Exchange 2010-2016 Migration Issues

Hypercat (Deb)
Hypercat (Deb) used Ask the Experts™
on
I'm in the process of migrating a single-server Exchange organization from Exchange 2010 to Exchange 2016. I've done this a number of times before and haven't ever run into a problem. Initial installation and setup of the Exchange 2016 server went smoothly. I also did the following steps on the new server:

1. Imported the SSL certificate and assigned it.
2. Configured the SCP and the internal and external Exchange URLs.
3. Configured Outlook Anywhere.
3. Created a single test account on the Exchange 2016 server.

However, when I send a test email from the Exchange 2016 server to a mailbox on the 2010 server, it just sits in the queue and never appears in the 2010 recipient's mailbox. HOWEVER, I have a forward on my 2010 mailbox which sends a copy of all emails to an external email address.  The forward is working fine even though the mail never appears in the local mailbox.

I've tried rechecking all my settings but everything seems to be correct.  The mail queue on the 2016 server shows this error message on the outgoing messages:

[{LED=451 4.4.395 Target host responded with error. -> 451 5.7.3 Cannot achieve Exchange Server authentication};{MSG=};{FQDN=Server2010.domain.com};{IP=IP address of the 2010 server}; (followed by the date and time)

The FQDN "server2010.domain.com" is the internal FQDN of the Exchange 2010 server that's shown on the Client Default receive connector. The authentication settings on the 2010 server for this connector are: TLS, Basic, Integrated Windows Auth, Exchange Server Auth (I added this in my troubleshooting). Permission groups are Exchange servers and Exchange Users.

I also added the IP address of the 2016 server to the IP address scoping on the 2010 connector, even though it already showed the normal "0.0.0.0-255.255.255.255".
I've done some searching on this and have seen a lot of other people having the same issue, but haven't found anything that resolves my issue at this point.

Deb
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Pete LongTechnical Consultant

Commented:
You don't need to add any IP anywhere?

First - have you bounced the 2016 server (seriously!) and is there any firewalls between the servers?

</P>
AmitIT Architect
Distinguished Expert 2017

Commented:
Are you able to telnet between both server on port 25? Can you test telnet and try to submit mail using telnet and share the result.

Author

Commented:
Thanks for the responses, Amit.  I got my issue resolved this morning.  In double-checking the connectors on the 2010 server, I realized that the permissions on the Default connector hadn't been changed.  I had changed the settings on a Client connector instead.  When I tried to change them, I got an error message that the URL had to be changed (it was set to the external URL instead of the internal one). I went back this morning and changed the URL and the permissions and everything is working fine now.

Deb
Solution in previous post.
AmitIT Architect
Distinguished Expert 2017

Commented:
Thanks for the update.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial