Exchange 2010 & different domains

Similar Messages

• Message looping between Exchange 2003 & Exchange 2010 after domain type changed to internal relay

  Hi
  We have a coexistence environment where we are currently migrating from Exchange 2003 to 2010 and have 80% of the users already on the Exchange 2010 platform. This is all within the same AD forest, let's call it FOREST1.AD.
  The problem I'm seeking help about is a message routing problem we had this morning where messages bound for the Exchange 2003 users started looping between Exchange 2003 and Exchange 2010. The problem started as a result of changing the accepted domain
  type to 'internal relay domain' for the purposes of establishing SMTP namespace sharing with an external Exchange environment (different forest, let's call it FOREST2.AD). The expectation was that after changing the domain type from authoritative to 'internal
  relay domain', Exchange 2010 would route messages for unknown recipients to the external environment and that would be the only effect of the change. The message routing to the external environment worked completely OK. However, later we noticed that Exchange
  2003 stopped delivering messages to its local users and started routing them to Exchange 2010 which would route the messages back to Exchange 2003 as that's where the recipients existed, only to have Exchange 2003 send them back to Exchange 2010 again.
  The Send connector to route the messages, for the shared namespace, to the external environment used the Exchange 2010 server as the source server. It makes sense and is expected that Exchange 2003 would send messages for any unknown recipients to Exchange
  2010 for onward delivery via the Send connector. But it is not expected for Exchange 2003 to not deliver messages to its own users using the store driver and instead routing them on to Exchange 2010.
  We fixed the problem by reversing the change and not only changed the domain type back to authoritative but also removed the Send connector for the specified shared namespace. However, we do need to understand why this problem happened and how to stop it
  from happening.
  We did test the shared SMTP namespace configuration using a test domain before applying the change to the domain that is used for production email traffic. Test users on Exchange 2003 with email addresses on the test domain did not experience this looping
  problem. This has been tested again after the production domain experienced the problem and there is no looping for the test domain. The only difference I noticed between the configuration for the test domain and the production domain is that while both domains
  existed as accepted domains of type 'internal relay domain' in Exchange 2010, there was a difference in configuration in Exchange 2003 where the test domain was not present on the recipient policy at all and the production domain was present there.
  This also makes me wonder if Exchange 2003 and Exchange 2010 in the same organization keep a separate configuration to determine which domain they are authoritative for. When you install Exchange 2010, it does add all the domains on the recipient policies
  to the accepted domains configuration but any new domains you add in accepted domains in Exchange 2010 are not added to the legacy recipient policy object.
  Can someone please help clarify these grey areas and explain why the message looping was created and how to avoid it. I'm happy to provide any further information.
  Thanks
  Nauman.

  Hello,
  Why do you want to use the 'internal relay domain' authentication?
  Thanks,
  Simon Wu
  TechNet Community Support

• Exchange 2010 accepted domain and email address policy

   So I need some help as to which accepted domain is right for us. We are a single forest single domain that is subbed to a parent domain.
  sub.domain.com
  We run our own exchange 2010 separate from domain.com.  We want all mail to show up as @domain.com for our users.  The @domain.com will be configured to forward to @sub.domain.com.  This is free Linux mail server that is separate from us.
  In order to configure an email address policy for @domain.com I need to pick from the 3 types.  I am pretty sure we are not authoritative for @domain.com (they are the parent).  So it is either an internal relay or external relay.  We all
  use the same networking, and our DNS servers point to domain.com as forwarders and they host a secondary copy of our DNS.
  It is a little unclear as to which to use.  I have gone to each account individually to test, and that works perfectly, but I would like to set this Globally.
  Thanks
  Tim

  Hello,
  Thank you for your post.
  This is a quick note to let you know that we are performing research on this issue.
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Exchange 2010 and 2013 coexisting in separate trusted AD Forests, same email domain.

  Im in a bind here.
  Here is my scenario: We have domain 1, lets call this old-domain.corp that has an exchange server 2010 with MBX, CAS and HT role. We created a new domain, lets call this new-domain.corp that we migrated all our users AD accounts using ADMT from our old domain
  to our new-domain.corp.  We have both domains trusted two way, and we converted all our mailboxes on our old exchange 2010 server in our old domain to “linked mailboxes” with the owners of the mailboxes belonging to their new-domain.corp accounts. 
  This all works well currently.
  What im trying to do now is have mailboxes live natively in the new-domain.corp on the new exchange 2013 server (only MBX role) I just built, whilst still having mailboxes working on our old-domain.corp while we migrate the mailboxes to the new.  What
  is the best way to achieve this?  Right now I can create new mailboxes on the new server and send emails (using owa), but receiving is an issue since once mail is routed to my exchange 2010 (old) server it doesn’t keep going to the new exchange 2013 server.
  Some details
  Exchange 2010 – old-domain.corp – MBX, CAS, HT – latest rollup and exchange updates as of a week ago.
  Exchange 2013 – new-domain.corp trusted two way with old domain - MBX
  140 users - Single email domain name space
  All on premise
  Thank you,

