client access issues with migrating exchange 2007 to new hardware

You need to update your virtual directories on your new CAS server. Also if you are going to keep both CAS servers up and running then you will need to use a Hardware Load Balancer to distribute the load between the 2 CAS servers. You are also going to want to add all of your receive/send connectors to the HUB Transport Role on the new server as well. This will ensure redundancy for both Hub Roles.

Will.

Thanks Will.  Following migration, I intend to remove the old exchange server completely.
I have updated the virtual directory names with the external URLs as follows:

OWA external URL - https://mail.domain.com/owa
ActiveSync external URL - https://mail.domain.com/Microsoft-Server-ActiveSync
OAB exnternal URL - https://mail.domain.com/OAB
Outlook anywhere external host name - https://mail.domain.com

However, I still have the same issue when I forward the ports to the new exchange server. Not 100% whats not right.  I exported the GoDaddy SSL cert from the old exchange server and imported it on the new one. I'm still using the same name in the cert ie mail.domain.com so that should be ok yes?

I've already enabled the cert for those services and I'm using the same FQDN as the old exchange server.
Cant put my finger on this at all. It's like when the ports are directed to the new server, it's not responding.  The remote outlook clients disconnect and I've just discovered that when external senders send email in it gets bounced.

Do you have any firewalls enabled on this Exchange server? You should be able to telnet from port 25 to that Exchange Server. Also making sure that the proper receive and send connectors have been created on the New Server, as well.

Your NAT also need to be configured properly to the new server.

Will.

Thanks Will. I'll try those suggestions tomorrow. I'll need to test it during lunch break.

When I forward the ports (25, 443 and 80) to the new exchange server, I can telnet to it on port 25.

When I installed exchange server, the default and client receive connectors were already created.  I checked these against the old server and they are identical.

Any other suggestions?

Cheers

Can you telnet to your Exchange server or Smarthost from an external source outside of your domain?

Will.

Yes. When I forward the ports to the new exchange server I can telnet on port 25.

Outlook LAN stations get a cert error message and remote users with outlook setup using rpc over http, jump to disconnected

In your initial statement you said you get a Cert error? What is the cert that is being used? Also did you set your autodiscover URi correctly? Also for Outlook Anywhere did you make sure you enabled this on the new Exchange server with the proper URL as well?

Will.

Will, I should have updated you - I got the cert issue sorted.  Its a SAN SSL cert that has the correct names now.

Autodiscover wasn't being used on the old exchange server and I haven't configured it on the new one either.

Outlook anywhere is enabled on the new server and is configured with the same hostname as the old server (mail.domain.com) Its also using NTLM authentication.  

I've performed quite a few SBS migrations before and during the exchange migration, Theres always been a connector linking the old and new exchange boxes. Is that still required?

I took your comment about the autodiscover uri and followed up with a bit of research.  The old exchange server (lets call it oldexch) and new exchange server (newexch) both have default autodiscover uri set to their respective hostnames.

When I use the command
Get-ClientAccessServer |select name,AutoDiscoverServiceInternalUri
I get the following:

Name                                    AutoDiscoverServiceInternalUri
----                                    ------------------------------
OLDEXCH                                 https://oldexch.domain.local...
NEWEXCH                                 https://newexch.domain.local...

My SAN cert has both the old and the new hostnames added (yes, internal hostnames).
However, I found an article which suggests that I can't have 2 different autodiscover uri's published in the same domain (based on my configuration and deployment plan).  

How can I resolve this?  Change the internal autodiscover uri on both servers to point to the new server?
Currently, when I change ports 25, 80 and 443 on the firewall to point to the new server, rpc over http clients outside the LAN cant access their mailbox using Outlook. Would setting the uri to the new server fix this for me?

Thanks

Change the internal autodiscover uri on both servers to point to the new server?

This is correct. You only need 1 autodiscover URL. Autodiscover is for service availability. You only need to have 1 entry point where the autodiscover URL will point you to the services and where they are located.

Will.

Ok Will. Embarrassingly, I discovered that I didn't have the Windows server feature rpc-http proxy installed.  I missed this completely and would have assumed that Exchange server would have requested it to be installed as a pre-requisite.  However, I'm sure that the other suggestions that you made helped me along the way as without all of those it wouldn't have worked either.  As a wise man once said to me "It's always better to check with someone before you hose down your server"

To other readers:  the rpc over http proxy service is a Windows feature - not an exchange service. Make sure this is installed on your server along with the other pre-requisites.  to install this feature:
- open server manager
- click features and then add features
- check the box next to RPC over HTTP proxy (you may be asked to install additional required Role services)

Thanks to Will for knowledge share.