will keep the passwords in sync.
0
 

Author Comment

by:DaveKall42
ID: 40398209
Yes, I tried running it previously and it was not fun at all. Erred out at almost every step for one reason or another.  :/
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40398217
Glad it isn't just me then!
0
 

Author Comment

by:DaveKall42
ID: 40406966
Hi Alan,
Just curious how the dirsync went?

Dave
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40406972
It didn't! Ended up firefighting other issues unfortunately. May tackle it again but not sure if / when. Sorry.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
Or at least that’s the word according to a new blog from Tech Target on AWS’s new Managed Services (MS) offering. According to the blog, AWS is launching their AWS MS program to expedite the adoption of cloud by Fortune 1000 and Global 2000 companie…
In a previous video Micro Tutorial here at Experts Exchange (http://www.experts-exchange.com/videos/1358/How-to-get-a-free-trial-of-Office-365-with-the-Office-2016-desktop-applications.html), I explained how to get a free, one-month trial of Office …
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question