  Hi 
  In your case first you would need to bring Exchange 2013 CAS into the new domain.
  Point all the web services URL to the Exchange 2013 CAS server 
  Redirect your firewall to receive all  the emails to Exchange 2013 server
  Then you would need to preparemove request and then once the objects are created then you would need to run new move request to move all the mailboxes from old domain to the new domain
  One good article for your reference
  http://msexchangeguru.com/2013/11/03/e2013crossforestmigration/
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)

• Exchange 2010 coexist with exchange 2013

  Hi All ,
  Planning to have a coexistence scenario in my environment which is mentioned below
  Exchange 2010 - ambiguous url in place - OA enabled 
  For mapi/rpc traffic - mail.domain.in -  exchange 2010
  For https traffic - mail.domain.in - exchange 2010
  mail.domain.in will get resolved in to cas array in exchange 2010 .
  After coexistence On our side we are not going to move the mail.domain.in namespace to exchange 2013 , Instead of that we are going to use a new namespace in exchange 2013 for internal outlook anywhere and it will be outlookmail.domain.in and for the remaining
  exchange 2013 services like pop,imap,owa,active sync url's,external OA will be having mail.domain.in as same as exchange 2010 namespace.
  just consider outlookmail.domain.in is available on the san certificate installed in exchange 2013.
  Note : 
  On my ide I would assume Internal outlook 2010 mapi users will connect directly to exchange 2010 servers on the namespace mail.domain.in
  Likewise i would assume Internal outlook anywhere 2013 users will connect directly to exchange 2013 servers on the namespace outlookmail.domain.in
  Services like pop,imap,owa,active sync ,external OA connections for both exchange 2010 and exchange 2013 from the external world will be routed from firewall to exchange 2013 servers .Then https traffic for exchange 2010 mailbox users will be proxied to 2010
  exchange server via exchange 2013 server.
  question : I would like to know above mentioned scenario is possible or not ?
  On my side I know in my environment i am having ambiguous url's in place and at the same time i don't want the exchange 2010 internal outlook users to connect via exchange 2013 rpc over http even though OA is enabled on exchange 2010.
  So simply i can say i need my internal exchange 2010 mailbox users has to connect via tcp/ip.
  All of you tell me your valuable suggestions.
  Regards
  S.Nithyanandham

  Hi,
  Going Straight to the point... and answering your question...
  The scenario above IS possible For a while... But going ahead in the migration process, You'd face problems once the Exch2013 doesn't know how to handle MAPI connections:
  As per Exchange Team...
  In this scenario where both the MAPI/RPC and HTTP workloads are using the same FQDN you cannot successfully move the FQDN to CAS 2013 without
  breaking your MAPI/RPC client connectivity entirely. I repeat, your MAPI/RPC clients will start failing to connect via MAPI/RPC once
  their DNS cache expires after the shared FQDN is moved to CAS 2013.
  As their recommendation, and I would tell you too by experience, the best option is to really use different internal and external URLs for the clients to connect to.
  change your design to use a specific internal-only FQDN for MAPI/RPC clients. If you are in the middle of a 2010 deployment using an Ambiguous
  URL I recommend you change your ClientAccessArray FQDN to a unique name and update the mailbox database RpcClientAccessServer values
  on all Exchange 2010 mailbox databases accordingly. Fixing this item mid-migration to Exchange 2010 or even in your fully migrated environment will ensure any newly created or manually repaired Outlook profiles are protected, but it will not automatically
  fix existing Outlook clients with the old value in the server field. 
  So the overall for this first point is to enable the OA for all internal users, so as to ease the migration process in the future, even if for the time being its not necessary.
  Also another point you should take into consideration is the version of yours OLK versions, as the minimum supported are as per below:
  Outlook 2007: 12.0.6665.5000 (SP3 + the November 2012 Public Update or any later PU)
  Outlook 2010: 14.0.6126.5000 (SP1 + the November 2012 Public Update or any later PU)
  Outlook 2013: 15.0.4420.1017 (RTM or later)
  I don't know the size of you network, but it might be necessary for you to use an inventory tool in order to identify that.
  As advised, its really worthy to have a look at the following article, thus to clarify your view about this issue.
  Ambiguous URLs and their effect on Exchange 2010 to Exchange 2013 Migrations
  From <http://blogs.technet.com/b/exchange/archive/2013/07/17/3574451.aspx> 
  Hope it can help you!
  Cheers,
  Think before you ask, give detail as much as possible, then ask and you will get help! Always have in mind, people do not guess! :)

