Solved

Mixed Exchange 2007 & 2010 Active Sync Issue Please Help!!!!!!

Posted on 2015-01-17
56
201 Views
Last Modified: 2015-01-20
Exchange 2010 SP1 Enterprise 64 bit
Windows 2008 R2 Server
Exchange 2007 SP3 Enterprise 64 bit

This is a single Domain the Exchange Server 2007 is pointing to the internet
The Exchange 2010 has the source server of the exchange 2007 server.

In the process of upgrading to Exchange 2010.

Moved some email clients from the Exchange 2007 Server to the Exchange 2010
I have mail flowing in both directions between the 2007 and 2010 server including external email incoming and outgoing.
All works.

Planning to remove the Exchange server 2007 after all users have been migrated over.

My testing has come to a stop I just cannot get Active Sync to work in this mixed environment.

I have checked the mailbox features   "Exchange Active Sync is Enabled"

Under EMC Organization configuration > Client Access > Exchange Active Sync Mailbox Policies
Default    
Non -Provisional Device True
Device Password Required False
Default True.

On My Iphone I had an account that was on 2007 server which worked fine.  Then moved the account to 2010 and now I do not receive or send mail.
On the same iphone I have a second exchange account and that one is still on the 2007 server it worked up until yesterday.

I think my Active Sync is broken

Is it possible to have active sync working in this environment?

When I use OWA and check for the mobile phone settings it is empty (no phone appears.

In EMC I try Manage Mobile and no phones appear.

What am I missing
0
Comment
Question by:Thomas Grassi
  • 33
  • 23
56 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40555608
Have you got a new SAN cert for your Exchange 2010 and included the following DNS names..
- mail.domain.com
- legacy.domain.com
- autodiscover.domain.com

You will also need to make sure that your Exchange virtual directories on both Exchange 2007 and Exchange 2010 are correct. Using legacy.domain.com for 2007 and mail.domain.com for 2010.

You also need to ensure that the certificate has the proper services enable.
Enable-ExchangeCertificate -thumbprint xxxxxxxxxxxx -services "pop,imap,smtp,iis"

Have you tried to test your activesync externally using the Microsoft Remote Connectivity Analyzer?
https://testconnectivity.microsoft.com/

I would ensure the above is correct and then see if it still works. My guess is that your virtual directories are not set properly.

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40555660
Will

No do I get that from my Godaddy ?

How to I get a SAN certificate?

I really want to shut down the 2007 server

If I can get active sync working then the rest will work and I will no longer need 2007 server

The virtual directories are on IIS ?

Ran the test and it failed

So the certificate is needed before I can continue?
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40555675
Will

Found this

New-ExchangeCertificate -FriendlyName "Exchange 2010 Certificate" -IncludeServerFQDN  -tgcs025.our.network.tgcsnet.com mail.tgcsnet.net,autodiscover.tgcsnet.net,webmail.tgcsnet.net -GenerateRequest -PrivateKeyExportable $true

you showed a - legacy.domain.com    how would I do that?

Do you think I really need that

I just need to change my router to point to the exchange 2010 server and shutdown the 2007 server

If all I need to get the so work is the san cert

What's the best approach?

Thoughts?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40555685
This is a cert that you get from third party like godaddy as you stated. If you have not configured your virtual directories or even the virtual directory for ActiveSync it will not work. I suggest you ensure your URL's are set properly and then it should work for you.

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40555686
Will

I generated a new cert have to contact godaddy next.

Not sure about the virtual directories where to I look for them?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 40555738
You can find them in the Exchange Management Console. Under Servers>Client Access.

Under each tab i.e owa, activesync etc. You will need to modify them.

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40555744
Will

Got my new cert from godaddy

Now trying to import the cert.

They only have procedures for 2007 and 2013

On phone with them know.

Any thoughts?
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40555761
Will

Imported the new cert and assigned to IIS and SMTP   (I do not use POP or IMAP)

The test failed at the very end https://testconnectivity.microsoft.com/


An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
 
 Additional Details
 
 Test Steps
 
 Attempting to send the OPTIONS command to the server.
  Testing of the OPTIONS command failed. For more information, see Additional Details.
 
 Additional Details
 

We are getting close

Thoughts?
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40555818
Will

Checked all the URLS for owa and active sync they all look good to me

My iphone now shows connecting to  this is different than before then it just showed nothing made no attempts.

So I know we are close

Thoughts
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 40556116
Ok perfect. Do you have your 2010 exchange server internet facing using mail.domain.com and legacy.domain.com for Exchange 2007?

