timgreen7077
asked on
Exchange 2010 and 2016 Co-Existence
I have followed documentation about setting up co-existence between Exchange 2010 and 2016. I have all the Updates and service packs installed. I'm using a single name space for all the virtual directories, same name space for 2010 and 20169, cert imported to 2016 from 2010. Its only 1 AD site, and 1 2010 Exchange server and 1 2016 Exchange server. NTLM is enabled on 2010 CAS, everything is done by the book. To test, I created a host file on a desktop, pointing it to the IP address of the 2016 Exchange server and name space. Example:
192.168.1.5 mail.domain.com
If I open outlook it now prompts me for a user name and password, and once entered it continues to prompt and i cant connect.
The online helps seem to tell me to do the things that are already done. Has anyone resolved this and is my test method and acceptable method. I made no DNS changes, only the host file on a desktop with outlook 2016 to point to Exchange 2016 and the name space. I have also tried this on desktops with Outlook 2013 SP1 and I added hotfixes to Exchange 2010. I have tried everything with no luck. Any advice would be great.
Also all the mailboxes are located on the Exchange 2010 DBs, now if you access the Exchange 2016 web console you can see the 2010 environment along with the mailboxes on the 2010 server, but once I open outlook I get the user name and password prompt and cant get pass it.
192.168.1.5 mail.domain.com
If I open outlook it now prompts me for a user name and password, and once entered it continues to prompt and i cant connect.
The online helps seem to tell me to do the things that are already done. Has anyone resolved this and is my test method and acceptable method. I made no DNS changes, only the host file on a desktop with outlook 2016 to point to Exchange 2016 and the name space. I have also tried this on desktops with Outlook 2013 SP1 and I added hotfixes to Exchange 2010. I have tried everything with no luck. Any advice would be great.
Also all the mailboxes are located on the Exchange 2010 DBs, now if you access the Exchange 2016 web console you can see the 2010 environment along with the mailboxes on the 2010 server, but once I open outlook I get the user name and password prompt and cant get pass it.
Please first make sure the “Always prompt for logon credentials” option is not selected. This issue may also happen if the Logon network security under More Settings on the Microsoft Exchange Security tab is set to a value other than Anonymous Authentication. If this is the case, try changing it to Anonymous Authentication and then check if this issue continues. See: https://support.microsoft.com/en-us/kb/2984912
For more troubleshooting steps, you can have a look at below earlier threads having suggested solutions might helps you to get in more detailed:
Microsoft Outlook 2016 keeps asking for a password
Outlook Keeps Asking For Credentials
Outlook keeps prompting for password
You may also get help from below informative resources:
Client Connectivity in an Exchange 2016 Coexistence Environment with Exchange 2010: https://blogs.technet.microsoft.com/exchange/2015/10/26/client-connectivity-in-an-exchange-2016-coexistence-environment-with-exchange-2010/
How to move mailboxes from Exchange 2010 to Exchange 2016 using Exchange Admin Center: http://mstechtalk.com/migrating-to-exchange-2016-using-the-exchange-admin-center/
Hope this helps!
For more troubleshooting steps, you can have a look at below earlier threads having suggested solutions might helps you to get in more detailed:
Microsoft Outlook 2016 keeps asking for a password
Outlook Keeps Asking For Credentials
Outlook keeps prompting for password
You may also get help from below informative resources:
Client Connectivity in an Exchange 2016 Coexistence Environment with Exchange 2010: https://blogs.technet.microsoft.com/exchange/2015/10/26/client-connectivity-in-an-exchange-2016-coexistence-environment-with-exchange-2010/
How to move mailboxes from Exchange 2010 to Exchange 2016 using Exchange Admin Center: http://mstechtalk.com/migrating-to-exchange-2016-using-the-exchange-admin-center/
Hope this helps!
ASKER
Ivan, yes outlook anywhere is configured on Exchange 2010.
ASKER
Kevin, the links in regards to outlook doesn't help resolve the issue. Outlook is setup properly for co-existence in regard to the links you supplied. Also it's not setup to prompt for password and no cache credentials saved. Also outlook is not running in cache mode, I have it off.
Hi
it could be several things giving you this error.
