Exchange Connectivity Problem
i have made a migration from exchange 2010 to 2013 and every thing goes well till i reached to moving mailboxes, it moved mailboxes successfully but when the operation completed i checked the account settings and i found the server address as in attachment file (Name)
but the connectivity between the outlook and the new exchange 2013 is OK and it send and receive well.
And when i try to add the account from control panel/mail manually i got error in file (Connectivity)
the exchange 2010 v 14.03.0361.001, exchange 2013 Version 15.0 (Build 1347.2)
i have below results for Get command:
[PS] C:\Windows\system32>Get-Oa
Server : EXCH01
ExternalUrl : https://mail.company.net/OAB
InternalUrl : https://mail.company.net/OAB
BasicAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : False
InternalAuthenticationMeth
ExternalAuthenticationMeth
Server : EXCH13
ExternalUrl : https://mail.company.net/OAB
InternalUrl : https://mail.company.net/OAB
BasicAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : True
InternalAuthenticationMeth
ExternalAuthenticationMeth
[PS] C:\Windows\system32>Get-We
Server : EXCH01
ExternalUrl : https://mail.company.net/ews/exchange.asmx
InternalUrl : https://mail.company.net/ews/exchange.asmx
CertificateAuthentication :
InternalAuthenticationMeth
ExternalAuthenticationMeth
LiveIdNegotiateAuthenticat
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : False
DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : False
AdfsAuthentication : False
Server : EXCH13
ExternalUrl : https://mail.company.net/EWS/Exchange.asmx
InternalUrl : https://mail.company.net/EWS/Exchange.asmx
CertificateAuthentication :
InternalAuthenticationMeth
ExternalAuthenticationMeth
LiveIdNegotiateAuthenticat
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : False
DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : True
AdfsAuthentication : False
[PS] C:\Windows\system32>Get-Ec
Server : EXCH01
ExternalUrl : https://mail.company.net/ecp
InternalUrl : https://mail.company.net/ecp
InternalAuthenticationMeth
BasicAuthentication : True
WindowsAuthentication : True
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMeth
Server : EXCH13
ExternalUrl : https://mail.company.net/ecp
InternalUrl : https://mail.company.net/ecp
InternalAuthenticationMeth
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMeth
[PS] C:\Windows\system32>Get-Ac
Server : EXCH01
Name : Microsoft-Server-ActiveSyn
ExternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
InternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
MobileClientCertificateAut
BasicAuthEnabled : True
WindowsAuthEnabled : False
ClientCertAuth : Ignore
InternalAuthenticationMeth
ExternalAuthenticationMeth
Server : EXCH13
Name : Microsoft-Server-ActiveSyn
ExternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
InternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
MobileClientCertificateAut
BasicAuthEnabled : True
WindowsAuthEnabled : False
ClientCertAuth : Ignore
InternalAuthenticationMeth
ExternalAuthenticationMeth
[PS] C:\Windows\system32>Get-Ac
Server : EXCH01
ExternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
InternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
MobileClientCertificateAut
BasicAuthEnabled : True
WindowsAuthEnabled : False
ClientCertAuth : Ignore
InternalAuthenticationMeth
ExternalAuthenticationMeth
Server : EXCH13
ExternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
InternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
MobileClientCertificateAut
BasicAuthEnabled : True
WindowsAuthEnabled : False
ClientCertAuth : Ignore
InternalAuthenticationMeth
ExternalAuthenticationMeth
[PS] C:\Windows\system32>Get-Ou
Server : EXCH01
Name : Rpc (Default Web Site)
ExternalHostname : mail.company.net
InternalHostname :
ExternalClientAuthenticati
InternalClientAuthenticati
IISAuthenticationMethods : {Ntlm}
Server : EXCH13
Name : Rpc (Default Web Site)
ExternalHostname : mail.company.net
InternalHostname : mail.company.net
ExternalClientAuthenticati
InternalClientAuthenticati
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
[PS] C:\Windows\system32>Get-Ow
Server : EXCH01
Name : owa (Default Web Site)
ExternalUrl : https://mail.company.net/owa
InternalUrl : https://mail.company.net/owa
ClientAuthCleanupLevel : High
InternalAuthenticationMeth
BasicAuthentication : True
