Exchange 2010-2016 Migration Issues
I'm in the process of migrating a single-server Exchange organization from Exchange 2010 to Exchange 2016. I've done this a number of times before and haven't ever run into a problem. Initial installation and setup of the Exchange 2016 server went smoothly. I also did the following steps on the new server:
1. Imported the SSL certificate and assigned it.
2. Configured the SCP and the internal and external Exchange URLs.
3. Configured Outlook Anywhere.
3. Created a single test account on the Exchange 2016 server.
However, when I send a test email from the Exchange 2016 server to a mailbox on the 2010 server, it just sits in the queue and never appears in the 2010 recipient's mailbox. HOWEVER, I have a forward on my 2010 mailbox which sends a copy of all emails to an external email address. The forward is working fine even though the mail never appears in the local mailbox.
I've tried rechecking all my settings but everything seems to be correct. The mail queue on the 2016 server shows this error message on the outgoing messages:
[{LED=451 4.4.395 Target host responded with error. -> 451 5.7.3 Cannot achieve Exchange Server authentication};{MSG=};{FQ
The FQDN "server2010.domain.com" is the internal FQDN of the Exchange 2010 server that's shown on the Client Default receive connector. The authentication settings on the 2010 server for this connector are: TLS, Basic, Integrated Windows Auth, Exchange Server Auth (I added this in my troubleshooting). Permission groups are Exchange servers and Exchange Users.
I also added the IP address of the 2016 server to the IP address scoping on the 2010 connector, even though it already showed the normal "0.0.0.0-255.255.255.255".
I've done some searching on this and have seen a lot of other people having the same issue, but haven't found anything that resolves my issue at this point.
Deb
1. Imported the SSL certificate and assigned it.
2. Configured the SCP and the internal and external Exchange URLs.
3. Configured Outlook Anywhere.
3. Created a single test account on the Exchange 2016 server.
However, when I send a test email from the Exchange 2016 server to a mailbox on the 2010 server, it just sits in the queue and never appears in the 2010 recipient's mailbox. HOWEVER, I have a forward on my 2010 mailbox which sends a copy of all emails to an external email address. The forward is working fine even though the mail never appears in the local mailbox.
I've tried rechecking all my settings but everything seems to be correct. The mail queue on the 2016 server shows this error message on the outgoing messages:
[{LED=451 4.4.395 Target host responded with error. -> 451 5.7.3 Cannot achieve Exchange Server authentication};{MSG=};{FQ
The FQDN "server2010.domain.com" is the internal FQDN of the Exchange 2010 server that's shown on the Client Default receive connector. The authentication settings on the 2010 server for this connector are: TLS, Basic, Integrated Windows Auth, Exchange Server Auth (I added this in my troubleshooting). Permission groups are Exchange servers and Exchange Users.
I also added the IP address of the 2016 server to the IP address scoping on the 2010 connector, even though it already showed the normal "0.0.0.0-255.255.255.255".
I've done some searching on this and have seen a lot of other people having the same issue, but haven't found anything that resolves my issue at this point.
Deb
Are you able to telnet between both server on port 25? Can you test telnet and try to submit mail using telnet and share the result.
ASKER
Thanks for the responses, Amit. I got my issue resolved this morning. In double-checking the connectors on the 2010 server, I realized that the permissions on the Default connector hadn't been changed. I had changed the settings on a Client connector instead. When I tried to change them, I got an error message that the URL had to be changed (it was set to the external URL instead of the internal one). I went back this morning and changed the URL and the permissions and everything is working fine now.
Deb
Deb
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks for the update.
First - have you bounced the 2016 server (seriously!) and is there any firewalls between the servers?
</P>