How's Autodiscover set up?
from Exchange 2010: get-clientaccessServer | fl *uri
from Exchange 2010: get-cleintAccessService | fl *uri
Where does this point to, if it points to autodiscover.domain.com/au todiscover /autodisco ver.xml you need to add this to HOSTfile aswell
Can you try this:
* Configure Outlook in cache mode and connect to Exchange 2010
* close Outlook
* change HOST file
* reopen Outlook. If prompt comes - try to close it and open Outlook still. Go to Outlook icon in system tray and right click. Choose test-EmailAutoConfiguratio n - remove check marks for Guessmart
enter email and password and test
it could be several things giving you this error.
How's Autodiscover set up?
from Exchange 2010: get-clientaccessServer | fl *uri
from Exchange 2010: get-cleintAccessService | fl *uri
Where does this point to, if it points to autodiscover.domain.com/au
Can you try this:
* Configure Outlook in cache mode and connect to Exchange 2010
* close Outlook
* change HOST file
* reopen Outlook. If prompt comes - try to close it and open Outlook still. Go to Outlook icon in system tray and right click. Choose test-EmailAutoConfiguratio
enter email and password and test
ASKER
for Exchange 2010 the SCP points to: https://mail.domain.com/Autodiscover/Autodiscover.xml
for Exchange 2016 the SCP points to: https://mail.domain.com/Autodiscover/Autodiscover.xml
I also did everything you mentioned so I added the following to the host file
192.168.1.5 https://mail.domain.com/autodiscover/autodiscover.xml
192.168.1.5 mail.domain.com (I already had this one there)
I put outlook in cache mode, commented out the host file so that i could connect successfully to Exchange 2010. Once I connect I closed outlook, activated the host file again, attempted to open outlook, and it opened in cache mode but not connected to Exchange. Received the user name and password prompt still.
Outlook icon, tested email configuration, and it failed saying "Auto Configuration was unable to determine you settings"
All name spaces and virtual directories on Exchange 2010 and 2016 are "mail.domain.com"
outlook anywhere and NTLM is also enabled on both 2010 and 2016
Still not having any success, but connecting to 2010 is not problem but soon as I test on a desktop with a host file pointing to 2016 there is no luck.
for Exchange 2016 the SCP points to: https://mail.domain.com/Autodiscover/Autodiscover.xml
I also did everything you mentioned so I added the following to the host file
192.168.1.5 https://mail.domain.com/autodiscover/autodiscover.xml
192.168.1.5 mail.domain.com (I already had this one there)
I put outlook in cache mode, commented out the host file so that i could connect successfully to Exchange 2010. Once I connect I closed outlook, activated the host file again, attempted to open outlook, and it opened in cache mode but not connected to Exchange. Received the user name and password prompt still.
Outlook icon, tested email configuration, and it failed saying "Auto Configuration was unable to determine you settings"
All name spaces and virtual directories on Exchange 2010 and 2016 are "mail.domain.com"
outlook anywhere and NTLM is also enabled on both 2010 and 2016
Still not having any success, but connecting to 2010 is not problem but soon as I test on a desktop with a host file pointing to 2016 there is no luck.
can you browse this URL without certificate warning: https://mail.domain.com/Autodiscover/Autodiscover.xml
go to EX2016 server - is NTLM set on virtual directory /rpc ?
go to EX2016 server - is NTLM set on virtual directory /rpc ?
ASKER
Yes I can browse URL without cert error:
<?xml version="1.0" encoding="UTF-8"?>
-<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
-<Response>
-<Error Id="2053059689" Time="14:52:01.4114620">
<ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData/>
</Error>
</Response>
</Autodiscover>
Yes NTLM is on for outlook anywhere.
<?xml version="1.0" encoding="UTF-8"?>
-<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
-<Response>
-<Error Id="2053059689" Time="14:52:01.4114620">
<ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData/>
</Error>
</Response>
</Autodiscover>
Yes NTLM is on for outlook anywhere.
Create a mailbox on Exchange 2016 and connect - do you get any prompts then?
in Exchange 2010 - go to RPC virtual directory and authentication and make sure NTLM is in the top of the list. Can also try to recycle MsExchangeRPC and MsExchangeServices application pools
in Exchange 2010 - go to RPC virtual directory and authentication and make sure NTLM is in the top of the list. Can also try to recycle MsExchangeRPC and MsExchangeServices application pools
ASKER
I will try this afternoon when I return home, but I did create a mailbox on the Exchange 2016 server, and yes I still get prompts. It never connects. I will check the RPC virtual directory this afternoon and let you know. Thanks for all your help and time.
if it gives you user/pass prompts on EX2016 mailbox aswell, then EX2016 is the issue, not co-existence.
