Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

Mixed Exchange 2007 & 2010 Active Sync Issue Please Help!!!!!!

Exchange 2010 SP1 Enterprise 64 bit
Windows 2008 R2 Server
Exchange 2007 SP3 Enterprise 64 bit

This is a single Domain the Exchange Server 2007 is pointing to the internet
The Exchange 2010 has the source server of the exchange 2007 server.

In the process of upgrading to Exchange 2010.

Moved some email clients from the Exchange 2007 Server to the Exchange 2010
I have mail flowing in both directions between the 2007 and 2010 server including external email incoming and outgoing.
All works.

Planning to remove the Exchange server 2007 after all users have been migrated over.

My testing has come to a stop I just cannot get Active Sync to work in this mixed environment.

I have checked the mailbox features   "Exchange Active Sync is Enabled"

Under EMC Organization configuration > Client Access > Exchange Active Sync Mailbox Policies
Default    
Non -Provisional Device True
Device Password Required False
Default True.

On My Iphone I had an account that was on 2007 server which worked fine.  Then moved the account to 2010 and now I do not receive or send mail.
On the same iphone I have a second exchange account and that one is still on the 2007 server it worked up until yesterday.

I think my Active Sync is broken

Is it possible to have active sync working in this environment?

When I use OWA and check for the mobile phone settings it is empty (no phone appears.

In EMC I try Manage Mobile and no phones appear.

What am I missing
0
Thomas Grassi
Asked:
Thomas Grassi
  • 33
  • 23
14 Solutions
 
Will SzymkowskiSenior Solution ArchitectCommented:
Have you got a new SAN cert for your Exchange 2010 and included the following DNS names..
- mail.domain.com
- legacy.domain.com
- autodiscover.domain.com

You will also need to make sure that your Exchange virtual directories on both Exchange 2007 and Exchange 2010 are correct. Using legacy.domain.com for 2007 and mail.domain.com for 2010.

You also need to ensure that the certificate has the proper services enable.
Enable-ExchangeCertificate -thumbprint xxxxxxxxxxxx -services "pop,imap,smtp,iis"

Have you tried to test your activesync externally using the Microsoft Remote Connectivity Analyzer?
https://testconnectivity.microsoft.com/

I would ensure the above is correct and then see if it still works. My guess is that your virtual directories are not set properly.

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

No do I get that from my Godaddy ?

How to I get a SAN certificate?

I really want to shut down the 2007 server

If I can get active sync working then the rest will work and I will no longer need 2007 server

The virtual directories are on IIS ?

Ran the test and it failed

So the certificate is needed before I can continue?
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Found this

New-ExchangeCertificate -FriendlyName "Exchange 2010 Certificate" -IncludeServerFQDN  -tgcs025.our.network.tgcsnet.com mail.tgcsnet.net,autodiscover.tgcsnet.net,webmail.tgcsnet.net -GenerateRequest -PrivateKeyExportable $true

you showed a - legacy.domain.com    how would I do that?

Do you think I really need that

I just need to change my router to point to the exchange 2010 server and shutdown the 2007 server

If all I need to get the so work is the san cert

What's the best approach?

Thoughts?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Will SzymkowskiSenior Solution ArchitectCommented:
This is a cert that you get from third party like godaddy as you stated. If you have not configured your virtual directories or even the virtual directory for ActiveSync it will not work. I suggest you ensure your URL's are set properly and then it should work for you.

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

I generated a new cert have to contact godaddy next.

Not sure about the virtual directories where to I look for them?
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
You can find them in the Exchange Management Console. Under Servers>Client Access.

Under each tab i.e owa, activesync etc. You will need to modify them.

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Got my new cert from godaddy

Now trying to import the cert.

They only have procedures for 2007 and 2013

On phone with them know.

Any thoughts?
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Imported the new cert and assigned to IIS and SMTP   (I do not use POP or IMAP)

The test failed at the very end https://testconnectivity.microsoft.com/


An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
 
 Additional Details
 
 Test Steps
 
 Attempting to send the OPTIONS command to the server.
  Testing of the OPTIONS command failed. For more information, see Additional Details.
 
 Additional Details
 

We are getting close

Thoughts?
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Checked all the URLS for owa and active sync they all look good to me

My iphone now shows connecting to  this is different than before then it just showed nothing made no attempts.

