Solved

External Nat 1:1 Email not working after migration from exchange 2003 to exchange 2010.

Posted on 2014-10-22
14
26 Views
Last Modified: 2015-07-24
OK my first time so here we go. I've just migrated from Exchange 2003 to 2010. Everything internally is currently working with no issues. Problem is when i go to setup a account externally on outlook or mobile device it can not locate the server with the external name record. For example my FQDN internally ad.bluescafe.local can resolve users my external mx record name mx1.bluescafe.com can not. The setup is A Hostname mx1.bluescafe.local (208.223.xx.123)on the domain server then the Exchange server 192.168.x.x0 to firewall 1:1 Nat  208.223.xx.123 to godaddy mx1 record points to Nat 208.223.xx.123. Port25 is open on the firewall to allow SMTP-IN traffic from any external to Nat 208 and SMTP-out 192-168.x.x0  to any external out. I have tested port 25 from outside Telnet mx1.bluescafe.com 25 and it works but when i use that to configure out look or mobile device it fails to connect to server.
0
Comment
Question by:Oliee D
  • 7
  • 4
  • 3
14 Comments
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 40396907
https://testconnectivity.microsoft.com/

Let's start with this test. Run the ActiveSync test first and let's see what the results are. We will work from there.
0
 

Author Comment

by:Oliee D
ID: 40397113
After running that test i get a failed SSL certificate. Is this needed.
Certificate name validation failed: Host name does not match  any name found on the certificate CName=
0
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 40397124
Yes, will not work without a valid cert.

If you don't know how to do this, just follow this blog.

http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/

Post any issues or questions you may have.
0
 

Author Comment

by:Oliee D
ID: 40397168
I did a migration from sbs2003 to sbs2011 can I mover the certs from 2003 to 2011
0
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 40397179
no. You have to generate a new cert. The names are different.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40397893
With 2003 only an SSL cert was needed.  But with 2011, a UC / SAN certificate is the best way to go.
http://supertekboy.com/certificates-for-microsoft-exchange/
0
 

Author Comment

by:Oliee D
ID: 40399934
Hi im getting the dreaded

An HTTP 401 Unauthorized response was received from the server. This may be the result of invalid credentials or a configuration problem on the Exchange Server.

 Everything Tick green till the end  on Active Sync Test. I reset the active sync virtual directory restarted iis still nothing this is on a 2010 Exchange server. Owa is working fine externally
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40400060
With the ActiveSync test are you testing with your own account or someone else's? If yours is it a protected account? For example, is it a member of the domain admins? If so, you may need to enable security inheritance in Active Directory on your user account.

Open Active Directory Users and Computers >> find your account and go to Properties >> Security tab >> Advanced button >> make sure Include Inheritable Permissions is checked. In Server 2012 this is an enable/disable button instead of  a checkbox.
0
 

Author Comment

by:Oliee D
ID: 40402885
Now im getting this at the end everything else is green. Inherit was check. Basic Authentication is is checked for active sync ive tried everything


A Web exception occurred because an HTTP 503 - ServiceUnavailable response was received from Unknown.
Headers received:
Connection: close
Content-Length: 28
Content-Type: text/html
Date: Wed, 22 Jan 2014 14:19:18 GMT
Elapsed Time: 536 ms.
0
 

Author Comment

by:Oliee D
ID: 40402941
I just didnt a little more research in application pools msexchnagesyncapppool was stopped i turned it on but it just shut off after a few
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40403097
A reboot might help. But, before we do that. Anything in the Event Logs?
0
 

Accepted Solution

by:
Oliee D earned 0 total points
ID: 40403190
Finally Fixed the issue. I was checking the Application pools in IIS  It had everything to do with with MSExchangeapppool being stopped. First i did review the event logs and its seems in IIS Default website the MS Exchange-Active Sync Virtual Directory > Advanced settings > Click Physical path credential was set to administrator this is supposed to be set to Pass through Authentication. Once i changed that reset iis(iisreset).  I tested active sync and went all green.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40403315
Glad you got it going!
0
 

Author Closing Comment

by:Oliee D
ID: 40896783
First i did review the event logs and its seems in IIS Default website the MS Exchange-Active Sync Virtual Directory > Advanced settings > Click Physical path credential was set to administrator this is supposed to be set to Pass through Authentication. Once i changed that reset iis(iisreset).  I tested active sync and went all green.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now