When you have a co-existing scenario for exchange you need to have the later version internet facing as it has the newer logic to talk to 2007. Having 2007 proxy can work but not recommended.

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40556278
Will

No the 2007 points to the internet

This is how it is now

my domain is mail.tgcsnet.com

In my cisco I have the following ports

Port 443 currently points to the ip address of 2007 server example 10.1.8.26
Port 8080 is for OWA point to the ip address of 2007 server example 10.1.8.26
Port 25 points to the ip address of 2007 server example 10.1.8.26
Port 1025 points to the second nic of the 2007 server example 10.1.8.27

The 2010 server ip address is 10.1.8.36  second nic is 10.1.8.37

Using port 8080 for owa because I have one static ip address and I use 80 for my web sites

I tried to change the port for owa from 80 to 8080 got an error so for now leaving it 80

In the router just need to change to ports to point to the 2010 server.

In My DNS I have (Which is running on My DC servers with AD)

autodiscover  A   10.1.8.26
mail                  A my Static Ip Address
Mail                  MX 10 serv005.my.network.tgcsnet.com
webmail           A  10.1.8.26


Change autodiscover A 10.1.8.36
Change webmail A 10.1.8.36
Change Mail  MX Record serv025.mynetwork.tgcsnet.com
Add legacy  A 10.1.8.26


So if I change my router and DNS then mail will flow into 2010 correct?  Did I miss anything?

What do I need to do for the exchange 2007 server to work just create a DNS A record for legacy.tgcsnet.com ?

Thoughts
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 40556290
Having the 2010 server pointing to the internet is the supported method. Your URL's also need to be set properly as well. If you have activesync with mail.domain.com on your 2007 server what are you using for the activesync url on exchange 2010? This should not be the same.

2007 should be legacy.domain.com and 2010 should be mail.domain.com. 2010 needs to be internet facing. You also need to have your SAN cert that has the DNS names of legacy.domain.com mail.domain.com and autodiscover.domain.com.

The URL's are most likely the reason why it is not working check those first please and report back.

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40556306
Will

Attached file see below my URL settings

The 2007 server settings  worked

should I make my 2010 urls the same as the 2007 then change the 2007 to something else?

If you have suggestions make the changes in the attached file if you would.

Thanks
2010-URL.txt
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 40556338
URL's should not be the same. mail.domain.com on all EX2010 servers legacy.domain.com EX2007 servers.

- You need to enable the cert on Exchange 2010 including the services
- export the cert and import the cert on all other 2010 and 2007 CAS servers, then Enable cert
- Update all virtual directories (URL's) as stated above
- Change the settings on your firewall to point to the external mail.domian.com to your 2010 exchange sever.

WIll.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40556844
Will

still working on this many pieces to this puzzle

1. Enabled the new cert on my 2010 server and enabled on IIS & SMTP
2. I only have one 2010 and one 2007 So from the 2010 Export the new cert correct?
     Then import this export on my 2007 server correct?
     Then enable the services iis smtp correct?
3. All the URL virtual directories have been changed
4. My Cisco Router has been modified now the 2010 server is pointing to the internet

I can send email but not receive at this point

I am in the process of doing step 2 now
will that help?

will update in about an hour or so
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 40556849
Those steps above are correct. You need to enable the cert on both CAS servers. If you are able to send but not recieve email you need to take a look at your receive connectors and ensure that the authentication is set properly.

Have you changed anything on the default connectors?

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40556856
Will

Did not check the receive connectors yet will shortly

Having a issue with exporting the certificate  looking for the pfx file not sure it location
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40556930
Will

Having difficulties importing the certificate from the exchange 2010 server on the exchange 2007 server

Exchange 2007 not able to enable the certificate

The certificate with thumbprint xxxxx was found but is not valid for use with Exchange Server reason privatekeymissing

thoughts?
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40557009
Will

Update

Still no go with the certificate. My research found no help in that exporting a 2010 certificate and then importing it on exchange 2007

So while waiting I decided to move all the users over to the exchange 2010 server tonight.

I have them all moved.

I think I can shutdown the 2007 server now
Having a mix is complicated especially the 2007 server having issues which may relate or not.

Since the router is pointing all inbound ports to the 2010 exchange server
Since my DNS records have been updated to point to the 2010 server

Mail will work if I shutdown the 2007 server

Am
I missing anything?

Thoughts.

Thanks
Thoughts.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 40557763
You cannot simply shutdown your 2007 server. You will need to uninstall Exchange 2007 once you have moved all of your services over to the Exchange 2010 server. This includes the following...
- public folders
- mailboxes
- addresslists
- offline address book

Once you have done this, you can removed Exchange 2007 from Programs and Features. If you have forgotten something i.e moving public folders etc Exchange will throw and error message when trying to uninstall. At this point you will need to correct the issue (whatever it is) and start the removal process over again.

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40557785
Will

Thanks

I have moved all the services already only had mailboxes and addresslists no public folders no offiline address book will work on them on the 2010 environment

I ll start this process later today.

Currently I have one issue

On my 2010 server I went into IIS 7 tried to change the binding for the default web site from port 80 to port 8080
when I do this I get this message on the server

Connecting to remote server failed with the following error message the Win RM client sent a request to an http server and got a response saying the request http url was not available this is usually returned by a http server that does not support ws-management protocol for more information see the about remote troubleshooting help topic


Any thoughts

Thanks
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40557812
Why are you changing the port to 8080? Are you running other websites on this server?

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40557839
Will

Not on this server

On my exchange 2007 I used 8080

I host web sites on another server that use port 80

In my router I can only point to one ip address using port 80

Does that make sense?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40557846
have not seen this error before specifically. Take a look a the Exchange Team Blog link below which can provide some steps to resovle WinRM errors.

Exchange Team Blog WinRM errors

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40557942
Will

Update

Moved all mailboxes all ok
Moved Offline Address Book all ok
Created Public Folder on Exchange 2010 and have it replicating with 2007
Have not figured out how to move the addresslist yet

Thoughts?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 40557967
Check out the migration path for Exchange EAP and AL below.
http://exchangeserverpro.com/how-to-upgrade-address-lists-during-exchange-2007-migration/

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558063
Will

Entered all the steps in the above article thanks

two things
1.  how long do I need to wait for the Public folder to replicate it is set for 15 mins any way to check the status?

2. for the above commands how long do I wait or is that immediate?

Very close to starting the uninstall process. but would like to verify the above first

Thoughts?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 40558069
Public Folders all depends on the amount of data in the source location. If you have a lot of data in your public folders it is going to take longer to replicate initally.

As for the Address List it should be instant after you run the commands. You can verify this by trying to open/modify one of the address list with in the Exchange 2010 Exchange Management Console.

Will.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558171
Will

I believe I am ready to uninstall now

while I was waiting I tried the Exchange Team Blog WinRM errors EMTShooter but that is not working

Install instructions are not clear the ps1 program fails to run.

I am stuck with that error now

Hoping the exchange uninstall  goes well will post later
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558191
Will

The uninstall failed on the Public folder

Any ideas on how to remove the public folder from the exchange 2007

I just figured out one thing
Had to assing the new public folder to the exchange 2010 mailbox databases I created.

Now the uninstall is failing on the public folder because the 2007 mailbox databases are assigned to the public folder
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 40558217
If you cannot get this working properly you will have to use ADSIEdit for this. Do i get awarded 10,000 points for this question? LoL j/k

Remove Public Folder ADSIEDIT (MS unsupported method)

ADSIEdit is not a supported method but if you are simply looking to decommission this server then follow the steps in the link.

Remove Public Folder (supported method)

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558316
Will

Had to use the ADSIEDIT method finally got past the public folder error.

Now getting failed on

There was a problem accessing the registry on this computer this may happen of the remote registry service is not running it may also indicate a network problem

the remote registry service is running

thoughts?


Update

Got it 2007 in now uninstalling

needed to start the TCP/IP netbios Helper service on the server
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558359
Will

Good news Exchange 2007 server was successfully uninstalled.

Now onto the WIN RM issue which is causing the activesync not to work
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558418
Will

I got the EMTshooter to work file naming issue.
Welcome to the Exchange Management Troubleshooter!

We recommend that you run the troubleshooter after making changes to
IIS to ensure that connectivity to Exchange Powershell is unaffected.

Checking IIS Service...

Checking the Exchange Install Path variable...

Checking the Powershell Virtual Directory...

Checking the Powershell vdir SSL setting...

Checking the Powershell vdir path setting...

Checking HTTP Port 80...

Checking HTTP Port 80 Host Name...

Testing for errors...

VERBOSE: Connecting to TGCS025.our.network.tgcsnet.com


The Exchange Management Troubleshooter successfully completed connecting to:

TGCS025.our.network.tgcsnet.com

[EMTS] C:\windows\system32\WindowsPowerShell\v1.0>

The results


this is with IIS 7 using port 80

Like I said I need to use port 8080

Thoughts
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558469
Will

Update

The WinRM message pops up only when I try to use the Exchange Management Console after I change the bindings in IIS 7 to use port 8080

Thoughts
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40558490
The issue is because WinRM uses port 80 as the default port. Change WinRM Port
Take a look at the below technet to change teh default port for WinRM.


Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558540
Will

Thanks

Saw that before trying to get correct format of the command.

The Exchange 2007 is now offline I can send out email but still cannot receive.

Looked at my receive connectors but do not see anything wrong

What should I look for?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 40558549
Do you have any custom receive connectors create or just the default ones? Make sure that you check the Network Tab for allowed networks and also the Authentication and Permissions Tab.

Take a look at this link to provide more detail on the default settings.
Receive Connectors Explained

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558553
Will

Yes I have a couple that I created

I do not think they ok

I just tried to telnet in and could not  Firewall issue?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 40558569
Yes you need to allow port 25 out via the firewall. This one of the first thing i had mentioned regarding firewall changes that are required.

This could possible be the issue if you have not changed any of the receive connector settings.

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558585
Will

I opened port 25 on the firewall

So I tried to disable the firewall and the server crashed now I am not a happy camper

I am not on site will take me awhile to get there

My 2007 server did not have a firewall running
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 40558592
I was not talking about the firewall on your server I was talking about the firewall on your perimeter network.

If you are having issues with internal mail routing then it is 100% receive connector issue. Unless ofcourse you have a transport rule in place which is someone dropping all of your mail. Which i highly doubt.

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558864
will

Just got onsite

The server was up and running when I stopped the firewall service everything disconnected from the network

I started the firewall service back up

I opened port 25 443 and 1025 on the windows firewall on my windows 2008 server which is running exchange 2010

Still not receiving inbound

can you try to telnet into mail.tgcsnet.com 25
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40558877
I could not telnet to your address. Connection cannot be made.

Does internal mail routing work? If you send an email to another mailbox internally does the email make it to the destination mailbox? Also have you checked the queue viewer and if so what are the error messages that are coming up in there beside the mail in the queue?

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558891
Will



It has to be a firewall issues

On my 2007 server did not run the windows firewall program for this reason.

Does internal mail routing work?   YES

I can send email internally no problem

I can telnet internally also.  but that is not a good test.

Need the outside world access

The queue is empty

I do not understand what can be wrong here
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 40558899
Ok good now i have a better understanding of what is going on. You said you could not receive at all. Do not disable the firewall on Exchange 2010. When you installed Exchange it would have added all of the nessassary exceptions.

You need to modify the rule on your perimeter firewall (the one the separates your company from the internet). If you have not modified this the rule is probably still set to point to the old Exchange 2007 server.

Also if your firewall is set to point to a smart host in your DMZ you will need to make the modification there instead.

Thats what you need to modify.

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558927
Will

I just checked the Router that points to the internet

It has a port forwarding record

Public port 25
Local Port 25
Lan IP 10.2.1.36     ip address of the 2010 server
Protocol TCP

I changed that the other day.

Do you know which exchange firewall entry has port 25 in it?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40558936
Something is not set correctly on the Router. As you have stated you tested telnet internally and it is working which means this is not a Windows Firewall related issue. The issue is access from the internet not internally.

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558948
Will

Good news I figured it out.

My Windows 2008 Server which runs Exchange 2010 has dual network adaptors.
My primary nic was missing the gateway added the gateway and now it appears that mail is coming in from the outside world.

Can you test the telnet again see if that is working now

Thanks
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40558966
I still get connection failed, connecting to host on port 25.

Will
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40558971
Will

Wonder why?

email is flowing send me one thomasrgrassijr@tgcsnet.com

Thanks

Trying to get my iphone working now.

Still need to test owa too

As long as email is flowing to my outlook clients that's a big plus

thoughts
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40560490
I have since done the test for mail.tgcsnet.com 25 and it worked for me this time. Must have been my machine i was using.

Will.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40560599
Will

Great

I just tested remotely also and it worked for me.

Also OWA works

I am going to close this issue and open and new one for the iphones not getting email

I ll let you know

Thanks
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40560608
Ok sounds good.

Glad it is now corrected.

Will.
0
 
LVL 23

Author Closing Comment

by:Thomas Grassi
ID: 40560822
Will

Thanks for all your help

Had to add default gateway to primary nic , server has dual nics and somehow the settings did not save when I configured both nics.

All good now.
0
 
LVL 23

Author Comment

by:Thomas Grassi
ID: 40560856
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now