Hi people, Coming from a post http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/a1d1e3e4-8b78-4592-8d47-b49f66bbf8d0 im in the last part of migration to exchange 2007 from 2003. Im going to remove the last legacy exchange server, and i have some questions....- Move all mailbox- Move all imp_tree and no_ipm_tree to the 2007- Move the OAB- Move the Public Folder Store Hierarchie to 2007If you see the post mentioned above, you can see that all replicas have been moved, but...if I execute:[PS] C:\Documents and Settings\Desktop>get-PublicFolderStatisticsI can see all the Public Folder list...is it correct?...And... When I tried to use PFAdmin (in a workstation with net framework 1.1, and user with enought permissions), ive got the error:"An error occurred while trying to establish a connection to theexchange server. Be sure that port 443 (for SSL) or port 80 (for non-SSL) can be reached. If you are connecting to public folders, be surethat the public folder store is mounted.Exception : Failed to connect using secure URL.https://servername/exadmin/admin/domainname/public%20folders/ witherror: The remote server returned an error: (503) ServerUnavailable..Failed to connect using unsecure URL.http://servername/exadmin/admin/domainname/public%20folders/ witherror: The remote server returned an error: (403) Forbidden.."Public Folder database mounted, users working allright. Before I have to re-create the public folder hierarchie againsts exchange 2007, the only error about PFAvadmin was about the net framework 1.1 ....In the outlook clients i recieved theSecurity Alertof certificate:"The certificate security name is not valid or doesnt match with the name of the site." (the 3rd option in the screen dialog..., not the first)How can i check the owa certificates???...i think that when I create the ones....there was a problem. We reinstall all the IIS services, and the OWA cliente to repair it, but i think its the server certificate. How can I re-create it?. I have installed Certificated Services in the exchange 2007....

More...if i test the autodiscover :[PS] C:\Documents and Settings\Desktop>Test-OutlookWebServices | Format-List Id : 1003Type : InformationMessage : About to test AutoDiscover with the e-mail addressadmin@domain.es. Id : 1007Type : InformationMessage : Testing server server.domain.lan with the published name https://s erver.domain.lan/EWS/Exchange.asmx & . Id : 1019Type : InformationMessage : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://SERVER.domain.lan/Autodiscover/Auto discover.xml. Id : 1005Type : ErrorMessage : When accessing https://server.domain.lan/Autodiscover/Autodiscover .xml the error "RemoteCertificateNameMismatch:CN=server" was report ed. Id : 1006Type : InformationMessage : The Autodiscover service was contacted at https://SERVER.domain.la n/Autodiscover/Autodiscover.xml. Id : 1016Type : SuccessMessage : [EXCH]-Successfully contacted the AS service at https://server.doma in.lan/EWS/Exchange.asmx. The elapsed time was 750 milliseconds. Id : 1015Type : SuccessMessage : [EXCH]-Successfully contacted the OAB service at https://server.dom ain.lan/EWS/Exchange.asmx. The elapsed time was 0 milliseconds. Id : 1014Type : SuccessMessage : [EXCH]-Successfully contacted the UM service at https://server.doma in.lan/UnifiedMessaging/Service.asmx. The elapsed time was 968 milli seconds. Id : 1016Type : InformationMessage : [EXPR]-The AS is not configured for this user. Id : 1015Type : SuccessMessage : [EXPR]-Successfully contacted the OAB service at . The elapsed time w as 0 milliseconds. Id : 1014Type : InformationMessage : [EXPR]-The UM is not configured for this user. Id : 1013Type : ErrorMessage : When contacting https://correoweb.domain.es/Rpc received the error The remote name could not be resolved: 'correoweb.domain.es' Id : 1017Type : ErrorMessage : [EXPR]-Error when contacting the RPC/HTTP service at https://correoweb. domain.es/Rpc. The elapsed time was 15 milliseconds. Id : 1006Type : SuccessMessage : The Autodiscover service was tested successfully. Id : 1021Type : InformationMessage : The following web services generated errors. Contacting server in EXPR Please use the prior output to diagnose and correct the errors.And, If I go to https://server.domain.lan/autodiscover/autodiscover.xmlthe pages doesnt open, without error...but with http, it shows me certificate error...and then same, not open. (CNAME with autodiscover value create in the dns)I think I have a problem with:-autodiscover-Certificate of Exchange Server "server", or with IIS certificate...I have the directories EXADMIN, EXCHANGE and PUBLIC, empty in the IIS....is it normal???thanks a lot

Dont know why....but at this moment it has changed the access to the web https://server.domain.lan/autodiscover/autodiscover.xml:<?xml version="1.0" encoding="utf-8" ?> - <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> - <Response> - <Error Time="17:41:04.6960000" Id="4119361714"> <ErrorCode>600</ErrorCode> <Message>Invalid Request</Message> <DebugData /> </Error> </Response> </Autodiscover>

Ok, let's start one by one... Autodiscover: Follow below article and make sure that autodiscover service is configured properly... How to Configure Exchange Services for the Autodiscover Service http://technet.microsoft.com/en-us/library/bb201695.aspx Certificate: Can you post Get-ExchangeCertificate | FL output to here? You may need to generate new certificate request from Exchange with all host names and register with your CA and import it back on Exchange server. Securing an Exchange 2007 Client Access Server using a 3rd party SAN Certificate http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html You can use DigiCert's csr command generator tool to get New-ExchangeCertificate cmdlet easily for your use... DigiCert's Exchange 2007 CSR Tool https://www.digicert.com/easy-csr/exchange2007.htm You can also run a test forWeb Services Connectivity at below site... https://www.testexchangeconnectivity.com/Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com

