External Nat 1:1 Email not working after migration from exchange 2003 to exchange 2010.

OK my first time so here we go. I've just migrated from Exchange 2003 to 2010. Everything internally is currently working with no issues. Problem is when i go to setup a account externally on outlook or mobile device it can not locate the server with the external name record. For example my FQDN internally ad.bluescafe.local can resolve users my external mx record name mx1.bluescafe.com can not. The setup is A Hostname mx1.bluescafe.local (208.223.xx.123)on the domain server then the Exchange server 192.168.x.x0 to firewall 1:1 Nat  208.223.xx.123 to godaddy mx1 record points to Nat 208.223.xx.123. Port25 is open on the firewall to allow SMTP-IN traffic from any external to Nat 208 and SMTP-out 192-168.x.x0  to any external out. I have tested port 25 from outside Telnet mx1.bluescafe.com 25 and it works but when i use that to configure out look or mobile device it fails to connect to server.
Oliee DAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

James HIT DirectorCommented:
https://testconnectivity.microsoft.com/

Let's start with this test. Run the ActiveSync test first and let's see what the results are. We will work from there.
0
Oliee DAuthor Commented:
After running that test i get a failed SSL certificate. Is this needed.
Certificate name validation failed: Host name does not match  any name found on the certificate CName=
0
James HIT DirectorCommented:
Yes, will not work without a valid cert.

If you don't know how to do this, just follow this blog.

http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/

Post any issues or questions you may have.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Oliee DAuthor Commented:
I did a migration from sbs2003 to sbs2011 can I mover the certs from 2003 to 2011
0
James HIT DirectorCommented:
no. You have to generate a new cert. The names are different.
0
Gareth GudgerCommented:
With 2003 only an SSL cert was needed.  But with 2011, a UC / SAN certificate is the best way to go.
http://supertekboy.com/certificates-for-microsoft-exchange/
0
Oliee DAuthor Commented:
Hi im getting the dreaded

An HTTP 401 Unauthorized response was received from the server. This may be the result of invalid credentials or a configuration problem on the Exchange Server.

 Everything Tick green till the end  on Active Sync Test. I reset the active sync virtual directory restarted iis still nothing this is on a 2010 Exchange server. Owa is working fine externally
0
Gareth GudgerCommented:
With the ActiveSync test are you testing with your own account or someone else's? If yours is it a protected account? For example, is it a member of the domain admins? If so, you may need to enable security inheritance in Active Directory on your user account.

Open Active Directory Users and Computers >> find your account and go to Properties >> Security tab >> Advanced button >> make sure Include Inheritable Permissions is checked. In Server 2012 this is an enable/disable button instead of  a checkbox.
0
Oliee DAuthor Commented:
Now im getting this at the end everything else is green. Inherit was check. Basic Authentication is is checked for active sync ive tried everything


A Web exception occurred because an HTTP 503 - ServiceUnavailable response was received from Unknown.
Headers received:
Connection: close
Content-Length: 28
Content-Type: text/html
Date: Wed, 22 Jan 2014 14:19:18 GMT
Elapsed Time: 536 ms.
0
Oliee DAuthor Commented:
I just didnt a little more research in application pools msexchnagesyncapppool was stopped i turned it on but it just shut off after a few
0
Gareth GudgerCommented:
A reboot might help. But, before we do that. Anything in the Event Logs?
0
Oliee DAuthor Commented:
Finally Fixed the issue. I was checking the Application pools in IIS  It had everything to do with with MSExchangeapppool being stopped. First i did review the event logs and its seems in IIS Default website the MS Exchange-Active Sync Virtual Directory > Advanced settings > Click Physical path credential was set to administrator this is supposed to be set to Pass through Authentication. Once i changed that reset iis(iisreset).  I tested active sync and went all green.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Gareth GudgerCommented:
Glad you got it going!
0
Oliee DAuthor Commented:
First i did review the event logs and its seems in IIS Default website the MS Exchange-Active Sync Virtual Directory > Advanced settings > Click Physical path credential was set to administrator this is supposed to be set to Pass through Authentication. Once i changed that reset iis(iisreset).  I tested active sync and went all green.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.