So I know we are close

Thoughts
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Ok perfect. Do you have your 2010 exchange server internet facing using mail.domain.com and legacy.domain.com for Exchange 2007?

When you have a co-existing scenario for exchange you need to have the later version internet facing as it has the newer logic to talk to 2007. Having 2007 proxy can work but not recommended.

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

No the 2007 points to the internet

This is how it is now

my domain is mail.tgcsnet.com

In my cisco I have the following ports

Port 443 currently points to the ip address of 2007 server example 10.1.8.26
Port 8080 is for OWA point to the ip address of 2007 server example 10.1.8.26
Port 25 points to the ip address of 2007 server example 10.1.8.26
Port 1025 points to the second nic of the 2007 server example 10.1.8.27

The 2010 server ip address is 10.1.8.36  second nic is 10.1.8.37

Using port 8080 for owa because I have one static ip address and I use 80 for my web sites

I tried to change the port for owa from 80 to 8080 got an error so for now leaving it 80

In the router just need to change to ports to point to the 2010 server.

In My DNS I have (Which is running on My DC servers with AD)

autodiscover  A   10.1.8.26
mail                  A my Static Ip Address
Mail                  MX 10 serv005.my.network.tgcsnet.com
webmail           A  10.1.8.26


Change autodiscover A 10.1.8.36
Change webmail A 10.1.8.36
Change Mail  MX Record serv025.mynetwork.tgcsnet.com
Add legacy  A 10.1.8.26


So if I change my router and DNS then mail will flow into 2010 correct?  Did I miss anything?

What do I need to do for the exchange 2007 server to work just create a DNS A record for legacy.tgcsnet.com ?

Thoughts
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Having the 2010 server pointing to the internet is the supported method. Your URL's also need to be set properly as well. If you have activesync with mail.domain.com on your 2007 server what are you using for the activesync url on exchange 2010? This should not be the same.

2007 should be legacy.domain.com and 2010 should be mail.domain.com. 2010 needs to be internet facing. You also need to have your SAN cert that has the DNS names of legacy.domain.com mail.domain.com and autodiscover.domain.com.

The URL's are most likely the reason why it is not working check those first please and report back.

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Attached file see below my URL settings

The 2007 server settings  worked

should I make my 2010 urls the same as the 2007 then change the 2007 to something else?

If you have suggestions make the changes in the attached file if you would.

Thanks
2010-URL.txt
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
URL's should not be the same. mail.domain.com on all EX2010 servers legacy.domain.com EX2007 servers.

- You need to enable the cert on Exchange 2010 including the services
- export the cert and import the cert on all other 2010 and 2007 CAS servers, then Enable cert
- Update all virtual directories (URL's) as stated above
- Change the settings on your firewall to point to the external mail.domian.com to your 2010 exchange sever.

WIll.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

still working on this many pieces to this puzzle

1. Enabled the new cert on my 2010 server and enabled on IIS & SMTP
2. I only have one 2010 and one 2007 So from the 2010 Export the new cert correct?
     Then import this export on my 2007 server correct?
     Then enable the services iis smtp correct?
3. All the URL virtual directories have been changed
4. My Cisco Router has been modified now the 2010 server is pointing to the internet

I can send email but not receive at this point

I am in the process of doing step 2 now
will that help?

will update in about an hour or so
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Those steps above are correct. You need to enable the cert on both CAS servers. If you are able to send but not recieve email you need to take a look at your receive connectors and ensure that the authentication is set properly.

Have you changed anything on the default connectors?

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Did not check the receive connectors yet will shortly

Having a issue with exporting the certificate  looking for the pfx file not sure it location
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Having difficulties importing the certificate from the exchange 2010 server on the exchange 2007 server

Exchange 2007 not able to enable the certificate

The certificate with thumbprint xxxxx was found but is not valid for use with Exchange Server reason privatekeymissing

thoughts?
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Update

Still no go with the certificate. My research found no help in that exporting a 2010 certificate and then importing it on exchange 2007

So while waiting I decided to move all the users over to the exchange 2010 server tonight.

I have them all moved.

I think I can shutdown the 2007 server now
Having a mix is complicated especially the 2007 server having issues which may relate or not.

Since the router is pointing all inbound ports to the 2010 exchange server
Since my DNS records have been updated to point to the 2010 server

Mail will work if I shutdown the 2007 server

Am
I missing anything?

Thoughts.

