We help IT Professionals succeed at work.

Exchange 2010 -> 2016 migration user connectivity issue

1,791 Views
Last Modified: 2017-11-11
I am in the process of migrating from Exchange 2010 to Exchange 2016 and ran into an issue with client connectivity. Both servers are on the same network with external ports 25, 443 and 80 forwarded to Exchange 2010.

Once I move a mailbox to 2016 I can no longer access it using Exchange 2010 owa page and Outlook clients lose connectivity as well.

When I try to login to a mailbox that was created on Exchange 2010 using Exchange 2016 local OWA page I get "(HTTP 500 Internal Server Error) means that the website you are visiting had a server problem which prevented the webpage from displaying. "

When I try to login to a mailbox that was created on Exchange 2016 using Exchange 2010 OWA page I get "A server configuration change is temporarily preventing access to your account. Please close all Web browser windows and try again in a few minutes. If the problem continues, contact your helpdesk."

On Exchange 2016 I setup virtual directory URLs to point to mail.mydomain.com. On 2010 I removed External directory URLs. SSL certificate was exported from 2010 and imported into 2016. I checked authentication methods for both 2010 and 2016. They are set for NTLM and negotiate.
Comment
Watch Question

Adam BrownSenior Systems Admin
CERTIFIED EXPERT
Top Expert 2010

Commented:
OWA 2010 can't read mailboxes that are on a 2016 server, and OWA for 2016 will proxy connections to mailboxes in Server 2010. The Internal and External OWA URLs for 2010 should not be the same as 2016's. If they are, it will cause looping issues. Autodiscover should point to 2016 exclusively, since it is able to handle redirects and proxies to mailboxes on 2010, but 2010 can't do that for 2016.

Author

Commented:
What should internal and external OWA URLs be set to for 2010 or should they be null?
K B

Commented:
Adam, I have never heard that you cant have URLS all be the same.. I have always set it up that way.  When proxied it uses servername not vdirs urls.  Where could I find docs on that?

Author

Commented:
Is there a way to verify that proxy is working correctly? I can't seem to be able to reach any Exchange 2010 mailboxes using OWA when I make 2016 the primary server. Autodiscover is not working at all with 2016.

Running MS Autodiscover connectivity test errors out on this.

Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
       
      Additional Details
       
Elapsed Time: 736 ms.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml for user test2016@domain.com
       The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
       
      Additional Details
       
An HTTP 500 response was returned from Unknown.
HTTP Response Headers:
request-id: e77029fb-e92a-4ef5-8bd0-a1b845ab5af3
X-CalculatedBETarget: exchange2016.domain.local
X-DiagInfo: EXCHANGE2016
X-BEServer: EXCHANGE2016
Persistent-Auth: true
X-FEServer: EXCHANGE2016
Content-Length: 4849
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sun, 07 May 2017 02:29:50 GMT
Set-Cookie: X-BackEndCookie=S-1-5-21-2612243325-2644853734-2414268775-1623=u56Lnp2ejJqBzcbJm8zGzZzSzsbIndLLyMbO0p2enZ7SnMbLm8vOx5zGxs3IgYHNz87I0s/J0s/Jq8/Nxc3GxcrOgby+rLHRk5CcnpOBzw==; expires=Tue, 06-Jun-2017 02:29:51 GMT; path=/Autodiscover; secure; HttpOnly
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 736 ms.
K B

Commented:
can you run this script and post the results (redacted please for your privacy)

https://gallery.technet.microsoft.com/scriptcenter/Exchange-Virtual-Directory-93839d75 

rename the script to get-virdirinfo.ps1

then run

. .\get-virdirinfo.ps1

Get-VirDirInfo –FilePath c:\temp

Select all
 
Open in new window
note above there is a space
dot space dot  . .\
E ATech Lead
CERTIFIED EXPERT

Commented:
Is the FQDN in the URLs in the trusted SSL certificate on both servers? If not, that can cause problems as well.

Go to Services and check the Microsoft Exchange Forms-Based Authentication service.

On the exchange server, check the services list to check if all related services are running. If not, check the event log as to why they won't run.

May be due to mismatch configuration, check if this helps you: https://technet.microsoft.com/en-us/library/bb310763.aspx?f=255&MSPPError=-2147217396

Worth reading below articles:

https://blogs.technet.microsoft.com/exchange/2011/12/12/owa-cross-site-silent-redirection-in-exchange-2010-sp2/

Client Connectivity in an Exchange 2016 Coexistence Environment with Exchange 2010

Exchange Server 2016 in co-existence with Exchange 2010

Hope this helps!

Author

Commented:
Aright, here are the results.

Get-VirDirInfo.ps1
Report generated on: Monday, May 8, 2017 9:00:05 AM

General Client Access Server Information
Server      Exchange Version      Roles      Edition
EXCHANGE      Microsoft Exchange Server 2010 SP3      Mailbox, ClientAccess, HubTransport      Standard
EXCHANGE2016      Microsoft Exchange Server 2010 SP3      Mailbox      Standard


