Exchange 2003 transition to Exchange 2010 CAS Setup portion Active Sync has a long Delay

I am in the process of introducing Exchange 2010 to my existing Exchange 2003 environment.
The planned infrastructure is going to be CAS,HT on one server and MB on another.
The Exchange 2003 server is both a Front-end/Back-End configuration.

I have installed both the CAS and HT roles and configured the virtual directories according to the Exchange Server Deployment Assistant  
My internal domain name is xxxx.local.  I have a DNS Zone for xxxx.com.
I have a record for the legacy.xxxx.com Host record point to my 2003 Server and mail.xxxx.com resolving my new CAS/HT 2010 server.
I am able to successfully authenticate to OWA both internal and external.

When I run the test with ExRCA I get a Forbbiden 403 error.
I tried to follow some of  the suggestions, but still no luck.  

I am able to successfully create a active sync connection on my iPhone, but when I try to sync my folders I just see it trying to update.  


EDIT:
Update:
I was able to connect with Outlook over RPC over HTTPS, OWA and Active Sync.
I see normal response time using OWA and Outlook Over RPC, but Active Sync has a long delay between mail arriving in my Outlook inbox and on my phone.  Even when I delete and item from the phone it takes some time to show the change in my Outlook.
MCATestResults-AS-20141221.html
LVL 27
yo_beeDirector of Information TechnologyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Inbox is the only thing that is real time with ActiveSync. Item deletions occur in the background, so can take a while to replicate to the Outlook client. Similarly deletions in the Outlook client can take a few minutes to (dis)appear on the device. Therefore the behaviour you are seeing is to be expected.

Furthermore, if you are connecting over Wifi rather than a mobile network, then the synchronisation of the items happens on a schedule, rather than push. Push only occurs over a mobile network connection.

Simon.
0
yo_beeDirector of Information TechnologyAuthor Commented:
So the issue I am seeing is when I am on the public legacy.xxxx.com the sync between Outlook and my mobile device is seconds.  When I go to the new CAS public address it's minutes (up to 10).  

Something is wrong here.  I looked at the IIS logs and I see my connection established, but no errors that jump out.

I am trying to get the CAS part working before I move any further.
0
yo_beeDirector of Information TechnologyAuthor Commented:
I also put Legacy, Autodiscover, Mail  Host Records for my domain in my Public DNS name server as well as the xxxx.com zone in my internal DNS Server.  I am able to resolve both internally and externally without any issues.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Simon Butler (Sembee)ConsultantCommented:
Where is your mailbox located?
What was the reason for splitting CAS/HT from the mailbox role? I haven't split the roles in any deployment of Exchange 2010 (and I have done a lot of them, including for UK household names). All roles on all servers is considered the best practise.
If you aren't planning for an extended co-existence period, this isn't really something I would worry too much about. Test it with a mailbox that is on the Exchange 2010 platform.

Simon.
0
yo_beeDirector of Information TechnologyAuthor Commented:
Why not separate them? Here is my thoughts.
 
I have 1.8 TB worth of data that I need to move over.  I do not think it would work well on a single instance.  Second I want to introduce DAG in the near future. Also it is better practice to separate these parts.
I plan to have a 2003 and 2010 coexist for longer than a day. So I need to make sure this works.
0
Simon Butler (Sembee)ConsultantCommented:
"Also it is better practice to separate these parts. "
No, it isn't. Best practise is all roles on all servers.

1.8tb of data is nothing, I have sites larger than that.
Every deployment I have done has involved all roles on all servers. I have just completed a deployment of nine servers, three DAGs, over 6tb of data. All in that configuration.

Wanting to use a DAG - makes no difference at all. The only people who use separate CAS are those that want to use WNLB. The Exchange product team do not recommend the use of WNLB. It would be better to save the cost of additional Windows and Exchange licences and buy a proper load balancer (JetNexus or Kemp).

Where are you pointing the ActiveSync traffic? At the frontend or backend Exchange 2003 server? If the frontend then it should be the backend. Basically the frontend server is completely bypassed.

Simon.
0
yo_beeDirector of Information TechnologyAuthor Commented:
I am in the process of introducing Exchange 2010 to my existing Exchange 2003 environment.
 The planned infrastructure is going to be CAS,HT on one server and MB on another.
 The Exchange 2003 server is both a Front-end/Back-End configuration.

For Production the public DNS points to the Exchange 2003 Server
For Testing  the public DNS points to the Exchange 2010 CAS Server.

Thanks for the information about the roles, but I am staying with the model of putting the MB Role on  a separate server.
0
Simon Butler (Sembee)ConsultantCommented:
"The Exchange 2003 server is both a Front-end/Back-End configuration."

That isn't possible.
Either it is a frontend or a backend. It cannot be both.

The primary cause of problems with co-existence I find is issues with the virtual directories. Reset the virtual directories and try again. They should be as close to default as possible.

Unfortunately the configuration you require for co-existence will break existing clients, so you cannot really "test" it using DNS.

Simon.
0
yo_beeDirector of Information TechnologyAuthor Commented:
Simon,

There is only a single Exchange server in my current environment. The server handling both the Active Sync Calls, RPC over HTTPS as well as mail.
Here are some article that illustrates this:
http://blogs.technet.com/b/vik/archive/2007/09/20/how-to-get-exchange-activesync-to-work-on-a-single-exchange-server-error-code-85010014.aspx
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28010384.html

DNS wise the 2003 Active Sync Server and 2010 CAS have their own IP Addresses both public and private.
There is NATing on the FIrewall, but they forward to the appropriate server.

I am able to establish a connection one my iPhone, but they just take a really long time to process.
0
yo_beeDirector of Information TechnologyAuthor Commented:
Found the issue and it was right under my noise the whole time.
Because I have a single Exchange Server in my environment (Sort of like a SBS scenario) where both the Front-End/Back-End roles are on the same server I had SSL forces (HTTP not allowed) on the Exchange Virtual Directory causing the 403 Forbidden Error.  I ended up blocking port 80 calls at the firewall.
Once I unchecked the setting Mail started to push in a timely manner.

Here is the article I found while trying to illustrate the single server scenario that helped me come to this conclusion and fix.

http://www.msexchange.org/blogs/walther/news/exchange-20032010-activesync-coexistence-lesson-learned-605.html


For someone with such an established ranking over the years I am surprised from your replies and very disappointed with the way you addressed my question.   Rather than try to answer my question you kept on bringing up and suggesting things that were not even relevant to the question I was asking as well as stating Absolutes like I can not have both Exchange 2003 role on the same server. For these reasons I would have to give you a C.  

 Everything you posted was not anywhere helpful.  Suggestive yes, but helpful regarding the question at hand No
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
yo_beeDirector of Information TechnologyAuthor Commented:
I found the solution on another site.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.