- Microsoft Office
- Exchange
- Office 365
Watchguard firewall causing migrationwiz migration to office 365 from SBS 2011 standard to fail?z
I am doing my first sbs 2011 Standard to office 365 hosted exchange migration.
I am using migration wiz and 4 of 5 mailboxes failed. one talked of actively refiusing the connection.
It reminded me - there's a watchguard firewall at the sbs 2011 location. I remember once someone else having a problem with too much data going to /. from 1 place that the watchguard shut it off - there's a setting to limit amount of data to / from 1 external location that was on by default.
Anyone know where that is? Could that be why they are failing the migration?
can you tell me where to look to disable that if it's on. and maybe where to look to see if that feature was activatted in the last 48 hours?
THANKS!
I am using migration wiz and 4 of 5 mailboxes failed. one talked of actively refiusing the connection.
It reminded me - there's a watchguard firewall at the sbs 2011 location. I remember once someone else having a problem with too much data going to /. from 1 place that the watchguard shut it off - there's a setting to limit amount of data to / from 1 external location that was on by default.
Anyone know where that is? Could that be why they are failing the migration?
can you tell me where to look to disable that if it's on. and maybe where to look to see if that feature was activatted in the last 48 hours?
THANKS!
Migration wiz uses endpoint i.e. autodiscover from your local SBS server for migration. I don't think it can be a firewall issue since port 443 and 25 should already be opened.
You can test autodiscover using testexchangeconnectivity.c
Can you paste the error of the failed mailboxes in here for review.
You can test autodiscover using testexchangeconnectivity.c
Can you paste the error of the failed mailboxes in here for review.
I'm running them again. But here's some. 1 user got 1000 errors of this, another got a lower number. but they passed the password veriification.
Active Directory is unavailable. Try again later
The request failed. Unable to connect to the remote server ---> Unable to connect to the remote server ---> No connection could be made because the target machine actively refused it 75.127.196.xxx:443
The request failed. Unable to connect to the remote server ---> Unable to connect to the remote server ---> A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 75.127.196.xxx:443
This is one I hadn't seen before:
Inconsistent get item response (0 items returned but more are available)
it's an older 2011 standard SBS so is there maintenance I should be doing first?
The autodiscver test:
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for x@y.com
Autodiscover was tested successfully.
Active Directory is unavailable. Try again later
The request failed. Unable to connect to the remote server ---> Unable to connect to the remote server ---> No connection could be made because the target machine actively refused it 75.127.196.xxx:443
The request failed. Unable to connect to the remote server ---> Unable to connect to the remote server ---> A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 75.127.196.xxx:443
This is one I hadn't seen before:
Inconsistent get item response (0 items returned but more are available)
it's an older 2011 standard SBS so is there maintenance I should be doing first?
The autodiscver test:
The Microsoft Connectivity Analyzer is attempting to test Autodiscover for x@y.com
Autodiscover was tested successfully.
I see this:
The request failed. Unable to connect to the remote server ---> Unable to connect to the remote server ---> No connection could be made because the target machine actively refused it 75.127.196.xxx:443
So basically target machine i.e. SBS server has refused request on port 443.
Can you check what IP: 75.127.196.xxx is. Is this the IP of your firewall. If yes then make sure to open port 443 for IP: 75.127.196.xxx
The request failed. Unable to connect to the remote server ---> Unable to connect to the remote server ---> No connection could be made because the target machine actively refused it 75.127.196.xxx:443
So basically target machine i.e. SBS server has refused request on port 443.
Can you check what IP: 75.127.196.xxx is. Is this the IP of your firewall. If yes then make sure to open port 443 for IP: 75.127.196.xxx
Kindly follow Migration Wiz article for firewall requirement: "How do I set up router ports for OWA traffic when performing an On-Premises Exchange to On-Premises Exchange migration?"
https://help.bittitan.com/hc/en-us/articles/115008107167
https://help.bittitan.com/hc/en-us/articles/115008107167
Based on your details and issues to date, I tend not to think that it is the firewall. HOWEVER, if your port 80 and 443 rules are proxies, I could see where this could intermittently get in the way depending on the contents of the mailbox. Especially if you have Deep Packet Inspection turned on.