WindowsAuthentication : True
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMeth
Server : EXCH13
Name : owa (Default Web Site)
ExternalUrl : https://mail.company.net/owa
InternalUrl : https://mail.company.net/owa
ClientAuthCleanupLevel : High
InternalAuthenticationMeth
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMeth
[PS] C:\Windows\system32>Get-Cl
Name : EXCH01
OutlookAnywhereEnabled : True
AutoDiscoverServiceInterna
Name : EXCH13
OutlookAnywhereEnabled : True
AutoDiscoverServiceInterna
[PS] C:\Windows\system32>Get-Ex
ssuer, *not*
FriendlyName : Microsoft Exchange Server Auth Certificate
Subject : CN=Microsoft Exchange Server Auth Certificate
CertificateDomains : {}
Thumbprint : F6F6781D1A2CD3CF074447D371
Services : SMTP
Issuer : CN=Microsoft Exchange Server Auth Certificate
NotAfter : 9/19/2022 5:18:33 PM
NotBefore : 10/15/2017 5:18:33 PM
FriendlyName : Microsoft Exchange
Subject : CN=EXCH13
CertificateDomains : {EXCH13, EXCH13.company.local}
Thumbprint : AEEE2F6582A21138F61E629660
Services : IIS, SMTP
Issuer : CN=EXCH13
NotAfter : 10/15/2022 5:17:38 PM
NotBefore : 10/15/2017 5:17:38 PM
FriendlyName : WMSVC
Subject : CN=WMSvc-EXCH13
CertificateDomains : {WMSvc-EXCH13}
Thumbprint : 4F40A10D0B8ADF2CAB8378F097
Services : None
Issuer : CN=WMSvc-EXCH13
NotAfter : 10/13/2027 4:32:42 PM
NotBefore : 10/15/2017 4:32:42 PM
FriendlyName : JDS
Subject : CN=mail.company.net
CertificateDomains : {mail.company.net}
Thumbprint : 473E3A9AA5C6ACE7480666E242
Services : IMAP, POP, IIS, SMTP
Issuer : CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US
NotAfter : 3/6/2018 11:11:15 PM
NotBefore : 2/3/2016 12:30:20 PM
[PS] C:\Windows\system32>Get-Ma
Server : EXCH13
Name : mapi (Default Web Site)
ExternalUrl :
InternalUrl : https://exch13.company.local/mapi
IISAuthenticationMethods : {Ntlm, OAuth, Negotiate}
InternalAuthenticationMeth
ExternalAuthenticationMeth
[PS] C:\Windows\system32>Get-Cl
[PS] C:\Windows\system32>Get-Ou
Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH 1
EXPR 1
WEB 1
[PS] C:\Windows\system32>
Is there a problem with my configuration or any connectivity problem between the active directory server and the new exchange 2013 server
1.JPG
2.JPG
but the connectivity between the outlook and the new exchange 2013 is OK and it send and receive well.
And when i try to add the account from control panel/mail manually i got error in file (Connectivity)
the exchange 2010 v 14.03.0361.001, exchange 2013 Version 15.0 (Build 1347.2)
i have below results for Get command:
[PS] C:\Windows\system32>Get-Oa
Server : EXCH01
ExternalUrl : https://mail.company.net/OAB
InternalUrl : https://mail.company.net/OAB
BasicAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : False
InternalAuthenticationMeth
ExternalAuthenticationMeth
Server : EXCH13
ExternalUrl : https://mail.company.net/OAB
InternalUrl : https://mail.company.net/OAB
BasicAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : True
InternalAuthenticationMeth
ExternalAuthenticationMeth
[PS] C:\Windows\system32>Get-We
Server : EXCH01
ExternalUrl : https://mail.company.net/ews/exchange.asmx
InternalUrl : https://mail.company.net/ews/exchange.asmx
CertificateAuthentication :
InternalAuthenticationMeth
ExternalAuthenticationMeth
LiveIdNegotiateAuthenticat
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : False
DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : False
AdfsAuthentication : False
Server : EXCH13
ExternalUrl : https://mail.company.net/EWS/Exchange.asmx
InternalUrl : https://mail.company.net/EWS/Exchange.asmx
CertificateAuthentication :
InternalAuthenticationMeth
ExternalAuthenticationMeth
LiveIdNegotiateAuthenticat
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : False
DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : True
AdfsAuthentication : False
[PS] C:\Windows\system32>Get-Ec
Server : EXCH01
ExternalUrl : https://mail.company.net/ecp
InternalUrl : https://mail.company.net/ecp
InternalAuthenticationMeth
BasicAuthentication : True
WindowsAuthentication : True
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMeth
Server : EXCH13
ExternalUrl : https://mail.company.net/ecp
InternalUrl : https://mail.company.net/ecp
InternalAuthenticationMeth
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMeth
[PS] C:\Windows\system32>Get-Ac
Server : EXCH01
Name : Microsoft-Server-ActiveSyn
ExternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
InternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
MobileClientCertificateAut
BasicAuthEnabled : True
WindowsAuthEnabled : False
ClientCertAuth : Ignore
InternalAuthenticationMeth
ExternalAuthenticationMeth
Server : EXCH13
Name : Microsoft-Server-ActiveSyn
ExternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
InternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
MobileClientCertificateAut
BasicAuthEnabled : True
WindowsAuthEnabled : False
ClientCertAuth : Ignore
InternalAuthenticationMeth
ExternalAuthenticationMeth
[PS] C:\Windows\system32>Get-Ac
Server : EXCH01
ExternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
InternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
MobileClientCertificateAut
BasicAuthEnabled : True
WindowsAuthEnabled : False
ClientCertAuth : Ignore
InternalAuthenticationMeth
ExternalAuthenticationMeth
Server : EXCH13
ExternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
InternalUrl : https://mail.company.net/Microsoft-Server-ActiveSync
MobileClientCertificateAut
BasicAuthEnabled : True
WindowsAuthEnabled : False
ClientCertAuth : Ignore
InternalAuthenticationMeth
ExternalAuthenticationMeth
[PS] C:\Windows\system32>Get-Ou
Server : EXCH01
Name : Rpc (Default Web Site)
ExternalHostname : mail.company.net
InternalHostname :
ExternalClientAuthenticati
InternalClientAuthenticati
IISAuthenticationMethods : {Ntlm}
Server : EXCH13
Name : Rpc (Default Web Site)
ExternalHostname : mail.company.net
InternalHostname : mail.company.net
ExternalClientAuthenticati
InternalClientAuthenticati
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
[PS] C:\Windows\system32>Get-Ow
Server : EXCH01
Name : owa (Default Web Site)
ExternalUrl : https://mail.company.net/owa
InternalUrl : https://mail.company.net/owa
ClientAuthCleanupLevel : High
InternalAuthenticationMeth
BasicAuthentication : True
WindowsAuthentication : True
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMeth
Server : EXCH13
Name : owa (Default Web Site)
ExternalUrl : https://mail.company.net/owa
InternalUrl : https://mail.company.net/owa
ClientAuthCleanupLevel : High
InternalAuthenticationMeth
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMeth
[PS] C:\Windows\system32>Get-Cl
Name : EXCH01
OutlookAnywhereEnabled : True
AutoDiscoverServiceInterna
Name : EXCH13
OutlookAnywhereEnabled : True
AutoDiscoverServiceInterna
[PS] C:\Windows\system32>Get-Ex
ssuer, *not*
FriendlyName : Microsoft Exchange Server Auth Certificate
Subject : CN=Microsoft Exchange Server Auth Certificate
CertificateDomains : {}
Thumbprint : F6F6781D1A2CD3CF074447D371
Services : SMTP
Issuer : CN=Microsoft Exchange Server Auth Certificate
NotAfter : 9/19/2022 5:18:33 PM
NotBefore : 10/15/2017 5:18:33 PM
FriendlyName : Microsoft Exchange
Subject : CN=EXCH13
CertificateDomains : {EXCH13, EXCH13.company.local}
Thumbprint : AEEE2F6582A21138F61E629660
Services : IIS, SMTP
Issuer : CN=EXCH13
NotAfter : 10/15/2022 5:17:38 PM
NotBefore : 10/15/2017 5:17:38 PM
FriendlyName : WMSVC
Subject : CN=WMSvc-EXCH13
CertificateDomains : {WMSvc-EXCH13}
Thumbprint : 4F40A10D0B8ADF2CAB8378F097
Services : None
Issuer : CN=WMSvc-EXCH13
NotAfter : 10/13/2027 4:32:42 PM
NotBefore : 10/15/2017 4:32:42 PM
FriendlyName : JDS
Subject : CN=mail.company.net
CertificateDomains : {mail.company.net}
Thumbprint : 473E3A9AA5C6ACE7480666E242
Services : IMAP, POP, IIS, SMTP
Issuer : CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US
NotAfter : 3/6/2018 11:11:15 PM
NotBefore : 2/3/2016 12:30:20 PM
[PS] C:\Windows\system32>Get-Ma
Server : EXCH13
Name : mapi (Default Web Site)
ExternalUrl :
InternalUrl : https://exch13.company.local/mapi
IISAuthenticationMethods : {Ntlm, OAuth, Negotiate}
InternalAuthenticationMeth
ExternalAuthenticationMeth
[PS] C:\Windows\system32>Get-Cl
[PS] C:\Windows\system32>Get-Ou
Name Server CertPrincipalName TTL
---- ------ ----------------- ---
EXCH 1
EXPR 1
WEB 1
[PS] C:\Windows\system32>
Is there a problem with my configuration or any connectivity problem between the active directory server and the new exchange 2013 server
1.JPG
2.JPG
Hi Rami,
Where is your autodiscover pointing to?
Both common name and autodiscover should be pointed to Exchange2013.
Please ensure all services are started.
Thanks
MAS
Where is your autodiscover pointing to?
Both common name and autodiscover should be pointed to Exchange2013.
