Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

External Nat 1:1 Email not working after migration from exchange 2003 to exchange 2010.

Posted on 2014-10-22
14
Medium Priority
?
35 Views
Last Modified: 2015-07-24
OK my first time so here we go. I've just migrated from Exchange 2003 to 2010. Everything internally is currently working with no issues. Problem is when i go to setup a account externally on outlook or mobile device it can not locate the server with the external name record. For example my FQDN internally ad.bluescafe.local can resolve users my external mx record name mx1.bluescafe.com can not. The setup is A Hostname mx1.bluescafe.local (208.223.xx.123)on the domain server then the Exchange server 192.168.x.x0 to firewall 1:1 Nat  208.223.xx.123 to godaddy mx1 record points to Nat 208.223.xx.123. Port25 is open on the firewall to allow SMTP-IN traffic from any external to Nat 208 and SMTP-out 192-168.x.x0  to any external out. I have tested port 25 from outside Telnet mx1.bluescafe.com 25 and it works but when i use that to configure out look or mobile device it fails to connect to server.
0
Comment
Question by:Oliee D
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 3
14 Comments
 
LVL 17

Expert Comment

by:James H
ID: 40396907
https://testconnectivity.microsoft.com/

Let's start with this test. Run the ActiveSync test first and let's see what the results are. We will work from there.
0
 

Author Comment

by:Oliee D
ID: 40397113
After running that test i get a failed SSL certificate. Is this needed.
Certificate name validation failed: Host name does not match  any name found on the certificate CName=
0
 
LVL 17

Expert Comment

by:James H
ID: 40397124
Yes, will not work without a valid cert.

If you don't know how to do this, just follow this blog.

http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/

Post any issues or questions you may have.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:Oliee D
ID: 40397168
I did a migration from sbs2003 to sbs2011 can I mover the certs from 2003 to 2011
0
 
LVL 17

Expert Comment

by:James H
ID: 40397179
no. You have to generate a new cert. The names are different.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40397893
With 2003 only an SSL cert was needed.  But with 2011, a UC / SAN certificate is the best way to go.
http://supertekboy.com/certificates-for-microsoft-exchange/
0
 

Author Comment

by:Oliee D
ID: 40399934
Hi im getting the dreaded

An HTTP 401 Unauthorized response was received from the server. This may be the result of invalid credentials or a configuration problem on the Exchange Server.

 Everything Tick green till the end  on Active Sync Test. I reset the active sync virtual directory restarted iis still nothing this is on a 2010 Exchange server. Owa is working fine externally
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40400060
With the ActiveSync test are you testing with your own account or someone else's? If yours is it a protected account? For example, is it a member of the domain admins? If so, you may need to enable security inheritance in Active Directory on your user account.

Open Active Directory Users and Computers >> find your account and go to Properties >> Security tab >> Advanced button >> make sure Include Inheritable Permissions is checked. In Server 2012 this is an enable/disable button instead of  a checkbox.
0
 

Author Comment

by:Oliee D
ID: 40402885
Now im getting this at the end everything else is green. Inherit was check. Basic Authentication is is checked for active sync ive tried everything


A Web exception occurred because an HTTP 503 - ServiceUnavailable response was received from Unknown.
Headers received:
Connection: close
Content-Length: 28
Content-Type: text/html
Date: Wed, 22 Jan 2014 14:19:18 GMT
Elapsed Time: 536 ms.
0
 

Author Comment

by:Oliee D
ID: 40402941
I just didnt a little more research in application pools msexchnagesyncapppool was stopped i turned it on but it just shut off after a few
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40403097
A reboot might help. But, before we do that. Anything in the Event Logs?
0
 

Accepted Solution

by:
Oliee D earned 0 total points
ID: 40403190
Finally Fixed the issue. I was checking the Application pools in IIS  It had everything to do with with MSExchangeapppool being stopped. First i did review the event logs and its seems in IIS Default website the MS Exchange-Active Sync Virtual Directory > Advanced settings > Click Physical path credential was set to administrator this is supposed to be set to Pass through Authentication. Once i changed that reset iis(iisreset).  I tested active sync and went all green.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40403315
Glad you got it going!
0
 

Author Closing Comment

by:Oliee D
ID: 40896783
First i did review the event logs and its seems in IIS Default website the MS Exchange-Active Sync Virtual Directory > Advanced settings > Click Physical path credential was set to administrator this is supposed to be set to Pass through Authentication. Once i changed that reset iis(iisreset).  I tested active sync and went all green.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question