Exchange 2007 migrations - CAS issues

[Digital-Vortex]

Hey everyone, need to seek some guidance on this one.

I am moving our exchange 2007 server to a new machine. still running exchange 2007.
We have gone from server 2003 to 2008R2.

Currently I have moved all the roles over except the Client Access Server role. The new server works fine and mail is going in and out fine, however when I change the firewall to point to the new server for ports 443 and 80 outlook anywhere decides to stop. Webmail is fine, so is iPhones etc but not outlook.

The SSL has been exported from the 2003 with the private key and imported into IIS yet when outlook starts an auto discover it comes back saying the cert is not for the right site. then it just wont connect. Preconfigured outlook wont connect either.

Exchange test site is failing to connect too. Anyone have any ideas as i know I am missing a step somewhere.

Thanks

 

[Nate7311]

2 Questions...

What kind of cert? What's the name(s) on the cert?

 

[C7J0yc3]

Did you point your datashares to the new CAS server? Usually you only have to worry about this when you are using CASarrays but it sounds like this is your problem.

To fix it, pull up EMS and type in this command

"Set-MailboxDatabase DB1 -RpcClientAccessServer “outlook.school.edu”

Where "DB1" is your mail database (if you don't know it use Get-MailboxDatabase) and "outlook.school.edu" is the internal FQDN of your new CAS server.

 

[Digital-Vortex]

last admin purchased it so not 100%.
As far as I can tell its one cert for mail.domain.com.

 

[Digital-Vortex]

Hi C7,
When i run the "Get-MailboxDatabase" command it is pulling up the lists of mail stores on both theold and new server. So it knows about them all.

 

[C7J0yc3]

Anything in the exchange organization it can see. If you have multiple databases instead of doing them individually you can just do

Get-MailboxDatabase Set-MailboxDatabase -RpcClientAccessServer “outlook.school.edu"

Then again if you only have one mailstore on the new server with all the accounts in it, and one empty one on the old server, there is no reason to update the old server's mailbox DB.

 

[tommy2684]

First, you need to make sure Outlook Anywhere is enabled on the new CAS Server. Then, I highly recommend that you re-key your certificate..meaning that you initiate a new certificate request from the new CAS server, send that request to your certificate authority (GoDaddy, Digicert, etc), and then install the new certificate on the new CAS server.

Also, did you change your autodiscover.domain.xxx DNS record to point to your new CAS Server?

I have found that using www.textexchangeconnectivity.com will be the best place to start if you have a problem with your CAS server. It will tell you what problems exist and how to fix them.

 

[Digital-Vortex]

Ok, further testing.
If i point ports 80 and 443 to the existing server, auto discover works (exchange test site says it fails) with a pop up about the certificate not being for the right sight (autodiscover.domain.com rather than the certificates mail.domain.com).
Auto discover works though and outlook 2010 can connect just fine.

If i point ports 80 and 443 to the new server, it asks me to accept the cert, but cannot get any details and unable to connect.

Very annoying.

 

[Bookmage]

I second using https://www.testexchangeconnectivity.com

are you using a UC cert w/SAN? you might be missing a domain name or two in your cert which is why it prompts for the cert approval.