Please ensure all services are started.
Thanks
MAS
i think its correct my new exchange server 2013 is 128.127.0.21, but i think that their a connectivity problem with DC but i don't know how to fix it.
![33.JPG]()
Also, as a good practice dont show your domain information and whatnot.
People might want to hack your server.
People might want to hack your server.
If someone commented after your comment, I don't think you can. Just deleting the whole thread will delete the image.
Thanks MAS
Dear Hemil Aquino,
i have restarted this service and restart the whole server with no luck (same problem).
Dear Hemil Aquino,
i have restarted this service and restart the whole server with no luck (same problem).
another point that when i do i best practice analyzer on exchange 2010 i got many errors on exchange 2013 on of them below:
![44.JPG]()
Hi Rami,
rephrase your question, after your migration from exchange 2010 to exchange 2013, outlook no longer login and prompt with photo.
Just want to make sure a few things.
1. can you logon to OWA to confirm the mailbox is assessable? also log in to https://mail.company.net/Ews/Exchange.asmx and confirm you hit a XML-like page.
2. then go to https://testconnectivity.microsoft.com/ and run both test
that would give us some idea is it going wrong or not.
rephrase your question, after your migration from exchange 2010 to exchange 2013, outlook no longer login and prompt with photo.
Just want to make sure a few things.
1. can you logon to OWA to confirm the mailbox is assessable? also log in to https://mail.company.net/Ews/Exchange.asmx and confirm you hit a XML-like page.
2. then go to https://testconnectivity.microsoft.com/ and run both test
Microsoft Office Outlook Connectivity Tests
Outlook Connectivity
Outlook Autodiscover
that would give us some idea is it going wrong or not.
Dear Jian An Lim,
thanks for your support,
my users can login with normal setup of mailbox on outlook that uses the Autodiscover, but the error appears when setup the account in outlook manually by typing the name of exchange server and mailbox.
for the Questions:
1. can you logon to OWA to confirm the mailbox is assessable? i can login to OWA without any problem.
also log in to https://mail.company.net/Ews/Exchange.asmx and confirm you hit a XML-like page. i logged in and i got this page:
![66.jpg]()
2. then go to https://testconnectivity.microsoft.com/ and run both test
Microsoft Office Outlook Connectivity Tests Outlook Connectivity
Outlook Autodiscover
i uploaded the files.
thanks in advance
RCATestResult.txt
RCATestResult-1-.txt
thanks for your support,
my users can login with normal setup of mailbox on outlook that uses the Autodiscover, but the error appears when setup the account in outlook manually by typing the name of exchange server and mailbox.
for the Questions:
1. can you logon to OWA to confirm the mailbox is assessable? i can login to OWA without any problem.
also log in to https://mail.company.net/Ews/Exchange.asmx and confirm you hit a XML-like page. i logged in and i got this page:
2. then go to https://testconnectivity.microsoft.com/ and run both test
Microsoft Office Outlook Connectivity Tests Outlook Connectivity
Outlook Autodiscover
i uploaded the files.
thanks in advance
RCATestResult.txt
RCATestResult-1-.txt
did you change the firewall to point to the new server?
back on to your workstation,
can you test the following url? (credential is your new mailbox that moved)
https://mail.company.net/autodiscover/autodiscover.xml <-- we expect a pass here
https://<newservername>/autodiscov
https://<oldservername>/autodiscov
back on to your workstation,
can you test the following url? (credential is your new mailbox that moved)
https://mail.company.net/autodiscover/autodiscover.xml <-- we expect a pass here
https://<newservername>/autodiscov
https://<oldservername>/autodiscov
Dear Jian An Lim,
did you change the firewall to point to the new server?
yes i changed it.
can you test the following url? (credential is your new mailbox that moved)
https://mail.company.net/autodiscover/autodiscover.xml
![77.JPG]()
https://<newservername>/autodiscov
![88.JPG]()
https://<oldservername>/autodiscov
![99.JPG]()
did you change the firewall to point to the new server?
yes i changed it.
can you test the following url? (credential is your new mailbox that moved)
https://mail.company.net/autodiscover/autodiscover.xml
https://<newservername>/autodiscov
https://<oldservername>/autodiscov
see private message.
anyway, i wonder do your certificate have autodiscover as CNAME?
also we need to run the test command in exchange server
https://technet.microsoft.com/en-us/library/dd638082(v=exchg.160).aspx
anyway, i wonder do your certificate have autodiscover as CNAME?
also we need to run the test command in exchange server
$TestCredentials = Get-Credential # this is the user's credential
Test-OutlookConnectivity -ProbeIdentity OutlookRpcCtpProbe -MailboxId johnd@contoso.com -Credential $TestCredentials
https://technet.microsoft.com/en-us/library/dd638082(v=exchg.160).aspx
Hi Jian An Lim,
i wonder do your certificate have autodiscover as CNAME? how i can check that?