Ok, RE-Create and install the exchange certificate again, error from outlook clients dissappear. :) Now, ive got some certificates, i know i could delete someones...but which ones??? :[PS] C:\Documents and Settings\Desktop>Get-ExchangeCertificate | FL AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {webmail.domain.es, domain.es,dom ain.lan, server, server.domain.lan, autodiscover.dom ain.es, autodiscover.domain.lan}HasPrivateKey : TrueIsSelfSigned : FalseIssuer : CN=server, DC=domain, DC=lanNotAfter : 10/06/2011 10:54:09NotBefore : 10/06/2009 10:54:09PublicKeySize : 2048RootCAType : RegistrySerialNumber : 29757E99000000000004Services : IMAP, POP, IIS, SMTPStatus : ValidSubject : CN=webmail.domain.es, O=domain, DC=domain, DC=esThumbprint : 275FEE1486D4AEF7579F630C8348894D2A005DCB >>>>> THE GOOD ONE, the NEW re-CREATE <<<<<<<< AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule}CertificateDomains : {server}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=server, DC=domain, DC=lanNotAfter : 08/05/2014 14:03:00NotBefore : 08/05/2009 13:53:55PublicKeySize : 2048RootCAType : RegistrySerialNumber : 2F3ECA0D06D7B3804EF1F4CA34EA6ED1Services : NoneStatus : ValidSubject : CN=server, DC=domain, DC=lanThumbprint : ECDA3669683715FB00A5B02EB3CDDAFD8EEE6343 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule}CertificateDomains : {server}HasPrivateKey : TrueIsSelfSigned : FalseIssuer : CN=server, DC=domain, DC=lanNotAfter : 08/05/2011 13:36:10NotBefore : 08/05/2009 13:36:10PublicKeySize : 2048RootCAType : EnterpriseSerialNumber : 6119E584000000000005Services : NoneStatus : UnknownSubject : CN=serverThumbprint : 9DD0D3444945FD02287756C3ADF66E05BC59BA5E AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {SERVER, SERVER.domain.lan}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=SERVERNotAfter : 24/03/2010 18:58:48NotBefore : 24/03/2009 18:58:48PublicKeySize : 2048RootCAType : NoneSerialNumber : F208A7B18F73AD824AB2F6CE9F7E47A8Services : SMTPStatus : ValidSubject : CN=SERVERThumbprint : 2C2562D632A64A6DBE8157B9C395CBA81AC724C4 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {SERVER, SERVER.domain.lan}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=SERVERNotAfter : 05/03/2010 17:20:30NotBefore : 05/03/2009 17:20:30PublicKeySize : 2048RootCAType : NoneSerialNumber : 8EB6DC56AF0960824C689C10A6FD138CServices : SMTPStatus : ValidSubject : CN=SERVERThumbprint : E2CCF09DF85CFC829737C8582C1692A7E354795D-- Should I have to create External DNS Records??? (autodiscovery, or SRV, or SCP, _autodiscover???....)-- The exact error in the pfvadmin was:"An error occurred while trying to establish a connection to theexchange server. Be sure that port 443 (for SSL) or port 80 (for non-SSL) can be reached. If you are connecting to public folders, be surethat the public folder store is mounted.Exception : Failed to connect using secure URL.https://servername/exadmin/admin/domainname/public%20folders/ witherror: The remote server returned an error: (401) ServerUnavailable..Failed to connect using unsecure URL.http://servername/exadmin/admin/domainname/public%20folders/ witherror: The remote server returned an error: (403) Forbidden.."Thanks

You can remove all other certificates except new working one with below cmdlet... Remove-ExchangeCertificate -Thumbprint XXXXXXXXXXXXXXXXXXX You need to create External DNS record for autodiscover if you are going to give access of outlook anywhere toyour users. About Public Folders, yes those legacy Exchange directories (EXADMIN, EXCHANGE and PUBLIC) should be empty. Can you run ExBPA and see if you get any error related to public folders? Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com

Ok, I think the only thing its on the air...are the public folders. If I execute ExBPA the only warnings are:-Offline Address book site public folder delete (Its the reference to OAB in the legacy server that i am going to eliminate...). Now the OAB its on the new Exchange 2007 server.-Missing FQDN in service principal name: Reference to the legacy exchange server that i am going to eliminate...- Exchange server (EDGE TRANSPORT) cannot be contacted (the server out of domain).So, how can I resolve the access to the public folders against the PFVADMIN utility?....against the Tool box utility its posible, but we have the permisson modify restrictions....(only against the outlook...). And, could be that any advice about something wrong??thanks

And....is It normal that when I "lost" the hierarchie folder (and I had to recreate it...) all the outlook 2003 clients were with the error that they cant log to the exchange mailbox, contact the administrator?....but the outllook 2007 not???.....am I going to have problems with the removing of the exchange 2003 server???thanks

Do you use an account which has Exchange Organization Administrator and/orExchange Public Folder Administrator permission or member of those groups?Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com

To connecto to the PFDAdmin??, yes, both of them...

Ok, problems....If I tried to connect with the PFDAVAdmin to the legacy exchange server....I CAN....but to the exchange 2007, it display the mentioned error (opsssss)How could this be possible??, there are NOT Public Folder Database on the exchange 2003, its deleted...and the hierarchie public folder is in the Exchange 2007 (re-generated by the adsiedti...)

Any suggestions?