Exchange Connectivity Problem

i have made a migration from exchange 2010 to 2013 and every thing goes well till i reached to moving mailboxes, it moved mailboxes successfully but when the operation completed i checked the account settings and i found the server address as in attachment file (Name)

but the connectivity between the outlook and the new exchange 2013 is OK and it send and receive well.
And when i try to add the account from control panel/mail manually i got error in file (Connectivity)

the exchange 2010 v 14.03.0361.001, exchange 2013 Version 15.0 (Build 1347.2)

i have below results for Get command:

[PS] C:\Windows\system32>Get-OabVirtualDirectory | fl server, exch13, ExternalURL, InternalURL, *auth*

Server                        : EXCH01

ExternalUrl                  : https://mail.company.net/OAB

InternalUrl                  : https://mail.company.net/OAB

BasicAuthentication          : False

WindowsAuthentication        : True

OAuthAuthentication          : False

InternalAuthenticationMethods : {WindowsIntegrated}

ExternalAuthenticationMethods : {WindowsIntegrated}

Server                        : EXCH13

ExternalUrl                  : https://mail.company.net/OAB

InternalUrl                  : https://mail.company.net/OAB

BasicAuthentication          : False

WindowsAuthentication        : True

OAuthAuthentication          : True

InternalAuthenticationMethods : {WindowsIntegrated, OAuth}

ExternalAuthenticationMethods : {WindowsIntegrated, OAuth}

[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | fl server, exch13,ExternalURL, InternalURL, *auth*

Server                        : EXCH01

ExternalUrl                  : https://mail.company.net/ews/exchange.asmx

InternalUrl                  : https://mail.company.net/ews/exchange.asmx

CertificateAuthentication    :

InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity}

ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity}

LiveIdNegotiateAuthentication :

WSSecurityAuthentication      : True

LiveIdBasicAuthentication    : False

BasicAuthentication          : False

DigestAuthentication          : False

WindowsAuthentication        : True

OAuthAuthentication          : False

AdfsAuthentication            : False

Server                        : EXCH13

ExternalUrl                  : https://mail.company.net/EWS/Exchange.asmx

InternalUrl                  : https://mail.company.net/EWS/Exchange.asmx

CertificateAuthentication    :

InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}

ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}

LiveIdNegotiateAuthentication :

WSSecurityAuthentication      : True

LiveIdBasicAuthentication    : False

BasicAuthentication          : False

DigestAuthentication          : False

WindowsAuthentication        : True

OAuthAuthentication          : True

AdfsAuthentication            : False

[PS] C:\Windows\system32>Get-EcpVirtualDirectory | fl server, exch13, ExternalURL, InternalURL, *auth*

Server                        : EXCH01

ExternalUrl                  : https://mail.company.net/ecp

InternalUrl                   : https://mail.company.net/ecp

InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}

BasicAuthentication          : True

WindowsAuthentication        : True

DigestAuthentication          : False

FormsAuthentication           : True

LiveIdAuthentication          : False

AdfsAuthentication            : False

OAuthAuthentication          : False

ExternalAuthenticationMethods : {Fba}

Server                        : EXCH13

ExternalUrl                  : https://mail.company.net/ecp

InternalUrl                  : https://mail.company.net/ecp

InternalAuthenticationMethods : {Basic, Fba}

BasicAuthentication          : True

WindowsAuthentication        : False

DigestAuthentication          : False

FormsAuthentication          : True

LiveIdAuthentication          : False

AdfsAuthentication            : False

OAuthAuthentication          : False

ExternalAuthenticationMethods : {Fba}

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory | fl server, name, ExternalURL, InternalURL, *auth*

Server                              : EXCH01

Name                                : Microsoft-Server-ActiveSync (Default Web Site)

ExternalUrl                        : https://mail.company.net/Microsoft-Server-ActiveSync

InternalUrl                        : https://mail.company.net/Microsoft-Server-ActiveSync

MobileClientCertificateAuthorityURL :

BasicAuthEnabled                    : True

WindowsAuthEnabled                  : False

ClientCertAuth                      : Ignore

InternalAuthenticationMethods      : {}

ExternalAuthenticationMethods      : {}

Server                              : EXCH13

Name                                : Microsoft-Server-ActiveSync (Default Web Site)

ExternalUrl                        : https://mail.company.net/Microsoft-Server-ActiveSync

InternalUrl                        : https://mail.company.net/Microsoft-Server-ActiveSync

MobileClientCertificateAuthorityURL :

BasicAuthEnabled                    : True

WindowsAuthEnabled                  : False

ClientCertAuth                      : Ignore

InternalAuthenticationMethods      : {}

ExternalAuthenticationMethods      : {}

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory | fl server, exch13, ExternalURL, InternalURL, *auth*

Server                              : EXCH01

ExternalUrl                        : https://mail.company.net/Microsoft-Server-ActiveSync

InternalUrl                        : https://mail.company.net/Microsoft-Server-ActiveSync

MobileClientCertificateAuthorityURL :

BasicAuthEnabled                    : True

WindowsAuthEnabled                  : False

ClientCertAuth                      : Ignore

InternalAuthenticationMethods      : {}

ExternalAuthenticationMethods      : {}

Server                              : EXCH13

ExternalUrl                        : https://mail.company.net/Microsoft-Server-ActiveSync

InternalUrl                        : https://mail.company.net/Microsoft-Server-ActiveSync

MobileClientCertificateAuthorityURL :

BasicAuthEnabled                    : True

WindowsAuthEnabled                  : False

ClientCertAuth                      : Ignore

InternalAuthenticationMethods      : {}

ExternalAuthenticationMethods      : {}

[PS] C:\Windows\system32>Get-OutlookAnywhere | fl server, Name, *hostname*, *auth*

Server                            : EXCH01

Name                              : Rpc (Default Web Site)

ExternalHostname                  : mail.company.net

InternalHostname                  :

ExternalClientAuthenticationMethod : Ntlm

InternalClientAuthenticationMethod : Ntlm

IISAuthenticationMethods          : {Ntlm}

Server                            : EXCH13

Name                              : Rpc (Default Web Site)

ExternalHostname                  : mail.company.net

InternalHostname                  : mail.company.net

ExternalClientAuthenticationMethod : Ntlm

InternalClientAuthenticationMethod : Ntlm

IISAuthenticationMethods          : {Basic, Ntlm, Negotiate}

[PS] C:\Windows\system32>Get-OwaVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*

Server                        : EXCH01

Name                          : owa (Default Web Site)

ExternalUrl                  : https://mail.company.net/owa

InternalUrl                  : https://mail.company.net/owa

ClientAuthCleanupLevel        : High

InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}

BasicAuthentication          : True

WindowsAuthentication        : True

DigestAuthentication          : False

FormsAuthentication          : True

LiveIdAuthentication          : False

AdfsAuthentication            : False

OAuthAuthentication          : False

ExternalAuthenticationMethods : {Fba}

Server                        : EXCH13

Name                          : owa (Default Web Site)

ExternalUrl                  : https://mail.company.net/owa

InternalUrl                  : https://mail.company.net/owa

ClientAuthCleanupLevel        : High

InternalAuthenticationMethods : {Basic, Fba}

BasicAuthentication          : True

WindowsAuthentication        : False

DigestAuthentication          : False

FormsAuthentication          : True

LiveIdAuthentication          : False

AdfsAuthentication            : False

OAuthAuthentication          : False

ExternalAuthenticationMethods : {Fba}

[PS] C:\Windows\system32>Get-ClientAccessServer | fl Name,OutlookAnywhereEnabled, AutodiscoverServiceInternalUri

Name                          : EXCH01

OutlookAnywhereEnabled        : True

AutoDiscoverServiceInternalUri : https://mail.company.net/autodiscover/autodiscover.xml