This could be a complex issue to resolve and even more so without me knowing what your config looks like. But a relatively simple (but less secure) way to deal with this would be to create an unfiltered packet filter outbound from the machine running the migration wizard. Because 365 has so many sub URLs, I would just add HTTP and HTTPS rules (not HTTP-Proxy and HTTPS-Proxy) from the IP of the migrationwiz server to Any-External. Because it is a packet filter and pretty specific in nature, it should come in higher than your default proxy rules and take precedence (assuming yout auto-order is on as it should be). I would also turn on logging for that rule so that you can prove that it is being used. Once you can launch the wizard and see that traffic traversing the new packet filter rules, run your migration test again. If it succeeds, you are good to go. If it does not succeed, you can be pretty sure that it is not the firewall causing the issue.
Good luck.
~Jon
This could be a complex issue to resolve and even more so without me knowing what your config looks like. But a relatively simple (but less secure) way to deal with this would be to create an unfiltered packet filter outbound from the machine running the migration wizard. Because 365 has so many sub URLs, I would just add HTTP and HTTPS rules (not HTTP-Proxy and HTTPS-Proxy) from the IP of the migrationwiz server to Any-External. Because it is a packet filter and pretty specific in nature, it should come in higher than your default proxy rules and take precedence (assuming yout auto-order is on as it should be). I would also turn on logging for that rule so that you can prove that it is being used. Once you can launch the wizard and see that traffic traversing the new packet filter rules, run your migration test again. If it succeeds, you are good to go. If it does not succeed, you can be pretty sure that it is not the firewall causing the issue.
Good luck.
~Jon
I was researching on the error which you received :
This is one I hadn't seen before:
Inconsistent get item response (0 items returned but more are available)
As per Bittitan reference article: https://help.bittitan.com/hc/en-us/articles/115008263948-Inconsistent-get-item-response-0-items-returned-but-more-are-available-
Answer:
This error occurs when the Source server is overloaded and MigrationWiz is unable to get consistent responses from the Exchange server. To prevent additional issues, MigrationWiz stops the migration.
Resolve this issue by investigating the health of the Source server. To help reduce the load on the server, lower the number of concurrent migrations.
This error can also occur because the number of items in a single folder is quite large, and causes the Source server to return only partial responses.
If this error persists, using the Advanced Support option DisableEWSDataConsistencyC
This is one I hadn't seen before:
Inconsistent get item response (0 items returned but more are available)
As per Bittitan reference article: https://help.bittitan.com/hc/en-us/articles/115008263948-Inconsistent-get-item-response-0-items-returned-but-more-are-available-
Answer:
This error occurs when the Source server is overloaded and MigrationWiz is unable to get consistent responses from the Exchange server. To prevent additional issues, MigrationWiz stops the migration.
Resolve this issue by investigating the health of the Source server. To help reduce the load on the server, lower the number of concurrent migrations.
This error can also occur because the number of items in a single folder is quite large, and causes the Source server to return only partial responses.
If this error persists, using the Advanced Support option DisableEWSDataConsistencyC
-
![]()
Solutionmethod needed to join sever 2016 essentials to sbs 2011 standard domain as replica dc for migration to server 2016 essentials (from essentials sku) -
![]()
ArticleMigrate Hosted Exchange to Exchange Online (Office 365) -
![]()
VideoExchange 2016 - Setting up an email account using Office 2019 -
![]()
Cloud Class®Office 365 Administration
-
![]()
received a Solution
Post migration from on premise Exchange 2016 to Office 365, no AD Sync -
![]()
wrote an Article
![]()
This user's on-premises mailbox hasn't been migrated to Exchange Online. The Exchange Online mailbox will be available after migration is completed.
-
![]()
created a Video
![]()
Office 365 Basics. Module 6 - Office Online
-
Explore Cloud Class® ![]()
Office 365 for End Users
Premium Content
You need an Expert Office subscription to comment.Start Free Trial