also we need to run the test command in exchange server
$TestCredentials = Get-Credential # this is the user's credential Test-OutlookConnectivity -ProbeIdentity OutlookRpcCtpProbe -MailboxId johnd@contoso.com -Credential $TestCredentials
![13.JPG]()
but i noticed a weird thing that when i configure a mailbox that are existing on the new exchange 2013 server manually on outlook and type the old exchange server name its resolves the name of the new exchange 2013 server correctly
and do i need to delete default exchange 2013 certificates after importing my certificate from exchange 2010 to exchange 2013
![12.JPG]()
i wonder do your certificate have autodiscover as CNAME? how i can check that?
also we need to run the test command in exchange server
$TestCredentials = Get-Credential # this is the user's credential Test-OutlookConnectivity -ProbeIdentity OutlookRpcCtpProbe -MailboxId johnd@contoso.com -Credential $TestCredentials
but i noticed a weird thing that when i configure a mailbox that are existing on the new exchange 2013 server manually on outlook and type the old exchange server name its resolves the name of the new exchange 2013 server correctly
and do i need to delete default exchange 2013 certificates after importing my certificate from exchange 2010 to exchange 2013
you don't need to delete any existing certificate.
in the new world, you are not "suppose" to type in the servername, it should pick up by autodiscover.
to check on cname
open the certificate and confirm Subject Alternative Name.
![example for subject alternative name for autodiscover]()
When you next create an outlook profile, can you untick the "cached mode"? and see whether the same message reappear?
( i am starting to wonder will this be outlook anywhere issues)
in the new world, you are not "suppose" to type in the servername, it should pick up by autodiscover.
to check on cname
open the certificate and confirm Subject Alternative Name.
When you next create an outlook profile, can you untick the "cached mode"? and see whether the same message reappear?
( i am starting to wonder will this be outlook anywhere issues)
in the new world, you are not "suppose" to type in the servername, it should pick up by autodiscover
i know that, but i do it manually to test the connectivity, even with autodiscover it gave me below error, and when complete define mailbox in outlook, the server name is incorrect in the (account settings/server settings)
![14.JPG]()
![1.JPG]()
to check on cname
open the certificate and confirm Subject Alternative Name
![15.JPG]()
When you next create an outlook profile, can you untick the "cached mode"? and see whether the same message reappear?
it gave another error message below:
![16.JPG]()
i know that, but i do it manually to test the connectivity, even with autodiscover it gave me below error, and when complete define mailbox in outlook, the server name is incorrect in the (account settings/server settings)
to check on cname
open the certificate and confirm Subject Alternative Name
When you next create an outlook profile, can you untick the "cached mode"? and see whether the same message reappear?
it gave another error message below:
the reason why you cannot manually do it in exchange 2013, because Microsoft have complicated it.
it must handle via autodiscover.
so first, your certificate does not have autodiscover alternative name. you need to regenerate a certificate to get that working.
So let's go back to your ORIGINAL ISSUE, do you still have this error message everytime?![your error message]()
when you do that, can you untick the "use cached mode" option and see the error message repeat?
it must handle via autodiscover.
so first, your certificate does not have autodiscover alternative name. you need to regenerate a certificate to get that working.
So let's go back to your ORIGINAL ISSUE, do you still have this error message everytime?
when you do that, can you untick the "use cached mode" option and see the error message repeat?
Hi Jian An Lim,
so first, your certificate does not have autodiscover alternative name. you need to regenerate a certificate to get that working.
what do you mean by "autodiscover alternative name", and how i can regenerate my certificate?
For clarification, when i was using the old exchange 2010 i was not facing any problems about server name, the only thing i was facing is the certificate message when the user opens the outlook only:
![17.JPG]()
So let's go back to your ORIGINAL ISSUE, do you still have this error message every time?
no i get this error message only when i setup the mailbox manually and you clarified to me now that i cant do it manually, and when i setup via autodiscover i did not get any errors and every thing goes well, it connects perfect and i can send and receive emails but the only problem is that the server name problem Which I mentioned earlier:
![1.JPG]()
and some users outlook keep asking them for authentication (user name and password)
so first, your certificate does not have autodiscover alternative name. you need to regenerate a certificate to get that working.
what do you mean by "autodiscover alternative name", and how i can regenerate my certificate?