Name                          : EXCH13

OutlookAnywhereEnabled        : True

AutoDiscoverServiceInternalUri : https://mail.company.net/autodiscover/autodiscover.xml

[PS] C:\Windows\system32>Get-ExchangeCertificate | fl FriendlyName, Subject, CertificateDomains, Thumbprint, Services, I

ssuer, *not*

FriendlyName      : Microsoft Exchange Server Auth Certificate

Subject            : CN=Microsoft Exchange Server Auth Certificate

CertificateDomains : {}

Thumbprint        : F6F6781D1A2CD3CF074447D3716E2F4A3D2BFD42

Services          : SMTP

Issuer            : CN=Microsoft Exchange Server Auth Certificate

NotAfter          : 9/19/2022 5:18:33 PM

NotBefore          : 10/15/2017 5:18:33 PM

FriendlyName      : Microsoft Exchange

Subject            : CN=EXCH13

CertificateDomains : {EXCH13, EXCH13.company.local}

Thumbprint        : AEEE2F6582A21138F61E629660B8D14DF960140E

Services          : IIS, SMTP

Issuer            : CN=EXCH13

NotAfter          : 10/15/2022 5:17:38 PM

NotBefore          : 10/15/2017 5:17:38 PM

FriendlyName      : WMSVC

Subject            : CN=WMSvc-EXCH13

CertificateDomains : {WMSvc-EXCH13}

Thumbprint        : 4F40A10D0B8ADF2CAB8378F09787DF65B58EDA84

Services          : None

Issuer            : CN=WMSvc-EXCH13

NotAfter          : 10/13/2027 4:32:42 PM

NotBefore          : 10/15/2017 4:32:42 PM

FriendlyName      : JDS

Subject            : CN=mail.company.net

CertificateDomains : {mail.company.net}

Thumbprint        : 473E3A9AA5C6ACE7480666E2427286E8F54260E1

Services          : IMAP, POP, IIS, SMTP

Issuer            : CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

NotAfter          : 3/6/2018 11:11:15 PM

NotBefore          : 2/3/2016 12:30:20 PM

[PS] C:\Windows\system32>Get-MapiVirtualDirectory | fl server, Name,ExternalURL,InternalURL, *auth*

Server                        : EXCH13

Name                          : mapi (Default Web Site)

ExternalUrl                  :

InternalUrl                  : https://exch13.company.local/mapi

IISAuthenticationMethods      : {Ntlm, OAuth, Negotiate}

InternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}

ExternalAuthenticationMethods : {}

[PS] C:\Windows\system32>Get-ClientAccessArray | fl

[PS] C:\Windows\system32>Get-OutlookProvider

Name                          Server                        CertPrincipalName            TTL

----                          ------                        -----------------            ---

EXCH                                                                                      1

EXPR                                                                                      1

WEB                                                                                      1

[PS] C:\Windows\system32>

Is there a problem with my configuration or any connectivity problem between the active directory server and the new exchange 2013 server
1.JPG
2.JPG
Rami AlhasaniNetwork And Systems AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MAS (MVE)EE Solution GuideCommented:
Hi Rami,
Where is your autodiscover pointing to?
Both common name and autodiscover should be pointed to Exchange2013.
Please ensure all services are started.

Thanks
MAS
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
i think its correct my new exchange server 2013 is 128.127.0.21, but i think that their a connectivity problem with DC but i don't know how to fix it.

33.JPG
0
Hemil AquinoNetwork EngineerCommented:
For what I can see your records looks OK.
Try restarting the Exchange topology services.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Hemil AquinoNetwork EngineerCommented:
Also, as a good practice dont show your domain information and whatnot.
People might want to hack your server.
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Hemil Aquini,

How can i edit my comment to remove this picture?
0
Hemil AquinoNetwork EngineerCommented:
If someone commented after your comment, I don't think you can. Just deleting the whole thread will delete the image.
0
MAS (MVE)EE Solution GuideCommented:
@Rami Alhasani
Just click on "Report Question" and request admin to remove the image.
1
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Thanks MAS

Dear Hemil Aquino,

i have restarted this service and restart the whole server with no luck (same problem).
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
another point that when i do i best practice analyzer on exchange 2010 i got many errors on exchange 2013 on of them below:

44.JPG
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Thanks Mr. Wolfe for your support

im waiting for a good expert solution
0
Jian An LimSolutions ArchitectCommented:
Hi Rami,

rephrase your question, after your migration from exchange 2010 to exchange 2013, outlook no longer login and prompt with photo.

Just want to make sure a few things.
1. can you logon to OWA to confirm the mailbox is assessable? also log in to https://mail.company.net/Ews/Exchange.asmx and confirm you hit a XML-like page.
2. then go to https://testconnectivity.microsoft.com/ and run both test
Microsoft Office Outlook Connectivity Tests
Outlook Connectivity
Outlook Autodiscover

that would give us some idea is it going wrong or not.
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Dear Jian An Lim,

thanks for your support,

my users can login with normal setup of mailbox on outlook that uses the Autodiscover, but the error appears when setup the account in outlook manually by typing the name of exchange server and mailbox.

for the Questions:

1. can you logon to OWA to confirm the mailbox is assessable? i can login to OWA without any problem.

also log in to https://mail.company.net/Ews/Exchange.asmx and confirm you hit a XML-like page. i logged in and i got this page:
 66.jpg
2. then go to https://testconnectivity.microsoft.com/ and run both test

    Microsoft Office Outlook Connectivity Tests Outlook Connectivity
    Outlook Autodiscover
 
i uploaded the files.


thanks in advance
RCATestResult.txt
RCATestResult-1-.txt
0
Jian An LimSolutions ArchitectCommented:
did you change the firewall to point to the new server?

back on  to your workstation,
can you test the following url? (credential is your new mailbox that moved)

https://mail.company.net/autodiscover/autodiscover.xml <-- we expect a pass here
https://<newservername>/autodiscover/autodiscover.xml <-- we expect a pass here
https://<oldservername>/autodiscover/autodiscover.xml   <-- we expect a fail here
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Dear Jian An Lim,

did you change the firewall to point to the new server?
yes i changed it.

can you test the following url? (credential is your new mailbox that moved)

https://mail.company.net/autodiscover/autodiscover.xml 
 77.JPG
https://<newservername>/autodiscover/autodiscover.xml
88.JPG
https://<oldservername>/autodiscover/autodiscover.xml
99.JPG
0
Jian An LimSolutions ArchitectCommented:
see private message.

anyway, i wonder do your certificate have autodiscover as CNAME?

also we need to run the test command in exchange server
$TestCredentials = Get-Credential  # this is the user's credential
Test-OutlookConnectivity -ProbeIdentity OutlookRpcCtpProbe -MailboxId johnd@contoso.com -Credential $TestCredentials

https://technet.microsoft.com/en-us/library/dd638082(v=exchg.160).aspx
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Hi Jian An Lim,

i wonder do your certificate have autodiscover as CNAME? how i can check that?

also we need to run the test command in exchange server

    $TestCredentials = Get-Credential  # this is the user's credential Test-OutlookConnectivity -ProbeIdentity OutlookRpcCtpProbe -MailboxId johnd@contoso.com -Credential $TestCredentials

13.JPG
but i noticed a weird thing that when i configure a mailbox that are existing on the new exchange 2013 server manually on outlook and type the old exchange server name its resolves the name of the new exchange 2013 server correctly

and do i need to delete default exchange 2013 certificates after importing my certificate from exchange 2010 to exchange 2013
12.JPG
0
Jian An LimSolutions ArchitectCommented:
you don't need to delete any existing certificate.

in the new world, you are not "suppose" to type in the servername, it should pick up by autodiscover.

to check on cname
open the certificate and confirm Subject Alternative Name.
example for subject alternative name for autodiscover

When you next create an outlook profile, can you untick the "cached mode"?  and see whether the same message reappear?
( i am starting to wonder will this be outlook anywhere issues)
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
in the new world, you are not "suppose" to type in the servername, it should pick up by autodiscover
i know that, but i do it manually to test the connectivity, even with autodiscover it gave me below error, and when complete define mailbox in outlook, the server name is incorrect in the (account settings/server settings)
14.JPG1.JPG
to check on cname
open the certificate and confirm Subject Alternative Name

15.JPG
When you next create an outlook profile, can you untick the "cached mode"?  and see whether the same message reappear?

it gave another error message below:
16.JPG
0
Jian An LimSolutions ArchitectCommented:
the reason why you cannot manually do it in exchange 2013, because Microsoft have complicated it.
it must handle via autodiscover.

so first, your certificate does not have autodiscover alternative name. you need to regenerate a certificate to get that working.


So let's go back to your ORIGINAL ISSUE, do you still have this error message everytime?your error message when you do that, can you untick the "use cached mode" option and see the error message repeat?
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Hi Jian An Lim,

so first, your certificate does not have autodiscover alternative name. you need to regenerate a certificate to get that working.

what do you mean by "autodiscover alternative name", and how i can regenerate my certificate?
For clarification, when i was using the old exchange 2010 i was not facing any problems about server name, the only thing i was facing is the certificate message when the user opens the outlook only:
17.JPG
So let's go back to your ORIGINAL ISSUE, do you still have this error message every time?

no i get this error message only when i setup the mailbox manually and you clarified to me now that i cant do it manually, and when i setup via autodiscover i did not get any errors and every thing goes well, it connects perfect and i can send and receive emails but the only problem is that the server name problem Which I mentioned earlier:
1.JPG
and some users outlook keep asking them for authentication (user name and password)
0
Jian An LimSolutions ArchitectCommented:
the autodiscover must point to the new server
and the old certificate do not have the name on the subject alternative name. you can ask the user safely to ignore it for the moment or we can run regkey to disable it (not preferred)


the server name is the new standard. it is correct as long as it have a underline on it. so you got no problem.

the new exchange server 2013/16 do not allow manual configuration, if you insist, you need to get the mailbox GUID and form the servername.
you can see more here http://www.modernmsp.com/how-to-manually-configure-outlook-for-office-365/

Anyway, Outlook 2016 no longer allow you to manual configure your configuration to Exchange, so autodiscover is definitely the way to go.


### if you insist you want to generate the right certificate.
create the subject alternative name.

New-ExchangeCertificate -GenerateRequest -RequestFile "\\FileServer01\Data\Any.req" -FriendlyName "compay.net SAN Cert" -SubjectName C=US,CN=company.net -DomainName autodiscover.company.net,mail.company.net

(or use a wildcard certificate)

https://technet.microsoft.com/en-us/library/bb125165(v=exchg.160).aspx
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Hi Jian An Lim
thanks for your support and sorry for late respond,

i created the request but when i complete the request and use the same valid certificate i got below error:

2.JPG
and when i'm trying to delete the current valid certificate i got below error:

3.JPG
and i'm insist for manual addition of email because some users opens two mailboxes on their outlook, the first one was added with autodiscover and the other one manual addition,
anyway am now adding it by giving the user mailbox full access "Mailbox Delegation" on the other mailbox, but in the same subject i'm in stage of Decommissioning Exchange 2010 but before that i shut down the exchange 2010 to make sure that every thing is OK and after testing everything is OK except that the delegated mailbox when i the cursor on its inbox or other folders it gave trying to connect for long time then connected and it gave that every time that i close outlook and reopen it, but when i turned on the exchange 2010 again this mailbox gave connected directly.

waiting for your support

thanks in advance.
0
Jian An LimSolutions ArchitectCommented:
if you are using the same cert, then your alternative name is still not added.  you can't have the exact the same serial number if you have created a new one.