• Exchange 2010 upgrade issue

  dear 
  we are in the process to upgrade our exchange 2003 to exchange 2010, our domains are 2003 and the functional level is 2003.
  every time i run the pre deployment analyzer i get this massage
  Active Directory site 'SITENAME' does not contain any global catalog servers running Windows Server 2003 Service Pack 1 or later. This will prevent Exchange 2010 servers from
  being installed into site 'SITENAME'.
  can any one help me 

  Hi,
  Based on my research, Exchange Best Practices Analyzer v2.8 should not be used to scan Exchange Server 2007 and Exchange Server 2010. In Exchange Server 2007 and Exchange Server 2010, the Best Practices Analyzer is installed during Exchange Setup and can
  be run from the Exchange Management Console Toolbox. Thus, I’d like to confirm your BPA version:
   http://social.technet.microsoft.com/Forums/exchange/en-US/158f4eca-917b-455c-9a99-5294f601e75b/exchange-bpa-28?forum=exchangesvrdeploylegacy
  And here is a more similar thread:
  http://social.technet.microsoft.com/Forums/exchange/en-US/83798a09-51ca-4c7c-9cc2-63f8ccd2f181/migration-to-exchange-2010?forum=exchange2010
  Thanks,
  Angela Shi
  TechNet Community Support

• Exchange 2010 IIS Redirect not working

  Hi, this is our first time posting. Our http to https redirects in IIS seem to not want to work. Our setup before this happened consisted of the default website redirecting to "https://webmail.lsgnet.com/owa". This worked perfectly until the
  installation of our new certificate. We have tried both the standard http redirect option under default website as well as a rule in the URL rewrite module. neither seem to want to work for redirecting to https. The HTTP redirect seems to *want* to work as
  when its enabled, it successfully points "https://webmail.lsgnet.com" to https://webmail.lsgnet.com/owa". however it will not do the same for http (worked previously this way with old cert.) We attempted to disable the http redirect and instead
  use the URL rewrite module following the instructions here: http://www.jppinto.com/2010/03/automatically-redirect-http-requests-to-https-on-iis7-using-url-rewrite-2-0/ but that doesn't work period. Bindings have been removed and re-added multiple times. Any
  help would be greatly appreciated as we have scoured google and cannot find any solutions to this nor reasons why. Thanks much.

  Hi,
  From your description, I recommend you verify the following thing for troubleshooting:
  Open IIS Manager, click Default Web Site -> OWA -> SSL Settings, please make sure "Require SSL" option is unchecked.
  What's more, here is a thread for your reference.
  Exchange 2010 http://domain.com/owa redirect to
  https://domain.com/owa
  http://social.technet.microsoft.com/Forums/en-US/7326eebc-3162-4366-84a4-ba23755686e5/exchange-2010-httpdomaincomowa-redirect-to-httpsdomaincomowa?forum=exchange2010
  Hope it helps.
  Best regards,
  Amy
  Amy Wang
  TechNet Community Support

• Move mailbox from exchange 2010 2003 , Transient error MapiExceptionLogonFailed has occurred.