For clarification, when i was using the old exchange 2010 i was not facing any problems about server name, the only thing i was facing is the certificate message when the user opens the outlook only:
So let's go back to your ORIGINAL ISSUE, do you still have this error message every time?
no i get this error message only when i setup the mailbox manually and you clarified to me now that i cant do it manually, and when i setup via autodiscover i did not get any errors and every thing goes well, it connects perfect and i can send and receive emails but the only problem is that the server name problem Which I mentioned earlier:
and some users outlook keep asking them for authentication (user name and password)
the autodiscover must point to the new server
and the old certificate do not have the name on the subject alternative name. you can ask the user safely to ignore it for the moment or we can run regkey to disable it (not preferred)
the server name is the new standard. it is correct as long as it have a underline on it. so you got no problem.
the new exchange server 2013/16 do not allow manual configuration, if you insist, you need to get the mailbox GUID and form the servername.
you can see more here http://www.modernmsp.com/how-to-manually-configure-outlook-for-office-365/
Anyway, Outlook 2016 no longer allow you to manual configure your configuration to Exchange, so autodiscover is definitely the way to go.
### if you insist you want to generate the right certificate.
create the subject alternative name.
New-ExchangeCertificate -GenerateRequest -RequestFile "\\FileServer01\Data\Any.r
(or use a wildcard certificate)
https://technet.microsoft.com/en-us/library/bb125165(v=exchg.160).aspx
and the old certificate do not have the name on the subject alternative name. you can ask the user safely to ignore it for the moment or we can run regkey to disable it (not preferred)
the server name is the new standard. it is correct as long as it have a underline on it. so you got no problem.
the new exchange server 2013/16 do not allow manual configuration, if you insist, you need to get the mailbox GUID and form the servername.
you can see more here http://www.modernmsp.com/how-to-manually-configure-outlook-for-office-365/
Anyway, Outlook 2016 no longer allow you to manual configure your configuration to Exchange, so autodiscover is definitely the way to go.
### if you insist you want to generate the right certificate.
create the subject alternative name.
New-ExchangeCertificate -GenerateRequest -RequestFile "\\FileServer01\Data\Any.r
(or use a wildcard certificate)
https://technet.microsoft.com/en-us/library/bb125165(v=exchg.160).aspx
Hi Jian An Lim
thanks for your support and sorry for late respond,
i created the request but when i complete the request and use the same valid certificate i got below error:
![2.JPG]()
and when i'm trying to delete the current valid certificate i got below error:
![3.JPG]()
and i'm insist for manual addition of email because some users opens two mailboxes on their outlook, the first one was added with autodiscover and the other one manual addition,
anyway am now adding it by giving the user mailbox full access "Mailbox Delegation" on the other mailbox, but in the same subject i'm in stage of Decommissioning Exchange 2010 but before that i shut down the exchange 2010 to make sure that every thing is OK and after testing everything is OK except that the delegated mailbox when i the cursor on its inbox or other folders it gave trying to connect for long time then connected and it gave that every time that i close outlook and reopen it, but when i turned on the exchange 2010 again this mailbox gave connected directly.
waiting for your support
thanks in advance.
thanks for your support and sorry for late respond,
i created the request but when i complete the request and use the same valid certificate i got below error:
and when i'm trying to delete the current valid certificate i got below error:
and i'm insist for manual addition of email because some users opens two mailboxes on their outlook, the first one was added with autodiscover and the other one manual addition,
anyway am now adding it by giving the user mailbox full access "Mailbox Delegation" on the other mailbox, but in the same subject i'm in stage of Decommissioning Exchange 2010 but before that i shut down the exchange 2010 to make sure that every thing is OK and after testing everything is OK except that the delegated mailbox when i the cursor on its inbox or other folders it gave trying to connect for long time then connected and it gave that every time that i close outlook and reopen it, but when i turned on the exchange 2010 again this mailbox gave connected directly.
waiting for your support
thanks in advance.
if you are using the same cert, then your alternative name is still not added. you can't have the exact the same serial number if you have created a new one.
Remember
When you type this,
New-ExchangeCertificate -GenerateRequest -RequestFile "\\FileServer01\Data\Any.r
Then you take the Any.req to your preferred CA, to generate a key.
then you import to complete your exchange certificate renewal
https://technet.microsoft.com/en-us/library/ee861104(v=exchg.160).aspx
to do in GUI, follow this
https://practical365.com/exchange-server/exchange-2016-complete-pending-ssl-certificate-request/
Remember
When you type this,
New-ExchangeCertificate -GenerateRequest -RequestFile "\\FileServer01\Data\Any.r
Then you take the Any.req to your preferred CA, to generate a key.
then you import to complete your exchange certificate renewal
https://technet.microsoft.com/en-us/library/ee861104(v=exchg.160).aspx
to do in GUI, follow this
https://practical365.com/exchange-server/exchange-2016-complete-pending-ssl-certificate-request/
My certificate is from rapidssl.com, do you mean that i have to request a new certificate from them and pay again for it, even though may certificate still valid, i dont know if i can manage my certificate from that site.
yes. you need to regenerate a new certificate.