Remember

When you type this,

New-ExchangeCertificate -GenerateRequest -RequestFile "\\FileServer01\Data\Any.req" -FriendlyName "compay.net SAN Cert" -SubjectName C=US,CN=company.net -DomainName autodiscover.company.net,mail.company.net

Then you take the Any.req to your preferred CA, to generate a key.

then you import to complete your exchange certificate renewal

https://technet.microsoft.com/en-us/library/ee861104(v=exchg.160).aspx


to do in GUI, follow this
https://practical365.com/exchange-server/exchange-2016-complete-pending-ssl-certificate-request/
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
My certificate is from rapidssl.com, do you mean that i have to request a new certificate from them and pay again for it, even though may certificate still valid, i dont know if i can manage my certificate from that site.
0
Jian An LimSolutions ArchitectCommented:
yes. you need to regenerate a new certificate.
The reason why it is not working because the original certificate was requested wrongly (without Subject alternative name)
Exchange server always need autodiscover.xxxx.com

i will logde a ticket with rapidssl to ask them whether they can recreate without charge (usually they are happy to let yo revoke your current one and regenerate a new one but no guarantee)
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Thanks Jian An Lim for great support,

i'm waiting your feedback about "rapidssl"
0
Jian An LimSolutions ArchitectCommented:
sorry, when i say "i will", i mean " if i am you, I will"
so please kindly contact rapidssl yourself
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
i got the cer from rapidssl but when i try to install it i get below error:

56.JPG
any suggestions please
0
Jian An LimSolutions ArchitectCommented:
did you run this as admin?
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Yes as Domain Administrator
0
Jian An LimSolutions ArchitectCommented:
no , did you install that, it as admin mode?

or i should ask how do you install it? (you should merge the certificate with your existing private key)
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Dear Jian,

i'm trying to install it from IIS manager

what do you mean by admin mode?

kindly i will respectely ask you to give me more details about that and how to install or merge it with existing private key?
0
Jian An LimSolutions ArchitectCommented:
please use exchange management shell to do so

New-ExchangeCertificate -GenerateRequest -RequestFile "\\FileServer01\Data\Any.req" -FriendlyName "compay.net SAN Cert" -SubjectName C=US,CN=company.net -DomainName autodiscover.company.net,mail.company.net

Then you take the Any.req to your preferred CA, to generate a key.

then you import to complete your exchange certificate renewal

Import-ExchangeCertificate -FileData ([Byte[](Get-Content -Encoding Byte -Path "\\FileServer01\Data\Any.req" -ReadCount 0))]

https://technet.microsoft.com/en-us/library/ee861104(v=exchg.160).aspx
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Hi Jian An Lim,

I successfully imported the new certificate to the exchange server, and to test if the problem solved i shut down the old exchange 2010 server, but unfortunately the same problems appears and also new problems appears also, the problems is that outlook users on windows XP are disconnected and they get certificate error like below:
3.jpg
so i install the certificate on the users computer certificate store but that did not fix the problem

also outlook users on windows 7 are suffering from delay when open the outlook every time like below:
4.JPG
this message " updating this folder" is appears every time that user closes and reopen the outlook and it Cause of delaying messages

i think my problem is too complicated so i need an urgent help PLZ  :)
0
Jian An LimSolutions ArchitectCommented:
hello, the cross move from 3rd to 1st! so you are getting better!!!

the issues is the certificate you put in don't have a root certificate!
where you get your certificate from?
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
i got it from rapidssl
0
Jian An LimSolutions ArchitectCommented:
so when the screen pop up, can you click view certificate?

then we will need to think why that root certificate have not installed properly.