  We are currently migrating from Exchange 2003 to Exchange 2010, same domain.
  We have successfully moved some mailboxes from exchange 2003 to exchange 2010 without any problems.
  Now we need to move 1 mailbox back from exchange 2010 to exchange 2003.
  After creating the moverequest it stucks on 0% and the log shows the error below.
  After using Bing I found this post -> http://social.technet.microsoft.com/Forums/exchange/en-US/ef41ae05-8816-4c0c-968a-c48f0e3d50b5/move-mailbox-back-from-exchange-2010-to-exchange-2003-failure?forum=exchangesvrdeploylegacy
  This suggest -> 
  After I give FULL permissions to each Mailbox Stores on Exchange 2003 server, I was able to move my mailbox back onto the Exchange 2003 server. In details:
  Simply right click Storage Group\Mailbox Store and go to Security, in there you may see Exchange Servers group already there, if no add it in, then give it FULL permissions! and thats it!
  Create a new move request but still stuck on 0% and error as below
  20-3-2014 16:32:10 [ex2010p11] 'contoso.com/Users/exadmin' created move request.
  20-3-2014 16:32:11 [ex2010p21] The Microsoft Exchange Mailbox Replication service 'exchangep21.contoso.com' (14.3.151.0 caps:07) is examining the request.
  20-3-2014 16:32:11 [ex2010p21] Connected to target mailbox 'Primary (82b54f9e-27ff-44d2-9142-f949d567e1e7)', database 'ex2003\Basic\Basic', Mailbox server 'ex2003.contoso.com' Version 0.0 (Build 7638.0).
  20-3-2014 16:32:11 [ex2010p21] Connected to source mailbox 'Primary (82b54f9e-27ff-44d2-9142-f949d567e1e7)', database 'EX2010DB', Mailbox server 'ex2010p20.contoso.com' Version 14.3 (Build 174.0).
  20-3-2014 16:32:11 [ex2010p21] Request processing started.
  20-3-2014 16:32:11 [ex2010p21] Transient error MapiExceptionLogonFailed has occurred. The system will retry (1/60).
  Error details: MapiExceptionLogonFailed: Unable to make connection to the server. (hr=0x80040111, ec=1010)
  Diagnostic context:
      Lid: 13720   dwParam: 0x6D9      Msg: EEInfo: Flags: 0
      Lid: 11672   dwParam: 0x6D9      Msg: EEInfo: NumberOfParameters: 4
      Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[0]: Unicode string: ncacn_ip_tcp
      Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[1]: Unicode string: ex2003
      Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[2]: Long val: -545057711
      Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[3]: Long val: 382312662
      Lid: 45169   StoreEc: 0x824     
      Lid: 44273  
      Lid: 59431   EMSMDB.EcDoConnectEx called [length=163]
      Lid: 34855   EMSMDB.EcDoConnectEx returned [ec=0x3F2][length=56][latency=0]
      Lid: 56945  
      Lid: 59431   EMSMDB.EcDoConnectEx called [length=163]
      Lid: 34855   EMSMDB.EcDoConnectEx returned [ec=0x3F2][length=56][latency=0]
      Lid: 59505   StoreEc: 0x3F2     
      Lid: 52465   StoreEc: 0x3F2     
      Lid: 60065  
      Lid: 33777   StoreEc: 0x3F2     
      Lid: 59805  
      Lid: 52209   StoreEc: 0x3F2     
      Lid: 56583  
      Lid: 52487   StoreEc: 0x3F2     
      Lid: 19778  
      Lid: 27970   StoreEc: 0x3F2     
      Lid: 17730  
      Lid: 25922   StoreEc: 0x3F2     
     at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, SafeExInterfaceHandle iUnknown, Exception innerException)
     at Microsoft.Mapi.ExRpcConnection.Create(ConnectionCache connectionCache, ExRpcConnectionCreateFlag createFlags, ConnectFlag connectFlags, String serverDn, String userDn, String user, String domain, String password, String httpProxyServerName,
  Int32 ulConMod, Int32 lcidString, Int32 lcidSort, Int32 cpid, Int32 cReconnectIntervalInMins, Int32 cbRpcBufferSize, Int32 cbAuxBufferSize, Client xropClient, Byte[] clientSessionInfo, TimeSpan connectionTimeout)
     at Microsoft.Mapi.MapiStore.OpenMapiStore(String serverDn, String userDn, String mailboxDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, String httpProxyServerName, ConnectFlag connectFlags, OpenStoreFlag
  storeFlags, CultureInfo cultureInfo, Boolean wantRedirect, String& correctServerDN, ClientIdentityInfo clientIdentity, String applicationId, Client xropClient, Boolean wantWebServices, Byte[] clientSessionInfo, TimeSpan connectionTimeout)
     at Microsoft.Mapi.MapiStore.OpenMailbox(String serverDn, String userDn, String mailboxDn, String userName, String domainName, String password, String httpProxyServerName, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo,
  WindowsIdentity windowsIdentity, String applicationId)
     at Microsoft.Exchange.MailboxReplicationService.MapiUtils.OpenSystemMailbox(Guid mdbGuid, String serverDN, String dcName, NetworkCredential cred, String& systemMailboxDn)
     at Microsoft.Exchange.MailboxReplicationService.LocalMailbox.OpenSystemMailbox()
     at Microsoft.Exchange.MailboxReplicationService.LocalMailbox.Microsoft.Exchange.MailboxReplicationService.IMailbox.SaveSyncState(Byte[] key, String syncStateStr)
     at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.<>c__DisplayClass57.<Microsoft.Exchange.MailboxReplicationService.IMailbox.SaveSyncState>b__56()
     at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(GenericCallDelegate operation)
     at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.Microsoft.Exchange.MailboxReplicationService.IMailbox.SaveSyncState(Byte[] key, String syncState)
     at Microsoft.Exchange.MailboxReplicationService.MailboxCopierBase.ClearSyncState()
     at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.<>c__DisplayClass23.<CleanupOrphanedDestinationMailbox>b__22(MailboxMover mbxCtx)
     at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.ForeachMailboxContext(MailboxMoverDelegate del)
     at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.CleanupOrphanedDestinationMailbox(Object[] wiParams)
     at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CatchKnownExceptions(GenericCallDelegate del, FailureDelegate failureDelegate)
  Error context: --------
  Operation: IMailbox.SaveSyncState
  OperationSide: Target
  Primary (82b54f9e-27ff-44d2-9142-f949d567e1e7)
  Key: F2FA63B0116C564EA4C598D69786443D9E4FB582FF27D2449142F949D567E1E7E0CA914F6695624C98892FA527AAA91E
  SyncStateLength: 0
  20-3-2014 16:32:41 [ex2010p21] The Microsoft Exchange Mailbox Replication service 'ex2010p21.contoso.com' (14.3.151.0 caps:07) is examining the request.
  20-3-2014 16:32:41 [ex2010p21] Connected to target mailbox 'Primary (82b54f9e-27ff-44d2-9142-f949d567e1e7)', database 'ex2003\Basic\Basic', Mailbox server 'ex2003.contoso.com' Version 0.0 (Build 7638.0).
  20-3-2014 16:32:41 [ex2010p21] Connected to source mailbox 'Primary (82b54f9e-27ff-44d2-9142-f949d567e1e7)', database 'EX2010DB', Mailbox server 'ex2010p20.contoso.com' Version 14.3 (Build 174.0).
  20-3-2014 16:32:41 [ex2010p21] Request processing started.
  20-3-2014 16:32:41 [ex2010p21] Transient error MapiExceptionLogonFailed has occurred. The system will retry (2/60).

