Transition from Ex2003 to Ex2010

Status
Not open for further replies.
R

Rglide

Desperate plea for some help.

I'm having a lot of trouble with ext/internal OWA access.

My domain root <mydomain.com> is hosted by another company which hosts our website which causes some autodiscover issues. I host the mx record mail.mydomain.com on GoDaddy which points to 155.43.3.5. Internally, I use mydomain.local.

I have one 2003 ExchangeSP2 server called oldmail.mydomain.local

I installed one Exchg 2010 CAS/HT server and one Exchg 2010 MailBox server. I created A records for autodiscover and legacy.mydomain.com on GoDaddy and received and applied a new UCC for autodiscover.mydomain.com/local, legacy.mydomain.com/local, email.mydomain.com, oldmail.mydomain.local, and exchg2010-cas.mydomain.local.

I pointed autodiscover.mydomain.com and legacy.mydomain.com the the same ext IP as mail.mydomain.com. Internally, I created and pointed legacy.mydomain.local to the IP for oldmail. I pointed mail.mydomain.com (in its own mail.mydomain.com zone) to the IP for exchg2010-cas.mydomain.local.

I created an automatic redirect in C:\Inetpub\wwwroot\Default.htm to the user can continue to use just https://mail.mydomain.com

Externally, my problem is if I use https://mail.mydomain.com or try Outlook 2007, it won't connect. If I use https://mail.mydomain.com/owa it will connect but will only authenticate if the user has a Ex2010 mailbox. if its a 2003 mailbox then it says it can't connect because of recent config changes.

Internally, https://mail.mydomain.com doesnt resolve (the address bar just flickers) and https://mail.mydomain.com/owa tries to redirect to legacy.mydomain.com rather than legacy.mydomain.local, which won't work because of no loopback on the firewal. I don't remember if Outlook 2007 connects.

Currently so we can continue to use email, I set the firewall back to the 1-to-1 nat pointing to the oldmail IP. That lets us use OWA https://mail.mydomain.com and Outlook rpc over https. I'm not sure why it works since I disabled rpc over https on oldmail.

I followed the TechNet Deployment Checklist in addition to several other ste-by-step articles. However, none seemed to cover the .com/.local scenario.
 
R

Rglide

I had initially set the firewall to direct traffic to the new cas server, both smtp and https. However, from external, Outlook07 would not connect at all and if I used the url mail.mydomain.com/owa I'd get a login box. If I used an account that was on Ex2010 it would work, if I used a Ex2003 account it would not redirect and I'd get an error that recent changes prevent access.

So, I had to change the FW back to directing https traffic back to the oldmail server.

As soon as I get it working, I'll begin migrating all 2003 mailboxes over to 2010. However, it will probably take a week or so to complete.

A couple notes, now that I've had some sleep, in reference to certificates. Importing into EX2010 is easy. Importing/replacing into Ex2003 was a little confusing based on the online ste-by-steps that I read. Although I don't recall which one, it advised to export the cert from Ex2010 into a pfx file, copy to your Ex2003 box, right-click and install. Not that simple. After exporting and copying to your Ex2003 server, you have to use IIS, remove the old certs, then add the new cert. Now this may be becuase I was still using the oldmail (Ex2003) server and directing the FW traffic to it. Once I get the other issue sorted out, all smtp/https should go through the CAS. I'm not sure that the cert will be significant.

Do I need to open a case? I've gone through so many TechNet and EHLO articles, not to mention other guides (WindowsITPro) that my head hurts.

Breck
 
M

Mumin CICEK [MVP]

hi,

you said " However, from external, Outlook07 would not connect at all and if I used the url mail.mydomain.com/owa I'd get a login box"

you can connect via owa but not with outlook 2007...

how do you want to connect outlook 2007 to your exchange server from external of your organizaton?

did you enable OA on exchange server 2007? and also you need public SSL to connect exchange server with Outlook anywhere.

can you try this please.

regards,

Mumin CICEK | Exchange - MVP | www.cozumbilisim.com.tr | www.mumincicek.com | www.cozumpark.com
 
R

Rglide

I was able to connect with owa, as long as the mailbox was on my 2010 Mailbox server. I want to connect to be able to connect to exchange from externally and internally with both OWA and Outlook 2007/2010.