The reason why it is not working because the original certificate was requested wrongly (without Subject alternative name)
Exchange server always need autodiscover.xxxx.com
i will logde a ticket with rapidssl to ask them whether they can recreate without charge (usually they are happy to let yo revoke your current one and regenerate a new one but no guarantee)
The reason why it is not working because the original certificate was requested wrongly (without Subject alternative name)
Exchange server always need autodiscover.xxxx.com
i will logde a ticket with rapidssl to ask them whether they can recreate without charge (usually they are happy to let yo revoke your current one and regenerate a new one but no guarantee)
sorry, when i say "i will", i mean " if i am you, I will"
so please kindly contact rapidssl yourself
so please kindly contact rapidssl yourself
no , did you install that, it as admin mode?
or i should ask how do you install it? (you should merge the certificate with your existing private key)
or i should ask how do you install it? (you should merge the certificate with your existing private key)
Dear Jian,
i'm trying to install it from IIS manager
what do you mean by admin mode?
kindly i will respectely ask you to give me more details about that and how to install or merge it with existing private key?
i'm trying to install it from IIS manager
what do you mean by admin mode?
kindly i will respectely ask you to give me more details about that and how to install or merge it with existing private key?
please use exchange management shell to do so
New-ExchangeCertificate -GenerateRequest -RequestFile "\\FileServer01\Data\Any.r
Then you take the Any.req to your preferred CA, to generate a key.
then you import to complete your exchange certificate renewal
Import-ExchangeCertificate
https://technet.microsoft.com/en-us/library/ee861104(v=exchg.160).aspx
New-ExchangeCertificate -GenerateRequest -RequestFile "\\FileServer01\Data\Any.r
Then you take the Any.req to your preferred CA, to generate a key.
then you import to complete your exchange certificate renewal
Import-ExchangeCertificate
https://technet.microsoft.com/en-us/library/ee861104(v=exchg.160).aspx
Hi Jian An Lim,
I successfully imported the new certificate to the exchange server, and to test if the problem solved i shut down the old exchange 2010 server, but unfortunately the same problems appears and also new problems appears also, the problems is that outlook users on windows XP are disconnected and they get certificate error like below:
![3.jpg]()
so i install the certificate on the users computer certificate store but that did not fix the problem
also outlook users on windows 7 are suffering from delay when open the outlook every time like below:
![4.JPG]()
this message " updating this folder" is appears every time that user closes and reopen the outlook and it Cause of delaying messages
i think my problem is too complicated so i need an urgent help PLZ :)
I successfully imported the new certificate to the exchange server, and to test if the problem solved i shut down the old exchange 2010 server, but unfortunately the same problems appears and also new problems appears also, the problems is that outlook users on windows XP are disconnected and they get certificate error like below:
so i install the certificate on the users computer certificate store but that did not fix the problem
also outlook users on windows 7 are suffering from delay when open the outlook every time like below:
this message " updating this folder" is appears every time that user closes and reopen the outlook and it Cause of delaying messages
i think my problem is too complicated so i need an urgent help PLZ :)
hello, the cross move from 3rd to 1st! so you are getting better!!!
the issues is the certificate you put in don't have a root certificate!
where you get your certificate from?
the issues is the certificate you put in don't have a root certificate!
where you get your certificate from?
so when the screen pop up, can you click view certificate?
then we will need to think why that root certificate have not installed properly.
just in case you need to download,
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=INFO1548
then we will need to think why that root certificate have not installed properly.
just in case you need to download,
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=INFO1548
i forgot to mention that they sent me also an intermediate certificate and i installed it correctly to exchange server 2013 certificates store as they instructed me,
does that changing any thing here?
does that changing any thing here?
yes, but did that include the root?
it should be root and intemediate certificate
if still broken, install the root and intermediate certificate on the machine you are testing.
retest and advise.
it should be root and intemediate certificate
if still broken, install the root and intermediate certificate on the machine you are testing.
retest and advise.
where i should install the root certificate on the exchange server 2013?
and should i download (under SHA-1 Root) or (under SHA-2 Root)?
and should i download (under SHA-1 Root) or (under SHA-2 Root)?
to confirm, view the certificate, then click certificate path. chheck on all of them and make sure they don't have a red cross.
Else,just install both certificate. it won't hurt.
Else,just install both certificate. it won't hurt.
Ok but should i install the root certificate under the "intermediate certification authorities" store in in the exchange 2013 server certificate store or under "personal" store?
root certificate at "trusted Root certificate authority"
ntermediate certification at "Intermediate certificate authority"
ntermediate certification at "Intermediate certificate authority"
Dear Jian An Lim,
i installed the root certificate on the exchange 2013 server but with no luck, but when i install the intermediate and root certificate on the outlook user computer (that has XP installed on it) its connected now but the delay problem still there, when you open the outlook it takes long time to get the data from the server (that's when the exchange 2010 is turned off),
![5.JPG]()
but when i turn on the exchange 2010 server the delay problem disappears !!
i installed the root certificate on the exchange 2013 server but with no luck, but when i install the intermediate and root certificate on the outlook user computer (that has XP installed on it) its connected now but the delay problem still there, when you open the outlook it takes long time to get the data from the server (that's when the exchange 2010 is turned off),
but when i turn on the exchange 2010 server the delay problem disappears !!
why you turn off exchange 2010 again? you should not turn off a exchange server like that? it should be proper decomission instead of turn off especially public folder
See. https://blogs.technet.microsoft.com/mspfe/2015/08/26/decommissioning-legacy-exchange-servers/
Anyway, your original problem fix and now you have issues on why your current deployment still depends on exchange 2010, particularly to
It will be good to start a decommission question so one of us can look into this?
See. https://blogs.technet.microsoft.com/mspfe/2015/08/26/decommissioning-legacy-exchange-servers/
Anyway, your original problem fix and now you have issues on why your current deployment still depends on exchange 2010, particularly to
It will be good to start a decommission question so one of us can look into this?
The reason why I'm turning off exchange 2010 is to test connectivity for the new exchange 2013 before Decommissioning of exchange 2010, that was the recommendation of the article that i was processed step by step from techgenix.com site
http://techgenix.com/migrating-small-organization-exchange-2010-exchange-2013-part4/
do you mean that when i safely decommission the exchange 2010, my delay problem will be solved?
regarding to public folder i should told that my public folder on my old exchange 2010 server is corrupted and i cannot dismounted from a long time but it was not making any problems when i was using only the exchange 2010, i don't know now if it is making problems after migration or not or it will make a problems with Decommissioning i should ask you?
or should i make a new public folder on the exchange 2013 (i don't need it in my environment).
http://techgenix.com/migrating-small-organization-exchange-2010-exchange-2013-part4/
do you mean that when i safely decommission the exchange 2010, my delay problem will be solved?
regarding to public folder i should told that my public folder on my old exchange 2010 server is corrupted and i cannot dismounted from a long time but it was not making any problems when i was using only the exchange 2010, i don't know now if it is making problems after migration or not or it will make a problems with Decommissioning i should ask you?
or should i make a new public folder on the exchange 2013 (i don't need it in my environment).
Awesome. you got a good list. and now it has proven something wrong with your exchange 2010.
your deployment hasn't fully get rip of exchange 2010 config.
I recommend you start a new post on how to properly decommission exchange 2010 with your public folder issues. (it will make a problem when you try to uninstall exchange 2010)
This post is about fixing your certificate issues and we have fix it :)
your deployment hasn't fully get rip of exchange 2010 config.
I recommend you start a new post on how to properly decommission exchange 2010 with your public folder issues. (it will make a problem when you try to uninstall exchange 2010)
This post is about fixing your certificate issues and we have fix it :)
Dear Jian An Lim
i appreciate your great support :)
but i prefer to continue in this post because it has full details about my problem and i don't want to start from zero and my primary issue was connectivity delay in outlook after migration from exchange 2010 to exchange 2013,and we are a step away from solving the problem, and i will be thankfull for you support to end this issue.
i appreciate your great support :)
but i prefer to continue in this post because it has full details about my problem and i don't want to start from zero and my primary issue was connectivity delay in outlook after migration from exchange 2010 to exchange 2013,and we are a step away from solving the problem, and i will be thankfull for you support to end this issue.
Hi Rami,
I appreciate your support, but it is really streching your original question as we have exchanged almost 49 messages since.
You can always refer back to this post on your new question for history purpose but rest assure, whatever you done here have nothing to do with how you going to decomission your exchange 2010.
It is just good to get a closure by accepting the answer.
and onceyou post your question, i will look into it and give other expert a chance to look into this.
I appreciate your support, but it is really streching your original question as we have exchanged almost 49 messages since.
You can always refer back to this post on your new question for history purpose but rest assure, whatever you done here have nothing to do with how you going to decomission your exchange 2010.
It is just good to get a closure by accepting the answer.
and onceyou post your question, i will look into it and give other expert a chance to look into this.
Ok thanks i have published a new post and i hope we can reach to an appropriate solution to my problem
the link to the new post :
https://www.experts-exchange.com/questions/29081396/Exchange-2010-to-2013-Migration-problem.html
the link to the new post :
https://www.experts-exchange.com/questions/29081396/Exchange-2010-to-2013-Migration-problem.html
Premium Content
You need an Expert Office subscription to comment.Start Free Trial