  Hello，
  When you move mailbox from exchange 2010 to exchange 2003, please check if the following situations exist:
  http://technet.microsoft.com/en-us/library/dd638157(v=exchg.141).aspx
  Before you move mailbox again, please clear the previous move request.
  I recommend you use EXBPA to check your exchange server 2003 and exchange 2010.
  Please check if inheritable permission is missing on the mailbox store on Exchange Server 2003.
  Cara Chen
  TechNet Community Support

• Migrate & coexist Exchange 2010 to 2010 in two different site under same domain

  Hi all,
  The initial plan was planning to coexist Exchange 2010 (old data center) & 2013 (new data center) .
  Unfortunately there was a problem of upgrading the existing exchange 2010 sp2 to 2010 sp3 and Microsoft said they don't support this anymore.
  So the only plan I can think of is build another exchange 2010 with SP3 (new data center)  to coexist with existing exchange 2010 SP2 first then followed by exchange 2013.
  I don't see any relevant info on the Internet for the coexistence of exchange 2010 SP2 and SP3. can you please share some detailed steps or info?
  Thank you very much in advanced.

  Hi all,
  The initial plan was planning to coexist Exchange 2010 (old data center) & 2013 (new data center) .
  Unfortunately there was a problem of upgrading the existing exchange 2010 sp2 to 2010 sp3 and Microsoft said they don't support this anymore.
  So the only plan I can think of is build another exchange 2010 with SP3 (new data center)  to coexist with existing exchange 2010 SP2 first then followed by exchange 2013.
  I don't see any relevant info on the Internet for the coexistence of exchange 2010 SP2 and SP3. can you please share some detailed steps or info?
  The last database upgrade exchange 2010 SP3 is unable to mount server with Exchange 2010 SP2 i.e., there is no database schema upgrade from SP1 or SP2 to SP3. Please check this link :
  https://www.youtube.com/watch?v=M4hJfdqTe5s
  You may download exchange Server 2010 Service Pack 3 from here :http://www.microsoft.com/en-us/download/details.aspx?id=36768
  This Exchange Server 2010 SP3 software may be used to perform a new installation or to update an existing Exchange Server 2010 installation to Service Pack 2 (SP2) level.
  Moreover, to migrate the mailbox database from exchange 2010 to 2013, you may consider on this exchange migration tool (http://www.exchangemigrationtool.com/) that can be a good approach for you.

• Exchange 2010 Certificates, IPs, and Domain Names...

  I'm setting up a new Exchange 2010 server, migrating from an old Exchange 2003.
  I'm at the point now where I'm stuck and cannot move the mailboxes of the users to the new server until I get the new server setup with certificates, reconfigure the firewall, and more Aname records. ... reason, I'd like to take advantage of the autodiscover,
  sync, outlook anywhere, etc.
  I've been tossing ideas around but I think I'm over thinking this entire thing on domain names, anames, certificates, etc.
  Can someone tell me what the best practice would be for creating the CSR? And I'm a bit curious as to IPs.
  While the examples in the New Exchange Certificate wizard all show 'mail.contoso.com' I wanted to be more specific on the functions of each but maybe I'm causing myself a lot of extra work. Each full aname needs pointed to a different public IP from my understanding
  of the certificates. Can anyone tell me if this approach(below) is best practice or far from it?
  I'm very intrigued with the capabilities but dont' understand why MS would use as an example the same domain name, mail.contoso.com for each function. But it may be because they'd just have to point to one IP address whereas I'll have to point several IPs
  public to a single IP internal.
  I'm just asking for suggestions... and ideas... and how you setup your exchange 2010
  I was going to create:
  Outlook Web App:
  webmail.domainname.com,domainname.com
  Sync:
  sync.domainname.com,domainname.com
  Autodiscover:
  domainname.com
  Outlook Anywhere:
  outlook.domainname.com, domainname.com

  Not sure I understand - but why do you want to map each individual service to an individual public IP ? Usually the trend is to keep as little public IPs as possible (you can get away with 1 public IP for the CAS role). For autodiscover, I've usually seen
  the autodiscover.domainname.com being used, due to the domainname.com reserved (public site) - this actually keeps inside the logic used by Outlook clients to autodetect the servers (see
  this link).
  As for the Subject Alternate Names (SANs) on the certificate itself - it all depends whether you're publishing the server directly (in this case you'll want to get away with as little SANs as possible) or you'll use a reverse proxy (TMG/WAP) to publish the
  internal box (in this case the certificate on the reverse proxy can contain little SANs, but the internal server can have SANs map to each service if you want).
  Also - Allen's link is a definitely must read.

• Lync 2010 server and UM role on different domains in different forests

  Hello 
  I have a Lync 2010 environment running on domain A, with exchange 2010 UM also running in Domain A.  We are in the process of migrating users and mailboxes from domain A to domain B.  Once we reach our enterprise voice users with exchange UM enabled
  we will need to install the exchange UM role on the exchange server in Domain B.  
  There is a 2-way trust relationship between domain A and domain B.
  All the users from are running Lync on a PC located in Domain B, using Lync credentials from Domain A.
  Are there any issues running Lync 2010 and Exchange UM from different domains in different forests?  Is it as simple as creating a new UM DialPlan and UM IP Gateway to the domain A Lync FQDN?
  Thanks

  Hi,
  Each UM forest must be configured to trust the forest in which Lync Server is deployed, and the forest in which Lync Server 2013 is deployed must be configured to trust each UM forest. If Exchange UM is installed in multiple forests, the Exchange
  Server integration steps must be performed for each UM forest or you’ll have to specify the Lync Server domain.
  Here is a link about for UM of Lync server 2013 but similar for Lync server 2010:
  http://technet.microsoft.com/en-us/library/jj966276(v=exchg.150).aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Exchange 2010 disconnect AD user from mailbox and reconnect the mailbox to a new copy of the same user with a different username

  How can i get the following done:
  Exchange 2010 disconnect AD user from mailbox and reconnect the mailbox to a new copy of the same user with a different username?
  i nmust do this for 16 users TODAY, SO PLEASE HELP ME OUT HERE.
  Thanks in advance!!
  kind regards,
  Rene Veldman
  System Administrator Teidem bv, The Netherlands.

