Oliee D
asked on
External Nat 1:1 Email not working after migration from exchange 2003 to exchange 2010.
OK my first time so here we go. I've just migrated from Exchange 2003 to 2010. Everything internally is currently working with no issues. Problem is when i go to setup a account externally on outlook or mobile device it can not locate the server with the external name record. For example my FQDN internally ad.bluescafe.local can resolve users my external mx record name mx1.bluescafe.com can not. The setup is A Hostname mx1.bluescafe.local (208.223.xx.123)on the domain server then the Exchange server 192.168.x.x0 to firewall 1:1 Nat 208.223.xx.123 to godaddy mx1 record points to Nat 208.223.xx.123. Port25 is open on the firewall to allow SMTP-IN traffic from any external to Nat 208 and SMTP-out 192-168.x.x0 to any external out. I have tested port 25 from outside Telnet mx1.bluescafe.com 25 and it works but when i use that to configure out look or mobile device it fails to connect to server.
ASKER
After running that test i get a failed SSL certificate. Is this needed.
Certificate name validation failed: Host name does not match any name found on the certificate CName=
Certificate name validation failed: Host name does not match any name found on the certificate CName=
Yes, will not work without a valid cert.
If you don't know how to do this, just follow this blog.
http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/
Post any issues or questions you may have.
If you don't know how to do this, just follow this blog.
http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/
Post any issues or questions you may have.
ASKER
I did a migration from sbs2003 to sbs2011 can I mover the certs from 2003 to 2011
no. You have to generate a new cert. The names are different.
With 2003 only an SSL cert was needed. But with 2011, a UC / SAN certificate is the best way to go.
http://supertekboy.com/certificates-for-microsoft-exchange/
http://supertekboy.com/certificates-for-microsoft-exchange/
ASKER
Hi im getting the dreaded
An HTTP 401 Unauthorized response was received from the server. This may be the result of invalid credentials or a configuration problem on the Exchange Server.
Everything Tick green till the end on Active Sync Test. I reset the active sync virtual directory restarted iis still nothing this is on a 2010 Exchange server. Owa is working fine externally
An HTTP 401 Unauthorized response was received from the server. This may be the result of invalid credentials or a configuration problem on the Exchange Server.
Everything Tick green till the end on Active Sync Test. I reset the active sync virtual directory restarted iis still nothing this is on a 2010 Exchange server. Owa is working fine externally
With the ActiveSync test are you testing with your own account or someone else's? If yours is it a protected account? For example, is it a member of the domain admins? If so, you may need to enable security inheritance in Active Directory on your user account.
Open Active Directory Users and Computers >> find your account and go to Properties >> Security tab >> Advanced button >> make sure Include Inheritable Permissions is checked. In Server 2012 this is an enable/disable button instead of a checkbox.
Open Active Directory Users and Computers >> find your account and go to Properties >> Security tab >> Advanced button >> make sure Include Inheritable Permissions is checked. In Server 2012 this is an enable/disable button instead of a checkbox.
ASKER
Now im getting this at the end everything else is green. Inherit was check. Basic Authentication is is checked for active sync ive tried everything
A Web exception occurred because an HTTP 503 - ServiceUnavailable response was received from Unknown.
Headers received:
Connection: close
Content-Length: 28
Content-Type: text/html
Date: Wed, 22 Jan 2014 14:19:18 GMT
Elapsed Time: 536 ms.
A Web exception occurred because an HTTP 503 - ServiceUnavailable response was received from Unknown.
Headers received:
Connection: close
Content-Length: 28
Content-Type: text/html
Date: Wed, 22 Jan 2014 14:19:18 GMT
Elapsed Time: 536 ms.
ASKER
I just didnt a little more research in application pools msexchnagesyncapppool was stopped i turned it on but it just shut off after a few
A reboot might help. But, before we do that. Anything in the Event Logs?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad you got it going!
ASKER
First i did review the event logs and its seems in IIS Default website the MS Exchange-Active Sync Virtual Directory > Advanced settings > Click Physical path credential was set to administrator this is supposed to be set to Pass through Authentication. Once i changed that reset iis(iisreset). I tested active sync and went all green.
Let's start with this test. Run the ActiveSync test first and let's see what the results are. We will work from there.