just in case you need to download,
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=INFO1548
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
i forgot to mention that they sent me also an intermediate certificate and i installed it correctly to exchange server 2013 certificates store as they instructed me,
does that changing any thing here?
0
Jian An LimSolutions ArchitectCommented:
yes, but did that include the root?
it should be root and intemediate certificate

if still broken, install the root and intermediate certificate on the machine you are testing.
retest and advise.
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
where i should install the root certificate on the exchange server 2013?

and should i download (under SHA-1 Root) or (under SHA-2 Root)?
0
Jian An LimSolutions ArchitectCommented:
to confirm, view the certificate, then click certificate path. chheck on all of them and make sure they don't have a red cross.

Else,just install both certificate. it won't hurt.
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Ok but should i install the root certificate under the "intermediate certification authorities" store in in the exchange 2013 server certificate store or under "personal" store?
0
Jian An LimSolutions ArchitectCommented:
root certificate at "trusted Root certificate authority"
ntermediate certification at "Intermediate certificate authority"
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Dear Jian An Lim,

i installed the root certificate on the exchange 2013 server but with no luck, but when i install the intermediate and root certificate on the outlook user computer (that has XP installed on it) its connected now but the delay problem still there, when you open the outlook it takes long time to get the data from the server (that's when the exchange 2010 is turned off),
5.JPG
but when i turn on the exchange 2010 server the delay problem disappears !!
0
Jian An LimSolutions ArchitectCommented:
why you turn off exchange 2010 again? you should not turn off a exchange server like that? it should be proper decomission instead of turn off especially public folder
See. https://blogs.technet.microsoft.com/mspfe/2015/08/26/decommissioning-legacy-exchange-servers/



Anyway, your original problem fix and now you have issues on why your current deployment still depends on exchange 2010, particularly to

It will be good to start a decommission question so one of us can look into this?
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
The reason why I'm turning off exchange 2010 is to test connectivity for the new exchange 2013 before Decommissioning of exchange 2010, that was the recommendation of the article that i was processed step by step from techgenix.com site

http://techgenix.com/migrating-small-organization-exchange-2010-exchange-2013-part4/

do you mean that when i safely  decommission the exchange 2010, my delay problem will be solved?

regarding to public folder i should told that my public folder on my old exchange 2010 server is corrupted and i cannot dismounted from a long time but it was not making any problems when i was using only the exchange 2010, i don't know now if it is making problems after migration or not or it will make a problems with Decommissioning  i should ask you?
or should i make a new public folder on the exchange 2013 (i don't need it in my environment).
1
Jian An LimSolutions ArchitectCommented:
Awesome. you got a good list. and now it has proven something wrong with your exchange 2010.
your deployment hasn't fully get rip of exchange 2010 config.

I recommend you start a new post on how to properly decommission exchange 2010 with your public folder issues. (it will make a problem when you try to uninstall exchange 2010)

This post is about fixing your certificate issues and we have fix it :)
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Dear Jian An Lim

i appreciate your great support :)

but i prefer to continue in this post because it has full details about my problem and i don't want to start from zero and my primary issue was connectivity delay in outlook after migration from exchange 2010 to exchange 2013,and we are a step away from solving the problem, and i will be thankfull for you support to end this issue.
0
Jian An LimSolutions ArchitectCommented:
Hi Rami,
I appreciate your support, but it is really streching your original question as we have exchanged almost 49 messages since.

You can always refer back to this post on your new question for history purpose but rest assure, whatever you done here have nothing to do with how you going to decomission your exchange 2010.

It is just good to get a closure by accepting the answer.
and onceyou post your question, i will look into it and give other expert a chance to look into this.
0
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Ok thanks i have published a new post and i hope we can reach to an appropriate solution to my problem

the link to the new post :

https://www.experts-exchange.com/questions/29081396/Exchange-2010-to-2013-Migration-problem.html
1
Rami AlhasaniNetwork And Systems AdministratorAuthor Commented:
Thanks for your great support
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.