  Rene,
  Why are you not changing the username of the existing account, instead of deleting the existing one and creating a new one?
  If you truly need to delete and create new, you can save the GUID for the mailbox (Get-MailboxStatistics <mailbox alias> | Fl MailboxGuid), mail disable the existing account (Disable-Mailbox <mailbox alias>
  will work), clean the mailbox database it was hosted on (Clean-MailboxDatabase
  <database name>), then create your new account and recover the existing mailbox to that new account (Connect-Mailbox -Identity <Guid from before> -Database <Database name> -User <SAM account name of new account> -Alias
  <what you wish to set the alias to>).  In PowerShell, for all steps, you would do the following:
  $MbxAlias = <mailbox alias>
  $NewMbxAcct = <SAM Account Name for new account>
  $NewMbxAlias = <new alias for mailbox>
  $DomCtrl = (dir env:\LOGONSERVER).Value.Substring(2)
  $MbxGuid = (Get-MailboxStatistics $MbxAlias -DomainController $DomCtrl).MailboxGuid
  $MbxDb = (Get-Mailbox $MbxAlias -DomainController $DomCtrl).Database
  Disable-Mailbox $MbxAlias
  Clean-MailboxDatabase $MbxDb
  Connect-Mailbox -Identity $MbxGuid -Database $MbxDb -User $NewMbxAcct -Alias $NewMbxAlias -DomainController $DomCtrl
  You will need to supply the information in bold in the above commands, and you will need to create the new account before you run the above commands.  I include direct use of a specific domain controller so you won't need to worry about replication. 
  If you are changing the account from one domain to another, this will not help, and you will need to wait for replication throughout the process, running the commands individually.

• Outlook 2013 client, not in domain, can't connect to the Exchange 2010 server

  Good Aftermoon,
  Having issues it seems getting to the right forum but here is what I have. Currently we are running an Exchange 2010 server. OWA is configured and I am not having any issues with people connecting through it. The issue I am having is that any user that tries
  to connect through Outlook 2013 gets an error message about the proxy server and then a certificate error. I have run the tests through the toolbox and get the following results. 
  Attempting to test potential Autodiscover URL https://autodiscover.westmoreland-county.org:443/Autodiscover/Autodiscover.xml
  Testing of this potential Autodiscover URL failed.
  Additional Details
  Elapsed Time: 694 ms.
  Test Steps
  Attempting to resolve the host name autodiscover.westmoreland-county.org in DNS.
  The host name resolved successfully.
  Additional Details
  IP addresses returned: 69.89.25.150
  Elapsed Time: 284 ms.
  Testing TCP port 443 on host autodiscover.westmoreland-county.org to ensure it's listening and open.
  The port was opened successfully.
  Additional Details
  Elapsed Time: 164 ms.
  Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
  Additional Details
  Elapsed Time: 245 ms.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.westmoreland-county.org on port 443.
  The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
  Additional Details
  Remote Certificate Subject: CN=*.bluehost.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated, Issuer: CN=PositiveSSL CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
  Elapsed Time: 201 ms.
  Validating the certificate name.
  Certificate name validation failed.
   <label for="testSelectWizard_ctl12_ctl06_ctl00_ctl00_ctl01_ctl02_ctl01_tmmArrow">Tell
  me more about this issue and how to resolve it</label>
  Additional Details
  Host name autodiscover.westmoreland-county.org doesn't match any name found on the server certificate CN=*.bluehost.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated.
  Elapsed Time: 1 ms.
  Attempting to contact the Autodiscover service using the HTTP redirect method.
  The attempt to contact Autodiscover using the HTTP Redirect method failed.
  Additional Details
  Elapsed Time: 234 ms.
  Test Steps
  Attempting to resolve the host name autodiscover.westmoreland-county.org in DNS.
  The host name resolved successfully.
  Additional Details
  IP addresses returned: 69.89.25.150
  Elapsed Time: 14 ms.
  Testing TCP port 80 on host autodiscover.westmoreland-county.org to ensure it's listening and open.
  The port was opened successfully.
  Additional Details
  Elapsed Time: 83 ms.
  The Microsoft Connectivity Analyzer is checking the host autodiscover.westmoreland-county.org for an HTTP redirect to the Autodiscover service.
  The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.
  Additional Details
  The URL specified in the location HTTP header was not HTTPS. URL: http://autodiscover.bluehost.com/Autodiscover/Autodiscover.xml
  HTTP Response Headers:
  Keep-Alive: timeout=10, max=500
  Connection: Keep-Alive
  Content-Length: 356
  Content-Type: text/html; charset=iso-8859-1
  Date: Wed, 03 Dec 2014 18:10:08 GMT
  Location: http://autodiscover.bluehost.com/Autodiscover/Autodiscover.xml
  Server: Apache
  Elapsed Time: 135 ms.
  Our setup currently our domain is being hosted and the web master has control of domain settings. 
  I am fairly new to the Excchange Server world so any suggestions that you may have as to how I can resolve this would be great. 
  Bill