Autodiscover
Server      Internal Uri      InternalURL      ExternalUrl      Auth. (Int.)      Auth. (Ext.)      Site Scope      Last modified on:
EXCHANGE      https://autodiscover.domain.com/Autodiscover/Autodiscover.xml      https://mail.domain.com/Autodiscover/Autodiscover.xml      https://mail.domain.com/Autodiscover/Autodiscover.xml      Basic Ntlm WindowsIntegrated      Basic Ntlm WindowsIntegrated      Default-First-Site-Name      05/06/2017 22:46:25
EXCHANGE2016      https://autodiscover.domain.com/Autodiscover/Autodiscover.xml      https://mail.domain.com/Autodiscover/Autodiscover.xml      https://mail.domain.com/Autodiscover/Autodiscover.xml      Basic Ntlm WindowsIntegrated WSSecurity OAuth      Basic Ntlm WindowsIntegrated WSSecurity OAuth      Default-First-Site-Name      05/06/2017 22:42:03


Outlook Web App (OWA):
Server      Name      InternalURL      ExternalUrl      Int. Auth.      Last modified on:
EXCHANGE      owa (Default Web Site)      https://mail.domain.com/owa      https://mail.cason.ca/owa      Basic Fba      05/07/2017 01:26:42
EXCHANGE2016      owa (Default Web Site)      https://mail.domain.com/owa      https://mail.domain.com/owa      Basic Fba      05/05/2017 15:39:37


Exchange Control Panel (ECP):
Server      Name      InternalURL      ExternalUrl      Int. Auth.      Last modified on:
EXCHANGE      ecp (Default Web Site)      https://mail.domain.com/ecp      https://mail.domain.com/ecp      Basic Fba Ntlm WindowsIntegrated      05/07/2017 01:25:49
EXCHANGE2016      ecp (Default Web Site)      https://mail.domain.com/ecp      https://mail.domain.com/ecp      Basic Fba      05/02/2017 14:04:59


Outlook Anywhere:
Server      Internal Hostname      External Hostname      Auth.(Int.)      Auth. (Ext.)      Auth. IIS      Last modified on:
EXCHANGE            mail.domain.com      Ntlm      Ntlm      Ntlm      12/13/2016 09:47:42
EXCHANGE2016      mail.domain.com      mail.domain.com      Ntlm      Basic      Basic Ntlm      05/05/2017 16:31:29


MAPI/HTTP:
Server      Internal URL      External URL      Auth.(Int.)      Auth. (Ext.)      Auth. IIS      Last modified on:
EXCHANGE      Server isn't running Exchange 2013 SP1 or later.
EXCHANGE2016      https://mail.domain.com/mapi      https://mail.domain.com/mapi      Ntlm OAuth Negotiate      Ntlm OAuth Negotiate      Ntlm OAuth Negotiate      05/02/2017 14:06:45


Offline Address Book (OAB):
Server      OABs      Internal URL      External Url      Auth.(Int.)      Auth. (Ext.)      Last modified on:
EXCHANGE            https://mail.domain.com/OAB      https://mail.domain.com/OAB      WindowsIntegrated      WindowsIntegrated      05/07/2017 01:26:08
EXCHANGE2016            https://mail.domain.com/OAB      https://mail.domain.com/OAB      WindowsIntegrated OAuth      WindowsIntegrated OAuth      05/02/2017 14:05:52


ActiveSync (EAS):
Server      Internal URL      External Url      Auth. (Ext.)      Last modified on:
EXCHANGE      https://mail.domain.com/Microsoft-Server-ActiveSync      https://mail.domain.com/Microsoft-Server-ActiveSync            05/07/2017 01:25:30
EXCHANGE2016      https://mail.domain.com/Microsoft-Server-ActiveSync      https://mail.domain.com/Microsoft-Server-ActiveSync            05/02/2017 14:05:35


Exchange Web Services(EWS):
Server      Internal URL      External Url      Auth. (Int.)      Auth. (Ext.)      MRS Proxy Enabled      Last modified on:
EXCHANGE      https://mail.domain.com/ews/exchange.asmx      https://mail.domain.com/ews/exchange.asmx      Ntlm WindowsIntegrated      Ntlm WindowsIntegrated      False      05/07/2017 01:24:30
EXCHANGE2016      https://mail.domain.com/EWS/Exchange.asmx      https://mail.domain.com/ews/exchange.asmx      Ntlm WindowsIntegrated WSSecurity OAuth      Ntlm WindowsIntegrated WSSecurity OAuth      False      05/05/2017 09:35:34
K B

Commented:
Sorry. But could you take screenshot. This is a bit hard to read.

Author

Commented:
Ok here you go.
Untitled.jpg
K B

Commented:
You are supposed to point to exchange 2016 and it will proxy any back-level mailboxes.. not the reverse.

Author

Commented:
I tried that. That's when OWA doesn't work for any mailboxes still on 2010. Autodiscover doesn't work at all. Get error 500.

Same behavior when trying to access 2016 OWA page via local IP.
E ATech Lead
CERTIFIED EXPERT

Commented:
As a workaround, check whether Virtual Directories Authentication configured properly. Enable the ECP Virtual Directory with Anonymous and Basic Authentication.

Also check on the Application Pools to view whether ECP Application Pool is running on .NET Framework v4.0. It maybe the incompletely installation of Framework that causes this error.

If so, We can try to run the following command as Administrator:

%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i

Or change the MSExchangeECPAppPool from .NET Framework from v4.0 to v2.0. Then restart IIS.

https://technet.microsoft.com/en-us/library/dd351218(v=exchg.150).aspx

Hope this helps!
E ATech Lead
CERTIFIED EXPERT

Commented:
Is there any update?
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
K B

Commented:
wow I hope they refund the case back to you.   You shouldn't have to pay for that type of solution.   They should agree to it.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.