asked on
EXCHANGE 2013 TO EXCHANGE 2016 Migration
i have started migration of my OLD exchange server 2013 to 2016. installation went smooth and i haven't face any issue.
Since i migrated some of the mailboxes, my users with Exchange 2013 mailboxes getting password re-enter alert on their outlook and users with exchange 2016 mailboxes are not able to connect with outlook. but OWA is working fine without any issue for both users.
Steps i have taken till now,
Exchange 2016 Installation done on Windows Server 2016.
Virtual Directories are configured properly.
Certificate in-placed properly (i am using wild-card certificate) before i was using SSL/SAN certificate for exchange.
DNS entries done( i have both server entries now, old and new)
Just for reference, My server is behind Sohps XG firewall with version 18Mr3
I want to use Exchange 2016 to send my email and exchange 2013 should be sit silent for some time
ASKER
what about OLD exchange 2013 server should also be removed from incoming traffic from public address ? means removing from NAT
yes only you need 2016 NAT
ASKER
its showing
Protocol HTTP
shall i use
Set-OrganizationConfig -MapiHttpEnabled $true
on all the server to get
Exchange RPC protocol
Yes better as MAPI-HTTP is more stable than legacy protocols.
But again it depends on the Outlook compatibility as well.
Enable it so compatible versions will use MAPI-HTTP
ASKER
Once again, thanks, but outlook 2019 is still showing protocol HTTP. i am using LAN connection.
ASKER
Exchange 2016 on-premises, Outlook 2013/2019
When a user is inside the network/on the VPN everything is fine.
When a user brings their laptop outside of our network: Outlook pop-ups asking them to log into their mailbox.
If they enter their domain credentials the pop-up will disappear & reappear immediately.
If they ignore the pop-up they can still send and receive mail!
The lower-right area of the status bar in Outlook says "Needs Password". If you click on that it switches to "Connected to: Microsoft Exchange" until the pop-up returns a few minutes later.
Outlook's Connection Status window shows the connection is established.
Opening Outlook in safe mode does not help.
I ran Get-OutlookAnywhere in EMS:
RunspaceId : ##### ServerName : ##### SSLOffloading : True ExternalHostname : #####.#####.### InternalHostname : #####.#####.### ExternalClientAuthenticationMethod : Negotiate InternalClientAuthenticationMethod : Ntlm IISAuthenticationMethods : {Ntlm, Negotiate} XropUrl : ExternalClientsRequireSsl : True InternalClientsRequireSsl : False MetabasePath : IIS://#####.#####.###/W3SVC/1/ROOT/Rpc Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc ExtendedProtectionTokenChecking : None ExtendedProtectionFlags : {} ExtendedProtectionSPNList : {} AdminDisplayVersion : Version 15.1 (Build 845.34) Server : ##### AdminDisplayName : ExchangeVersion : 0.20 (15.0.0.0) Name : Rpc (Default Web Site) DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=#####,CN=#####,CN=Exchange Administrative Group,CN=Administrative Groups,CN=#####,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=#####,DC=### Identity : #####\Rpc (Default Web Site) Guid : ##### ObjectCategory : #####.###/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
The reason this works inside the network is obviously due to Basic/NTLM authentication, but I don't see why Basic would cause the issue we experience outside.
I have found many forum posts suggesting solutions such as changing Outlook profile options in the security tab (Logon network security, Exchange Proxy Settings, http, etc).
Those profile options are either nonexistent or greyed out in Outlook 2013/2019. I think they might be dictated by Exchange but I am not sure how.
Is this an Outlook Anywhere misconfiguration?
Is this an authentication issue?
Is this a SSL issue?
Any advice is appreciated.
Thank you!
If you configure OutlookAnywhere same as Exchaneg2013 you will not have any issues inside and outside.
-->Is this an authentication issue?
Did you configure IISAuthentication in new server?
-->Is this a SSL issue?
No if it is an SSL issue it will not work even inside.
ASKER
If you configure OutlookAnywhere same as Exchaneg2013 you will not have any issues inside and outside.
i haven't switched to exchange 2016, 2013 in placed till now. exchange 2016 is sitting silent.
-->Is this an authentication issue?
Did you configure IISAuthentication in new server?
Yes, but as i said, i am still using old 2013 Exchange.
-->Is this a SSL issue?
No if it is an SSL issue it will not work even inside.
strange
one strange thing, whenever new email came and user is using outlookanywhere, only that time they are getting popup windows
How did you test Ex2016?
Did you configure autodiscover and certificate as per the aricle posted in my first comment?
ASKER
ASKER
I have migrated my DNS and NAT ip address to new 2016 Server.
If mailbox is on Exchange 2013, it its asking for password after some time.
if mailbox is on Exchange 2016, its asking twice then smooth connection.
Anyway please make sure IISauthentication is configured properly on both RPC and MAPI VDs.
If users at EXCH 2016 have no issues and mailbox only at 2013 has issues, this may be due to authentication redirection.
- Clear credential manager
- Try to recycle MSExchangeAutodiscoverAppPool on Exchange servers.
- Get-OutlookAnywhere | FL Identity,*host*,*auth* (suppose ExternalClientAuthenticationMethod is Basic) create a entry EnableADAL in registry
- Run "Test E-mail AutoConfiguration" to check the URLs for OAB.
Run this command to get the details of Virtual directory and see if everything is set correctly.
Get-OabVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-WebServicesVirtualDirectory | fl server, Name,ExternalURL, InternalURL, *auth*
Get-EcpVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-OutlookAnywhere | fl server, Name, *hostname*, *auth*
Get-OwaVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-MapiVirtualDirectory | fl server, Name,ExternalURL,InternalURL, *auth*
Get-OutlookProvider
Get-ClientAccessServer | fl Name,OutlookAnywhereEnabled, AutodiscoverServiceInternalUri
Get-ExchangeCertificate | fl FriendlyName, Subject, CertificateDomains, Thumbprint, Services, Issuer, *not*
Get-OutlookAnywhere | fl Name, *hostname*, *auth*
Get-ClientAccessArray | fl
You can also check following links:
https://markgossa.blogspot.com/2015/12/exchange-2013-to-2016-migration-part-1.html
https://www.stellarinfo.com/blog/migrate-from-exchange-server-2013-to-2016/
Regards
Kundan
ASKER
i have make some changes and till now its smooth.
one more thing, My mailbox migration with ECP is not working. i have to migrate mailboxes one by one by command line.
note that, I want to migrate some users only.. not whole database to other database
ASKER
One more question
http response headers in IIS ? should we configure or not and what else securities we can apply on exchange
This is not a solution.
Please select all the comments which assisted/helped you which will help other in future.
ASKER
Thanks for you comment, but is it okay to use wildcard cert with Exchange ?