  Hi Bill
  Thank you for your pos.
  You can use the following command to check whether you have purchased the certificate of audiscovery.westmoreload-country.org in your organization:
  Get-ExchangeCertificate –server CASServerName | fl
  For example: you want to return all certificates stored on the Client Access server named ClientAccess01, you will type the follow command in EMS.
  Get-ExchangeCertificate -Server ClientAccess01 | fl
  If you didn’t purchased the certificate of audiscovery.westmoreload-country.org, you could contact your certificate supplier.
  You could refer to the following link:
  https://support.microsoft.com/kb/940726?wa=wsignin1.0
  If there are any questions regarding this issue, please be free to let me know.
  Best regard,
  Jim

• Active Directory domain migration with Exchange 2010, System Center 2012 R2 and File Servers

  Greeting dear colleagues!
  I got a task to migrate existing Active Directory domain to a new froest and a brand new domain.
  I have a single domain with Forest/Domain level 2003 and two DC (2008 R2 and 2012 R2). My domain contains Exchange 2010 Organization, some System Center components (SCCM, SCOM, SCSM) and File Servers with mapped "My Documents" user folders. Domain
  has about 1500 users/computers.
  How do u think, is it realy possible to migrate such a domain to a new one with minimum downtime and user interruption? Maybe someone has already done something like that before? Please, write that here, i promise that i won't ask for instruction from you,
  maybe only some small questions :)
  Now I'm studying ADMT manual for sure.
  Thanks in advance, 
  Dmitriy Titov
  С уважением, Дмитрий Титов

  Hi Dmitriy,
  I got a task to migrate existing Active Directory domain to a new froest and a brand new domain.
  How do u think, is it realy possible to migrate such a domain to a new one with minimum downtime and user interruption?
  As far as I know, during inter-forest migration, user and group objects are cloned rather than migrated, which means they can still access resources in the source forest, they can even access resources after the migration is completed. You can ask users
  to switch domain as soon as the new domain is ready.
  Therefore, there shouldn’t be a huge downtime/interruption.
  More information for you:
  ADMT Guide: Migrating and Restructuring Active Directory Domains
  https://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Exchange 2010 unable to find objects in child domain via ESM

  I am having a problem on Exchange 2010 which relates to mailboxes whose AD account is in a child domain in the AD forest.
  We have two domains A & B in the forest. The site which hosts E2010 only has DCs from domain A (root domain). These DCs are set as Global Catalogues.
  All Exchange servers (2 x CAS & 2 x Mailbox) installed in Domain A (primary site) can resolve domain B and performing nslookups for domain B on these server displays the DCs installed
  in domain B at remote sites.
  I am migrating some resource mailboxes with AD accounts in domain B and need to set them up as room mailboxes to enable the auto accept bookings feature.
  After migrating the mailboxes via the EMS to set the mailbox as a room, below is the error I get:
  [PS] C:\Windows\system32>set-mailbox mtgrm1@domainB
   -Type Room
  The operation couldn't be performed because object 'mtgrm1@ domainB' couldn't be found on 'DC01.domainA.com'.
      + CategoryInfo          : NotSpecified: (0:Int32) [Set-Mailbox], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : 9E6F6A1,Microsoft.Exchange.Management.RecipientTasks.SetMailbox
  I have also tried using only the alias and the object CN:
  set-mailbox mtgrm1 -Type Room
  set-mailbox –identity 'domainB/Sitename/ Users/MSX Resource Accounts/Conf MtgRm1 (Video)' -Type Room
  but get the same error.
  All employee mailboxes from Domain B have been migrated to Exchange 2010 from 2003 and are working with no problems.
  I have confirmed domain B has been prepared for E2010 - In the Microsoft Exchange System Objects container in AD there is the global group Exchange Install Domain Servers.
  Event ID 2080
  Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1864). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
   (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
  In-site:
  dc02.domainA.COM           
  CDG 1 7 7 1 0 1 1 7 1
  DC01.domainA.com            
  CDG 1 7 7 1 0 1 1 7 1
   Out-of-site:
  DC03.domainA.COM          
  CDG 1 0 0 1 0 0 0 0 0
  dc04.domainA.COM           
  CDG 1 0 0 1 0 0 0 0 0
  Please note the Out of site DCs are for our Exchange failover site which is currently down due to the storms on the East Coast.
  Does Exchange 2010 require a local DC for the second domain installed in the sites which host Exchange? If not, any advise on what else I can look at will be appreciated.
  Thanks.

  Hi there,
  If the questions is answered, please mark it accordingly. Thanks. 
  Fiona Liao
  TechNet Community Support