Thanks
Thoughts.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
You cannot simply shutdown your 2007 server. You will need to uninstall Exchange 2007 once you have moved all of your services over to the Exchange 2010 server. This includes the following...
- public folders
- mailboxes
- addresslists
- offline address book

Once you have done this, you can removed Exchange 2007 from Programs and Features. If you have forgotten something i.e moving public folders etc Exchange will throw and error message when trying to uninstall. At this point you will need to correct the issue (whatever it is) and start the removal process over again.

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Thanks

I have moved all the services already only had mailboxes and addresslists no public folders no offiline address book will work on them on the 2010 environment

I ll start this process later today.

Currently I have one issue

On my 2010 server I went into IIS 7 tried to change the binding for the default web site from port 80 to port 8080
when I do this I get this message on the server

Connecting to remote server failed with the following error message the Win RM client sent a request to an http server and got a response saying the request http url was not available this is usually returned by a http server that does not support ws-management protocol for more information see the about remote troubleshooting help topic


Any thoughts

Thanks
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Why are you changing the port to 8080? Are you running other websites on this server?

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Not on this server

On my exchange 2007 I used 8080

I host web sites on another server that use port 80

In my router I can only point to one ip address using port 80

Does that make sense?
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
have not seen this error before specifically. Take a look a the Exchange Team Blog link below which can provide some steps to resovle WinRM errors.

Exchange Team Blog WinRM errors

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Update

Moved all mailboxes all ok
Moved Offline Address Book all ok
Created Public Folder on Exchange 2010 and have it replicating with 2007
Have not figured out how to move the addresslist yet

Thoughts?
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Check out the migration path for Exchange EAP and AL below.
http://exchangeserverpro.com/how-to-upgrade-address-lists-during-exchange-2007-migration/

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Entered all the steps in the above article thanks

two things
1.  how long do I need to wait for the Public folder to replicate it is set for 15 mins any way to check the status?

2. for the above commands how long do I wait or is that immediate?

Very close to starting the uninstall process. but would like to verify the above first

Thoughts?
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Public Folders all depends on the amount of data in the source location. If you have a lot of data in your public folders it is going to take longer to replicate initally.

As for the Address List it should be instant after you run the commands. You can verify this by trying to open/modify one of the address list with in the Exchange 2010 Exchange Management Console.

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

I believe I am ready to uninstall now

while I was waiting I tried the Exchange Team Blog WinRM errors EMTShooter but that is not working

Install instructions are not clear the ps1 program fails to run.

I am stuck with that error now

Hoping the exchange uninstall  goes well will post later
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

The uninstall failed on the Public folder

Any ideas on how to remove the public folder from the exchange 2007

I just figured out one thing
Had to assing the new public folder to the exchange 2010 mailbox databases I created.

Now the uninstall is failing on the public folder because the 2007 mailbox databases are assigned to the public folder
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
If you cannot get this working properly you will have to use ADSIEdit for this. Do i get awarded 10,000 points for this question? LoL j/k

Remove Public Folder ADSIEDIT (MS unsupported method)

ADSIEdit is not a supported method but if you are simply looking to decommission this server then follow the steps in the link.

Remove Public Folder (supported method)

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Had to use the ADSIEDIT method finally got past the public folder error.

Now getting failed on

There was a problem accessing the registry on this computer this may happen of the remote registry service is not running it may also indicate a network problem

the remote registry service is running

thoughts?


Update

Got it 2007 in now uninstalling

needed to start the TCP/IP netbios Helper service on the server
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Good news Exchange 2007 server was successfully uninstalled.

Now onto the WIN RM issue which is causing the activesync not to work
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

I got the EMTshooter to work file naming issue.
Welcome to the Exchange Management Troubleshooter!

We recommend that you run the troubleshooter after making changes to
IIS to ensure that connectivity to Exchange Powershell is unaffected.

Checking IIS Service...

Checking the Exchange Install Path variable...

Checking the Powershell Virtual Directory...

Checking the Powershell vdir SSL setting...

Checking the Powershell vdir path setting...

Checking HTTP Port 80...

Checking HTTP Port 80 Host Name...

Testing for errors...