I don't have a 2007 Exchange server. I have a legacy 2003 and just added a 2010 CAS/Hub server and a 2010 mailbox server. OA is enabled on the 2010 server.

As stated above I have a new UCC for autodiscover.mydomain.com and local, legacy.mydomain.com and local, email.mydomain.com, oldmail.mydomain.local, and exchg2010-cas.mydomain.local. It's a public UCC from GoDaddy.

I also ran these PS commands,

Set-OwaVirtualDirectory -Identity " Exchg2010-CAS\OWA (Default Web Site)" -ExternalURL https://mail.mydomain.com/owa -FormsAuthentication $True -BasicAuthentication $True

Set-OABVirtualDirectory -identity " Exchg2010-CAS\OAB (Default Web Site)" -externalurl https://mail.mydomain.com/OAB -RequireSSL:$true

Set-WebServicesVirtualDirectory -identity " Exchg2010-CAS\EWS (Default Web Site)" -externalurl https://mail.mydomain.com/EWS/Exchange.asmx -BasicAuthentication:$True

Set-ECPVirtualDirectory -Identity " Exchg2010-CAS\ECP (Default Web Site)" -ExternalURL https://mail.mydomain.com/owa -FormsAuthentication $True -BasicAuthentication $True

Enable-OutlookAnywhere -Server Exchg2010-CAS -ExternalHostname " mail.mydomain.com" -ExternalAuthenticationMethod " Basic" -SSLOffloading:$False

$OABVDir=Get-OABVirtualDirectory &ndash;Server Exchg-CAS
$OAB=Get-OfflineAddressBook &ldquo;Default Offline Address List&rdquo;
$OAB.VirtualDirectories += $OABVdir.DistinguishedName
Set-OfflineAddressBook &ldquo;Default Offline Address List&rdquo; &ndash;VirtualDirectories $OAB.VirtualDirectories

Move-OfflineAddressBook &ldquo;Default Offline Address List&rdquo; &ndash;Server Exchg2010-MB

Is there further information that I can provide?

Breck
 
S

skipster

Your front end exchange 2003 server needs to be configured for formbased authentication, and it also needs to set to " integrated authentication" are these settings configured?Bulls on Parade
 
R

Rglide

Are you sure you don't mean that Integrated Windows authentication just need to be enabled on the Microsoft-Server-ActiveSync virtual directory on the Exchange 2003 server, not the entire Default Web Site? Then yes, that was done also.Breck
 
R

Rglide

Fixed this:

Internally, https://mail.mydomain.com doesnt resolve (the address bar just flickers) and https://mail.mydomain.com/owa tries to redirect to legacy.mydomain.com

I forgot to add the /owa to the end so that user can just type mail.mydomain.com

<html>
<head>
<meta http-equiv=" refresh" content=" 0;url=https://mail.mydomain.com/owa" >
</head>
</html>

Then, the -Exchange2003URL should resolve to the internal name, which for us is https://legacy.mydomain.local/exchange

Set-OWAVirtualDirectory Exchg2010-CAS\OWA* -ExternalURL https://mail.mydomain.com/OWA -Exchange2003URL https://legacy.mydomain.local/exchange

Breck
 
R

Rglide

OK,

If -Exchange2003URL resolves to the internal name (.local), then it won't connect from external since it can't resolve a .local address

Can access 2010 mailboxes from external and internal using both Outlook 2007/2010 and OWA.

The problem now is with Exchange 2003.

Can connect to 2003 mailboxes with Outlook 2007/2010 internally.

Can access 2003 mailboxes internally with OWA only if using legacy.mydomain.local (not .com). I can't use mail.mydomain.com or legacy.mydomain.com.

Can NOT access 2003 mailboxes with Outlook 2007/2010 or OWA externally. I get a 404 - File or directory not found.

Breck
 
R

Rglide

I must say that I'm pretty disappointed in the " Priority Support for TechNet Members" . After five days of waiting for help and providing as much information as I could think of, I got nothing but one guy asking questions that were answered in the original post and someone else asking about two other check marks.

I ended up having to burn two of my TechNet support incidents.

BTW, if you are doing a transition and have to call because OWA and Outlook won't connect, and the Public Folders aren't replicating over to the new 2010 server, that's three different support calls. Fortunately, I had a great tech that took care of OWA and covered Outlook under " value added" because it was an easy fix.

Breck
 
Status
Not open for further replies.
Top