Solved

Exchange 2003 transition to Exchange 2010 CAS Setup portion Active Sync has a long Delay

Posted on 2014-12-21
11
181 Views
Last Modified: 2014-12-28
I am in the process of introducing Exchange 2010 to my existing Exchange 2003 environment.
The planned infrastructure is going to be CAS,HT on one server and MB on another.
The Exchange 2003 server is both a Front-end/Back-End configuration.

I have installed both the CAS and HT roles and configured the virtual directories according to the Exchange Server Deployment Assistant  
My internal domain name is xxxx.local.  I have a DNS Zone for xxxx.com.
I have a record for the legacy.xxxx.com Host record point to my 2003 Server and mail.xxxx.com resolving my new CAS/HT 2010 server.
I am able to successfully authenticate to OWA both internal and external.

When I run the test with ExRCA I get a Forbbiden 403 error.
I tried to follow some of  the suggestions, but still no luck.  

I am able to successfully create a active sync connection on my iPhone, but when I try to sync my folders I just see it trying to update.  


EDIT:
Update:
I was able to connect with Outlook over RPC over HTTPS, OWA and Active Sync.
I see normal response time using OWA and Outlook Over RPC, but Active Sync has a long delay between mail arriving in my Outlook inbox and on my phone.  Even when I delete and item from the phone it takes some time to show the change in my Outlook.
MCATestResults-AS-20141221.html
0
Comment
Question by:yo_bee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
11 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40512770
Inbox is the only thing that is real time with ActiveSync. Item deletions occur in the background, so can take a while to replicate to the Outlook client. Similarly deletions in the Outlook client can take a few minutes to (dis)appear on the device. Therefore the behaviour you are seeing is to be expected.

Furthermore, if you are connecting over Wifi rather than a mobile network, then the synchronisation of the items happens on a schedule, rather than push. Push only occurs over a mobile network connection.

Simon.
0
 
LVL 23

Author Comment

by:yo_bee
ID: 40512843
So the issue I am seeing is when I am on the public legacy.xxxx.com the sync between Outlook and my mobile device is seconds.  When I go to the new CAS public address it's minutes (up to 10).  

Something is wrong here.  I looked at the IIS logs and I see my connection established, but no errors that jump out.

I am trying to get the CAS part working before I move any further.
0
 
LVL 23

Author Comment

by:yo_bee
ID: 40512849
I also put Legacy, Autodiscover, Mail  Host Records for my domain in my Public DNS name server as well as the xxxx.com zone in my internal DNS Server.  I am able to resolve both internally and externally without any issues.
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40512889
Where is your mailbox located?
What was the reason for splitting CAS/HT from the mailbox role? I haven't split the roles in any deployment of Exchange 2010 (and I have done a lot of them, including for UK household names). All roles on all servers is considered the best practise.
If you aren't planning for an extended co-existence period, this isn't really something I would worry too much about. Test it with a mailbox that is on the Exchange 2010 platform.

Simon.
0
 
LVL 23

Author Comment

by:yo_bee
ID: 40512916
Why not separate them? Here is my thoughts.
 
I have 1.8 TB worth of data that I need to move over.  I do not think it would work well on a single instance.  Second I want to introduce DAG in the near future. Also it is better practice to separate these parts.
I plan to have a 2003 and 2010 coexist for longer than a day. So I need to make sure this works.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40514634
"Also it is better practice to separate these parts. "
No, it isn't. Best practise is all roles on all servers.

1.8tb of data is nothing, I have sites larger than that.
Every deployment I have done has involved all roles on all servers. I have just completed a deployment of nine servers, three DAGs, over 6tb of data. All in that configuration.

Wanting to use a DAG - makes no difference at all. The only people who use separate CAS are those that want to use WNLB. The Exchange product team do not recommend the use of WNLB. It would be better to save the cost of additional Windows and Exchange licences and buy a proper load balancer (JetNexus or Kemp).

Where are you pointing the ActiveSync traffic? At the frontend or backend Exchange 2003 server? If the frontend then it should be the backend. Basically the frontend server is completely bypassed.

Simon.
0
 
LVL 23

Author Comment

by:yo_bee
ID: 40515212
I am in the process of introducing Exchange 2010 to my existing Exchange 2003 environment.
 The planned infrastructure is going to be CAS,HT on one server and MB on another.
 The Exchange 2003 server is both a Front-end/Back-End configuration.

For Production the public DNS points to the Exchange 2003 Server
For Testing  the public DNS points to the Exchange 2010 CAS Server.

Thanks for the information about the roles, but I am staying with the model of putting the MB Role on  a separate server.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40515708
"The Exchange 2003 server is both a Front-end/Back-End configuration."

That isn't possible.
Either it is a frontend or a backend. It cannot be both.

The primary cause of problems with co-existence I find is issues with the virtual directories. Reset the virtual directories and try again. They should be as close to default as possible.

Unfortunately the configuration you require for co-existence will break existing clients, so you cannot really "test" it using DNS.

Simon.
0
 
LVL 23

Author Comment

by:yo_bee
ID: 40515983
Simon,

There is only a single Exchange server in my current environment. The server handling both the Active Sync Calls, RPC over HTTPS as well as mail.
Here are some article that illustrates this:
http://blogs.technet.com/b/vik/archive/2007/09/20/how-to-get-exchange-activesync-to-work-on-a-single-exchange-server-error-code-85010014.aspx
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28010384.html

DNS wise the 2003 Active Sync Server and 2010 CAS have their own IP Addresses both public and private.
There is NATing on the FIrewall, but they forward to the appropriate server.

I am able to establish a connection one my iPhone, but they just take a really long time to process.
0
 
LVL 23

Accepted Solution

by:
yo_bee earned 0 total points
ID: 40516016
Found the issue and it was right under my noise the whole time.
Because I have a single Exchange Server in my environment (Sort of like a SBS scenario) where both the Front-End/Back-End roles are on the same server I had SSL forces (HTTP not allowed) on the Exchange Virtual Directory causing the 403 Forbidden Error.  I ended up blocking port 80 calls at the firewall.
Once I unchecked the setting Mail started to push in a timely manner.

Here is the article I found while trying to illustrate the single server scenario that helped me come to this conclusion and fix.

http://www.msexchange.org/blogs/walther/news/exchange-20032010-activesync-coexistence-lesson-learned-605.html


For someone with such an established ranking over the years I am surprised from your replies and very disappointed with the way you addressed my question.   Rather than try to answer my question you kept on bringing up and suggesting things that were not even relevant to the question I was asking as well as stating Absolutes like I can not have both Exchange 2003 role on the same server. For these reasons I would have to give you a C.  

 Everything you posted was not anywhere helpful.  Suggestive yes, but helpful regarding the question at hand No
0
 
LVL 23

Author Closing Comment

by:yo_bee
ID: 40520288
I found the solution on another site.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people use more than one email account and so it becomes difficult for them to manage them when they use separate accounts,  so, in this article, I have shared an easy way to add Other Mail Accounts in your Google Inbox. It helps to combine all…
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question