Suddenly, your troubleshooting is half the work :)
Suddenly, your troubleshooting is half the work :)
ASKER
The error happens when you first open outlook with a new profile and it autodiscover attempts to configure the mailbox, that is where its failing on the mailbox created in 2016. when i setup 2016
i ran /prepareAD, but not prepare domain and schema. That shouldn't have mattered does it. Exchange wouldn't installed if schema wasn't extended with /prepareAD. I mentioning that because I can't think of any issues with the 2016 setup. I ran the best practices analyzer and found nothing. All virtural directories have the the same name space. The only other thing is im trying to use the hostfile to test before changing DNS. Other than those 2 things 2016 seems to be good.
i ran /prepareAD, but not prepare domain and schema. That shouldn't have mattered does it. Exchange wouldn't installed if schema wasn't extended with /prepareAD. I mentioning that because I can't think of any issues with the 2016 setup. I ran the best practices analyzer and found nothing. All virtural directories have the the same name space. The only other thing is im trying to use the hostfile to test before changing DNS. Other than those 2 things 2016 seems to be good.
ASKER
Yes NTLM is at the top and Negotiate is at the bottom. I have also restarted the services you mentioned. Attached is the prompt i get when attempting to connect to a mailbox created on Exchange 2016. It never passes this auto-configuration. Also attached is the host file that I'm attempting to use on a desktop to test. If I remove the host file an not proxy through 2016, I can connect to my 2010 Environment fine, but if the host is used I can't an neither can i connect to the 2016 mailbox. I followed install instructions for co-existence verbatim and still no luck.
the username and password comes when checking autodiscover settings. Remove the mail.domain.com/autodiscov er from HOST file - having mail.domain.com there will cover autodiscover.
The autodiscover Virtual DIrectory should have these settings;
Anonymous authentication
Basic authentication
Windows authentication
SSL required
Requires 128-bit encryption
The autodiscover Virtual DIrectory should have these settings;
Anonymous authentication
Basic authentication
Windows authentication
SSL required
Requires 128-bit encryption
ASKER
Autodiscover virtual directory is correct and SSL is required. The same on 2010 and 2016.
The only difference is on 2016 BackEnd Exchange Virtual Directories for Autodiscover Basic authentication is disabled. On the 2016 Default Web Site Autodiscover VD is the same as 2010 with all 3 enabled. I also removed that autodiscover part from the host file and just left 192.168.1.5 mail.domain.com
autodiscover.PNG
SSL.PNG
2016AutoBackEnd.PNG
The only difference is on 2016 BackEnd Exchange Virtual Directories for Autodiscover Basic authentication is disabled. On the 2016 Default Web Site Autodiscover VD is the same as 2010 with all 3 enabled. I also removed that autodiscover part from the host file and just left 192.168.1.5 mail.domain.com
autodiscover.PNG
SSL.PNG
2016AutoBackEnd.PNG
looks OK.
download and install FIDDLER.EXE - this program acts as a proxy and will show which web site you're looking in to.
After downlod - go to OPTIONS and enable HTTPS DECRYPT.
Close all programs - start FIDDLER - start OUTLOOK and see which URLs you're trying to reach
download and install FIDDLER.EXE - this program acts as a proxy and will show which web site you're looking in to.
After downlod - go to OPTIONS and enable HTTPS DECRYPT.
Close all programs - start FIDDLER - start OUTLOOK and see which URLs you're trying to reach
ASKER
These are the results of Fiddler.
Fiddler2.PNG
Fiddler2.PNG
obviously - autodiscover is your problem. Try setting it to basic authentication and do IISRESET
try only NTLM and antoher IISRESET
Try to remove negotiate for providers of NTLM
try only NTLM and antoher IISRESET
Try to remove negotiate for providers of NTLM
ASKER
should these changes be made to Exchange 2010 or 2016
2016
ASKER
I removed negotiate reset IIS and rebooted server and the issue persists.
have you recycled the Application pool for Autodiscover?
try also removing basic auth for autodiscover
try also removing basic auth for autodiscover
ASKER
yes i just triedrecycling the pools and the same result. I also removed basic auth for autodiscover.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
just to check, you do have OutlookAnywhere configured on Exchange 2010?