[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

External Nat 1:1 Email not working after migration from exchange 2003 to exchange 2010.

Posted on 2014-10-22
14
Medium Priority
?
38 Views
Last Modified: 2015-07-24
OK my first time so here we go. I've just migrated from Exchange 2003 to 2010. Everything internally is currently working with no issues. Problem is when i go to setup a account externally on outlook or mobile device it can not locate the server with the external name record. For example my FQDN internally ad.bluescafe.local can resolve users my external mx record name mx1.bluescafe.com can not. The setup is A Hostname mx1.bluescafe.local (208.223.xx.123)on the domain server then the Exchange server 192.168.x.x0 to firewall 1:1 Nat  208.223.xx.123 to godaddy mx1 record points to Nat 208.223.xx.123. Port25 is open on the firewall to allow SMTP-IN traffic from any external to Nat 208 and SMTP-out 192-168.x.x0  to any external out. I have tested port 25 from outside Telnet mx1.bluescafe.com 25 and it works but when i use that to configure out look or mobile device it fails to connect to server.
0
Comment
Question by:Oliee D
  • 7
  • 4
  • 3
14 Comments
 
LVL 17

Expert Comment

by:James H
ID: 40396907
https://testconnectivity.microsoft.com/

Let's start with this test. Run the ActiveSync test first and let's see what the results are. We will work from there.
0
 

Author Comment

by:Oliee D
ID: 40397113
After running that test i get a failed SSL certificate. Is this needed.
Certificate name validation failed: Host name does not match  any name found on the certificate CName=
0
 
LVL 17

Expert Comment

by:James H
ID: 40397124
Yes, will not work without a valid cert.

If you don't know how to do this, just follow this blog.

http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/

Post any issues or questions you may have.
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 

Author Comment

by:Oliee D
ID: 40397168
I did a migration from sbs2003 to sbs2011 can I mover the certs from 2003 to 2011
0
 
LVL 17

Expert Comment

by:James H
ID: 40397179
no. You have to generate a new cert. The names are different.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40397893
With 2003 only an SSL cert was needed.  But with 2011, a UC / SAN certificate is the best way to go.
http://supertekboy.com/certificates-for-microsoft-exchange/
0
 

Author Comment

by:Oliee D
ID: 40399934
Hi im getting the dreaded

An HTTP 401 Unauthorized response was received from the server. This may be the result of invalid credentials or a configuration problem on the Exchange Server.

 Everything Tick green till the end  on Active Sync Test. I reset the active sync virtual directory restarted iis still nothing this is on a 2010 Exchange server. Owa is working fine externally
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40400060
With the ActiveSync test are you testing with your own account or someone else's? If yours is it a protected account? For example, is it a member of the domain admins? If so, you may need to enable security inheritance in Active Directory on your user account.

Open Active Directory Users and Computers >> find your account and go to Properties >> Security tab >> Advanced button >> make sure Include Inheritable Permissions is checked. In Server 2012 this is an enable/disable button instead of  a checkbox.
0
 

Author Comment

by:Oliee D
ID: 40402885
Now im getting this at the end everything else is green. Inherit was check. Basic Authentication is is checked for active sync ive tried everything


A Web exception occurred because an HTTP 503 - ServiceUnavailable response was received from Unknown.
Headers received:
Connection: close
Content-Length: 28
Content-Type: text/html
Date: Wed, 22 Jan 2014 14:19:18 GMT
Elapsed Time: 536 ms.
0
 

Author Comment

by:Oliee D
ID: 40402941
I just didnt a little more research in application pools msexchnagesyncapppool was stopped i turned it on but it just shut off after a few
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40403097
A reboot might help. But, before we do that. Anything in the Event Logs?
0
 

Accepted Solution

by:
Oliee D earned 0 total points
ID: 40403190
Finally Fixed the issue. I was checking the Application pools in IIS  It had everything to do with with MSExchangeapppool being stopped. First i did review the event logs and its seems in IIS Default website the MS Exchange-Active Sync Virtual Directory > Advanced settings > Click Physical path credential was set to administrator this is supposed to be set to Pass through Authentication. Once i changed that reset iis(iisreset).  I tested active sync and went all green.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40403315
Glad you got it going!
0
 

Author Closing Comment

by:Oliee D
ID: 40896783
First i did review the event logs and its seems in IIS Default website the MS Exchange-Active Sync Virtual Directory > Advanced settings > Click Physical path credential was set to administrator this is supposed to be set to Pass through Authentication. Once i changed that reset iis(iisreset).  I tested active sync and went all green.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am posting this in case anyone runs into similar issues that I did, this may save you a lot of grief: Condition: 1. Your NetBIOS domain name contains an ampersand " & " character.  (e.g. AT&T) 2. You've tried to run any Microsoft installation…
Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

640 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question