Cannot switch off Exchange 2007 Structure after Migration to 2013

Hi there,

I did a migration in a single domain with 100 users from 2 CAS (NLB) + 2 MBX (CCR-Cluster) 2007 to 2013 mostly according to this tutorial:

http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part1.html

It all went quite well and the environment is in production for 2 weeks now, Im a little bit confused about Outlook (PC) is talking about a bad Certificate on the proxy (mail.mydomain.de, which is a good one!) with error code "0", but OK, I though as soon I can switch Echange 2007 off this will be gone.

BUT:

As soon as I switch off the old infrastructure then strange things happen:

Outlook-PC: Users will repeatedly asked for their credentials  

Outlook-Mac: Everything is working

Outlook-iOS: Everything keeps working

OWA-APP iOS: stopped connecting at all

OWA on any Desktop: Everything is fine

Apple Mail on iOS: stopped connecting at all


I switched the SCP for 2013 Server:

"Set-ClientAccessServer -Identity Exchange2013 -AutoDiscoverServiceInternalURI https://autodiscover.mydomain.de/Autodiscover/Autodiscover.xml"

I marked the old SCP-entries from the Exchange 2007 CAS hidden for everyone in AD

I set OWA to point to the Exchange 2013:

Set-OutlookAnywhere -Identity "exchange2007\RPC (Default Web Site)" -internalHostname mail.mydomain.de -internalClientsRequireSsl $true -DefaultAuthenticationMethod ntlm

The Autodiscover-Tests Outlook processes on client side ist completely successful.

Any ideas what is missing?

Thank you.

PS: Sorry for the bad formatting, but this editor is strange running on Safari!


  • Edited by F.One Wednesday, August 05, 2015 4:17 PM
August 5th, 2015 4:15pm

Thank you for your fast input.

1+2: Yes!

3. Maybe there I do miss something:

- autodiscoverinternalserviceURI is set, ecp, too:

Name        : ecp (Default Web Site)
InternalUrl : https://mail.mydomain.de/ecp
ExternalUrl : https://mail.mydomain.de/ecp

for the following assume:

"trinculo" and antares" are Exchange 2007 CAS, published as "berlin" (NLB)

"Exchange" ist 2007 MBX CCR

XS1 & XS2 are Exchange 2013 CAS&MBX

Get-OWAVirtualDirectory

Name                                    Server                                  OwaVersion
----                                    ------                                  ----------
owa (Default Web Site)                  TRINCULO                                Exchange2007
Exchange (Default Web Site)             TRINCULO                                Exchange2003or2000
Public (Default Web Site)               TRINCULO                                Exchange2003or2000
Exchweb (Default Web Site)              TRINCULO                                Exchange2003or2000
owa (Default Web Site)                  ANTARES                                 Exchange2007
Exchange (Default Web Site)             ANTARES                                 Exchange2003or2000
Public (Default Web Site)               ANTARES                                 Exchange2003or2000
Exchweb (Default Web Site)              ANTARES                                 Exchange2003or2000
Exchange (Default Web Site)             exchange                                Exchange2003or2000
Public (Default Web Site)               exchange                                Exchange2003or2000
Exadmin (Default Web Site)              exchange                                Exchange2003or2000
owa (Default Web Site)                  XS2                                     Exchange2013
owa (Default Web Site)                  XS1                                     Exchange2013


Get-OabVirtualDirectory

Server                        Name                          Internal Url                  External Url
------                        ----                          ------------                  ------------
TRINCULO                      OAB (Default Web Site)        http://berlin.mydomain.de... http://berlin.mydomain.de...
ANTARES                       OAB (Default Web Site)        http://berlin.mydomain.de... http://berlin.mydomain.de...
XS2                           OAB (Default Web Site)        https://mail.mydomain.de/OAB https://mail.mydomain.de/OAB
XS1                           OAB (Default Web Site)        https://mail.mydomain.de/OAB https://mail.mydomain.de/OAB


Get-WebServicesVirtualDirectory

Name                                    Server                                  InternalUrl
----                                    ------                                  -----------
EWS (Default Web Site)                  TRINCULO                                https://berlin.mydomain.de/EWS/Exch...
EWS (Default Web Site)                  ANTARES                                 https://berlin.mydomain.de/EWS/Exch...
EWS (Default Web Site)                  XS2                                     https://mail.mydomain.de/EWS/Exchan...
EWS (Default Web Site)                  XS1                                     https://mail.mydomain.de/EWS/Exchan...



  • Edited by F.One Wednesday, August 05, 2015 4:43 PM
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2015 4:42pm

 

Are you using a SAN SSL certificate? What domain names do you have in the certificate?

Can you check the Autodiscover internal url (get-clientaccessserver | fl name,auto*) and post what URLs they point to.

I marked the old SCP-entries from the Exchange 2007 CAS hidden for everyone in AD


How did you do this? You should have just had to update internal url on these to point to the 2013 CAS.

What server does mail.mydomain.de resolve to?

What's the internal and external url for Outlook Anywhere?

Edit: just to make sure I'm clear, you have migrated all mailboxes to 2013 correct? You are essentially done with coexistence?
  • Edited by in2jars Wednesday, August 05, 2015 5:09 PM
August 5th, 2015 5:07pm

Hi F.one,

Thank you for your question.

In term of outlook on PC, we could rebuild the outlook profile to check if the issue persist.

Then we could check if the outlook authentication is same with Exchange server side. We could check outlook side by the following steps:

  1.        Navigate to File->Account Setting->Account Setting->Setting-><user@contoso.com>->More Settings->Connection->Exchange proxy Setting
  2.        then we could check the value of "Proxy authentication setting"

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

Free Windows Admin Tool Kit Click here and download it now
August 7th, 2015 7:23am

Hi Jim,

thank you for your reply.

Meanwhile I forced all the 2007 servers to shutdown while hiding old PublicFolder- or SCP Entries in AD from being read by anybody. 

During migration I switched already all Clients and Servers to NTLM-Auth and at the very Moment it looks like that:

esp. Outlook 2007 askes 5 times for Credentials during initial Startup and I could see it in the connection pane:

First it opens one connection to mail.mydomain.com and askes for credentials. Given that, it opens a connection to the Database-GUIDmydomain.com and asks for credentials. After that it connects to the DatabaseGUID@mydomain.com, where the new public folders are hosted and asks for credentials, the same during the connect now to the DC and again while connectiong once more to mail.mycompany.com.

I did delete all saved Passwords in control panel and created new entries for mail.mydomain.com and the DC with no effort.

This is not a good user experience at all :-(

And as if this is not worse enough: The mobile Lync-Clients (iOS, Windows mobile) cannot connect to exchange anymore.

August 7th, 2015 9:59am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics