Solved

Exchange 2007 and 2010 coexisting

Posted on 2014-12-17
13
118 Views
Last Modified: 2014-12-17
I have 2- exch 2010 servers at remote sites. My main site has exch 2007. They are all on 1 domain. Each server has its own url to connect to owa/ smartphone etc. All was working well until I set up a new 2010 server in the  the main AD site where 2007 is and tried setting it up to co-exist, changing all the url's etc to legacy.domain.com and the new exch10 to mail.domain.com. Everything is working fine for users on all 4 servers except random users are getting prompted for id and pass and outlook anywhere doesn't seem to work anymore, so users in remote sites that are off the network find that they can't get to their email.
I tried changing Set-OutlookProvider EXPR -CertPrincipalName msstd:mail.domain.org ( as well as EXCH and WEB) but that didn't seem to help. Any suggestions. Our email filters through a spam filter and I know you are supposed to update your main internet facing cas first, but that did not happen.
0
Comment
Question by:jtano
  • 6
  • 5
  • 2
13 Comments
 
LVL 41

Expert Comment

by:Amit
ID: 40505562
What is the Service pack and RU level on all Exchange 2010 Servers. Make sure all 2010 servers are running at same Service pack and RU.
0
 

Author Comment

by:jtano
ID: 40505585
They are. They are all vs 14.3 build 123.4 ( so sp3) is on all 3 exch 10 servers. exch 2007 sp3 as well.
0
 
LVL 41

Expert Comment

by:Amit
ID: 40505592
Lets confirm it by running this command
GCM exsetup |%{$_.Fileversioninfo}

Run it on all 3 Exchange 2010 servers and post it here.
0
 

Author Comment

by:jtano
ID: 40505618
ProductVersion   FileVersion      FileName
--------------   -----------      --------
14.03.0210.002   14.03.0210.002   E:\Program Files\Exchange\bin\ExSetup.exe

--------------   -----------      --------
14.03.0210.002   14.03.0210.002   E:\Program Files (x86)\Microsoft\Exchange Server\V14\bin\ExSetup.exe

14.03.0210.002   14.03.0210.002   E:\Program Files\Exchange\bin\ExSetup.exe
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40505916
Everything is working fine for users on all 4 servers except random users are getting prompted for id and pass


This is often a sign of a certificate error. Did you reissue the cert? Or is it a new cert? Does it have all the names on it. mail.yourdomain.com, autodiscover.yourdomain.com, legacy.yourdomain.com, etc?

Also, did you load the certificate on both 2010 servers (assuming they are both CAS servers). If they are both CAS servers what are you doing for load balancing? If you have a load balancer (for example a HNLB like a Kemp, or, a software NLB like TMG) did you install the certificate on the load balancer as well?

Also, DNS wise. Are you using split-brain DNS? How are you internal URLs and external URLs configured? Did you configure all 7 internal and external URLs on 2010?

and outlook anywhere doesn't seem to work anymore.

Have you enabled Outlook Anywhere in 2010?

Check out my 2010 namespace article here. It covers all certificate, DNS and URL requirements for Exchange 2010.
https://supertekboy.com/2014/05/27/designing-a-simple-name-space-for-exchange-2010/
0
 

Author Comment

by:jtano
ID: 40505965
1. Redid the cert and reinstalled on all servers. mail.domain.com (new exch 10), mai2.domain. com, (exch10  sver2)legacy.domain.com ( exch 07), autodiscover.domain.com (new exch10) and mail3.domain.com (exch 10 server3).
2. Did nothing for load balancing - where do they teach this stuff?
3.  DNS - yes split - Main AD site - Internal urls mail and autodiscover.domain.com point to internal ip of new 2010, legacy.domain.com points to internal ip of 07
 External dns hosting - mail and autodiscover.domain.como - point to external ip of new 2010, different external ip points to legacy.domain.com of exch 07
Remote sites (2) internal ip of mail2.domain.com points to 2010 server #2. Also has external ip address pointing to mail2.domain.com
Remote site (3) internal ip of mail3.domain.com points to 2010 server #2. Also has external A record ip pointing to same
QUESTION: I just read that you should also have external ip in internal dns. So Am I to make another entry in same zone for mail.domain.com - A record 192.18.0.1 mail.domain.com and another A record of 24.52.53.2 also for mail.domain.com?

3. Yes, I enabled outlook anywhere in new 2010 only ( not other 2010) It Is also enabled in 2007. I read I am to turn that off?  I am reading your article now.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506089
QUESTION: I just read that you should also have external ip in internal dns. So Am I to make another entry in same zone for mail.domain.com - A record 192.18.0.1 mail.domain.com and another A record of 24.52.53.2 also for mail.domain.com?

What was the reference you saw this in? Typically this won't work as most firewalls will block this kind of behavior. For example, an internal client queries the internal DNS, receives the external IP address. It will then try to go out the firewall, just to then come back in. Most firewalls won't allow that.

Do you get any errors if you run the autodiscover test from www.exrca.com?
0
 

Author Comment

by:jtano
ID: 40506125
1. https://www.simple-talk.com/sysadmin/exchange/upgrade-from-exchange-2007-to-exchange-2010---part-1/
Figure 2. The internal DNS zone for the split DNS implementation

All external IP addresses for inframan.nl must be stored in the internal DNS zone. If you forget to, for example, include the Address record of the external webserver, then internal clients cannot resolve its IP address, and accessing the site via an internet browser will fail!

This setup has been working successfully for a couple of years now, but since Inframan needs to upgrade their hardware, it was decided to upgrade to Exchange Server 2010 SP1 at the same time. MAYBE I AM MISUNDERSTANDING THIS??
2.  Auodiscover outlook tests successful with warning. This is for a user on both exch 07 and new exch 10  
Warnings are: autodiscover url://domain.org:443/autodiscover/aurtodiscover.xml FAILED and Testing tcp port 443 on host domain.org  port is either blocked, not listening  or prodcing expected response
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506139
2.  Auodiscover outlook tests successful with warning. This is for a user on both exch 07 and new exch 10  
 Warnings are: autodiscover url://domain.org:443/autodiscover/aurtodiscover.xml FAILED and Testing tcp port 443 on host domain.org  port is either blocked, not listening  or prodcing expected response

That's fine. EXRCA just tests multiple routes to get to your autodiscover service. So you can disregard that warning.

1. https://www.simple-talk.com/sysadmin/exchange/upgrade-from-exchange-2007-to-exchange-2010---part-1/
 Figure 2. The internal DNS zone for the split DNS implementation

Well I can't argue against Jaap (author) as he is a multiple time MVP for Exchange! :)

No what Jaap is getting at is when you do a split-brain DNS configuration you need to make sure that any resources that still exist out there on the internet. For example, your companies website, will need a WWW record pointing to the external IP of your web hosting provider. Otherwise internal clients wont be able to access your website.

If you check his screenshot he has autodiscover and mail going to internal IPs. And then www (for his website) going to the external IP.

So the internal DNS zone only needs internal IPs of Exchange (not externals)

So it sounds like all 3 of these servers are multi-role servers (they are all doing CAS, HUB and MBX). And you mentioned the login prompt was random. So, do all users experience it at some point. Or is it just certain users in a specific site?

Do you have Active Directory configured with separate sites?
0
 

Author Comment

by:jtano
ID: 40506148
okay. I just added those tonight so I will take them out. I did see that but wasn't sure and didn't think it would hurt.  
 I have a 2nd laptop connected only to my Wi-Fi not connected to domain that is now getting connected to email, I have been working on exchange so maybe outlook anywhere is working now.  I may have had to manually change some of the outlook settings to be ntlm, etc. in order to work. It seems when I changed some of the users that were having the credential pop up problem that it would switch them back. Is this normal. Is there a way to globally change the outlook setting for: proxy authentication settings?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40506162
Outlook should pick up automatically any changes you make to Outlook Anywhere. Although it will likely require Outlook to be restarted to take effect.
0
 

Author Comment

by:jtano
ID: 40506170
I thought disabling outlook anywhere on exchange 2007 would cause the mailboxes still on that legacy server not to work in outlook since they all connect using outlook anywhere using http exchange proxy settings?  It seems to be working, but we have users in remote sites that connect back to our exchange.I guess I will find out tomorrow.   One more question. We don't use public folders. Do I need them in 2010 for anything? Thanks for your help!
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40506197
We don't use public folders. Do I need them in 2010 for anything? Thanks for your help!

If you aren't using them then you don't need them. The only exception to this is if you have legacy Outlook clients. For example Outlook 2003 and older. Or you plan to distribute the Offline Address Book via Public Folders versus Exchange Web Services. So, my guess is you can skip Public Folders.

I thought disabling outlook anywhere on exchange 2007 would cause the mailboxes still on that legacy server not to work in outlook since they all connect using outlook anywhere using http exchange proxy settings?

For your external clients it sounds like 2010 is proxying for the mailboxes on 2007.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
This video discusses moving either the default database or any database to a new volume.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now