VERBOSE: Connecting to TGCS025.our.network.tgcsnet.com


The Exchange Management Troubleshooter successfully completed connecting to:

TGCS025.our.network.tgcsnet.com

[EMTS] C:\windows\system32\WindowsPowerShell\v1.0>

The results


this is with IIS 7 using port 80

Like I said I need to use port 8080

Thoughts
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Update

The WinRM message pops up only when I try to use the Exchange Management Console after I change the bindings in IIS 7 to use port 8080

Thoughts
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
The issue is because WinRM uses port 80 as the default port. Change WinRM Port
Take a look at the below technet to change teh default port for WinRM.


Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Thanks

Saw that before trying to get correct format of the command.

The Exchange 2007 is now offline I can send out email but still cannot receive.

Looked at my receive connectors but do not see anything wrong

What should I look for?
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Do you have any custom receive connectors create or just the default ones? Make sure that you check the Network Tab for allowed networks and also the Authentication and Permissions Tab.

Take a look at this link to provide more detail on the default settings.
Receive Connectors Explained

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Yes I have a couple that I created

I do not think they ok

I just tried to telnet in and could not  Firewall issue?
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Yes you need to allow port 25 out via the firewall. This one of the first thing i had mentioned regarding firewall changes that are required.

This could possible be the issue if you have not changed any of the receive connector settings.

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

I opened port 25 on the firewall

So I tried to disable the firewall and the server crashed now I am not a happy camper

I am not on site will take me awhile to get there

My 2007 server did not have a firewall running
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
I was not talking about the firewall on your server I was talking about the firewall on your perimeter network.

If you are having issues with internal mail routing then it is 100% receive connector issue. Unless ofcourse you have a transport rule in place which is someone dropping all of your mail. Which i highly doubt.

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
will

Just got onsite

The server was up and running when I stopped the firewall service everything disconnected from the network

I started the firewall service back up

I opened port 25 443 and 1025 on the windows firewall on my windows 2008 server which is running exchange 2010

Still not receiving inbound

can you try to telnet into mail.tgcsnet.com 25
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
I could not telnet to your address. Connection cannot be made.

Does internal mail routing work? If you send an email to another mailbox internally does the email make it to the destination mailbox? Also have you checked the queue viewer and if so what are the error messages that are coming up in there beside the mail in the queue?

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will



It has to be a firewall issues

On my 2007 server did not run the windows firewall program for this reason.

Does internal mail routing work?   YES

I can send email internally no problem

I can telnet internally also.  but that is not a good test.

Need the outside world access

The queue is empty

I do not understand what can be wrong here
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Ok good now i have a better understanding of what is going on. You said you could not receive at all. Do not disable the firewall on Exchange 2010. When you installed Exchange it would have added all of the nessassary exceptions.

You need to modify the rule on your perimeter firewall (the one the separates your company from the internet). If you have not modified this the rule is probably still set to point to the old Exchange 2007 server.

Also if your firewall is set to point to a smart host in your DMZ you will need to make the modification there instead.

Thats what you need to modify.

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

I just checked the Router that points to the internet

It has a port forwarding record

Public port 25
Local Port 25
Lan IP 10.2.1.36     ip address of the 2010 server
Protocol TCP

I changed that the other day.

Do you know which exchange firewall entry has port 25 in it?
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Something is not set correctly on the Router. As you have stated you tested telnet internally and it is working which means this is not a Windows Firewall related issue. The issue is access from the internet not internally.

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Good news I figured it out.

My Windows 2008 Server which runs Exchange 2010 has dual network adaptors.
My primary nic was missing the gateway added the gateway and now it appears that mail is coming in from the outside world.

Can you test the telnet again see if that is working now

Thanks
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
I still get connection failed, connecting to host on port 25.

Will
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Wonder why?

email is flowing send me one thomasrgrassijr@tgcsnet.com

Thanks

Trying to get my iphone working now.

Still need to test owa too

As long as email is flowing to my outlook clients that's a big plus

thoughts
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
I have since done the test for mail.tgcsnet.com 25 and it worked for me this time. Must have been my machine i was using.

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Great

I just tested remotely also and it worked for me.

Also OWA works

I am going to close this issue and open and new one for the iphones not getting email

I ll let you know

Thanks
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Ok sounds good.

Glad it is now corrected.

Will.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Thanks for all your help

Had to add default gateway to primary nic , server has dual nics and somehow the settings did not save when I configured both nics.

All good now.
0
 
Thomas GrassiSystems AdministratorAuthor Commented:
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 33
  • 23
Tackle projects and never again get stuck behind a technical roadblock.
Join Now