Exchange 2013 - 2007 coexistence legacy namespace issues

Similar Messages

• RPC over HTTP trouble Exchange 2013/2007 coexistence, 2013 RPCProxy cannot ping GC.

  I currently have an Exchange 2013/2007 coexistence scenario which gives me trouble with the RPC over HTTP part with users with a 2007 mailbox. the MS RCA website performs 2 tests with the MAPI address book endpoints, once against a 2007 mailbox server and
  once a against a GC/DC, the last one fails. The logs are from our test domain, but the exact same happens in the production domain. running CU8 (recently upgraded, but problem was exactly the same with CU7)
  Testing the MAPI Address Book endpoint on the Exchange server.
  The address book endpoint was tested successfully.
  Additional Details
  Elapsed Time: 7872 ms.
  Test Steps
  Attempting to ping the MAPI Address Book endpoint with identity: exmb11.domain.test:6004.
  The endpoint was pinged successfully.
  Additional Details
  The endpoint responded in 156 ms.
  Elapsed Time: 4153 ms.
  Testing the MAPI Address Book endpoint on the Exchange server.
  An error occurred while testing the address book endpoint.
  Additional Details
  Elapsed Time: 3079 ms.
  Test Steps
  Attempting to ping the MAPI Address Book endpoint with identity: tdc01421.domain.test:6004.
  The attempt to ping the endpoint failed.
   <label for="testSelectWizard_ctl12_ctl06_ctl02_ctl09_ctl00_tmmArrow">Tell
  me more about this issue and how to resolve it</label>
  Additional Details
  The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process.
  Elapsed Time: 3079 ms.
  texmb11 = ex2007 mailbox
  texfr11 = ex2007 CAS
  tdc01421 = DC/GC
  texch31 = 2013 multirole
  other symptoms :
  Browser test
  https://texch31.domain.test/rpc/rpcproxy.dll?texmb11:6004
  --> 503 (which is correct)
  https://texch31.domain.test/rpc/rpcproxy.dll?tdc01421:6004
  --> 404.0 Not Found
  RPCPing
  rpcping -t ncacn_http -s texmb11 -o RpcProxy=texch31.domain.test -P "user,dom,*" -I "user,dom,*" -H 2 -u 9 -a connect -F 3 -v 3 -e 6004
  Success
  rpcping -t ncacn_http -s tdc01421 -o RpcProxy=texch31.domain.test -P "user,dom,*" -I "user,dom,*" -H 2 -u 9 -a connect -F 3 -v 3 -e 6004
  Fails!
  so the Ex2013 RPCProxy doesn't proxy to the DC/GC, but the RPCProxy to an ex2007 mailbox server works fine, so the authentication methods configured are correct i'd say..
  the same tests using the ex2007CAS server as RPC proxy all succeed!:
  MS RCA is all green
  https://texfr11.domain.test/rpc/rpcproxy.dll?texmb11:6004 
  --> 503
  https://texfr11.domain.test/rpc/rpcproxy.dll?tdc01421:6004 
  --> 503 
  rpcping -t ncacn_http -s texmb11 -o RpcProxy=texfr11.domain.test -P "user,dom,*" -I "user,dom,*" -H 2 -u 9 -a connect -F 3 -v 3 -e 6004
  Success
  rpcping -t ncacn_http -s tdc01421 -o RpcProxy=texfr11.domain.test -P "user,dom,*" -I "user,dom,*" -H 2 -u 9 -a connect -F 3 -v 3 -e 6004
  Success!!
  Logs
  all tries against the 2013 CAS server generate '404' log entries in several logs int the Logging directory, the most explicit being the one in Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\RpcHttp : HttpProxy_xxxxxx.LOG
  2015-04-30T19:58:00.153Z,895cdf07-f2eb-4beb-b787-da02ba11b0c2,15,0,1076,0,,RpcHttp,webmail.domain.test,/rpc/rpcproxy.dll,,Basic,true,DOM\user,,,MSRPC,10.10.142.132,TEXCH31,404,,MailboxGuidWithDomainNotFound,RPC_IN_DATA,,,,,,,,,4,,,,1,,,0,,0,,0,0,,0,2,0,,,,,,,,,1,1,0,,1,,2,2,,?TDC01422.domain.test:6004,,BeginRequest=2015-04-30T19:58:00.153Z;CorrelationID=<empty>;ProxyState-Run=None;ProxyState-Complete=CalculateBackEnd;EndRequest=2015-04-30T19:58:00.153Z;,HttpProxyException=Microsoft.Exchange.HttpProxy.HttpProxyException:
  RPC server name passed in by client could not be resolved: TDC01422.domain.test    at Microsoft.Exchange.HttpProxy.RpcHttpProxyRequestHandler.ResolveToDefaultAnchorMailbox(String originalRpcServerName  String reason)    at
  Microsoft.Exchange.HttpProxy.RpcHttpProxyRequestHandler.ResolveAnchorMailbox()    at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalBeginCalculateTargetBackEnd(AnchorMailbox& anchorMailbox)    at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<BeginCalculateTargetBackEnd>b__3b();
  the error suggests the name could not be resolved. but nslookup works fine. i can ping the tdc01421 correctly form texch31, it returns me the ipv4 address. i can telnet to port 6004 from texch31 server to tdc01421 giving me the correct 'ncacn_http' answer..
  i look at the 'ValidPorts' and ValidPorts_Autoconfig_Exchange reg keys and filled them with the same i have on the 2007cas servers (all ex servers, all dc/gc's, all of them with netbios & fqdn ports 6001,6002 & 6004..) but also no success.
  im out of ideas by now..

  Hello togehter, 
  if anyone is using the Interim Update (Hotfix) "Exchange2013-KB2997209_2997847-x64-en.msp" please be aware of the following bug in this hotfix: 
  NOTE: Another issue that we have seen only from some E2013 On-Premises customers who installed
  fixes for any of the above E2013 CU6 related issues is that “Using OWA, users cannot create new messages or reply to existing messages” – These are mostly installer issues where OWA files are not copying correctly in the new version directory. Ideally the
  content of these two folders, i.e. “V15\ClientAccess\Owa\prem\15.0.995.31” and “V15\ClientAccess\Owa\prem\15.0.995.29” should be identical, now if for any reason, they are not then it can break the OWA experience like described above. Take these steps if you
  run into related issues:
  -Backup the contents of “15.0.995.31” folder to a different folder/directory
  -Copy the files and folders from “15.0.995.29” to “15.0.995.31” folder – this should fix the issue …
  Best, 
  Martin

• Exchange 2013/2007 coexistence: The Name on the Security Certificate is Invalid or Does Not Match the Name of the Site.

  In the midst of Exchange 2013/2007 coexistence configuration. 
  Currently:
  Exchange 2007:
  2 CAS\HUB
  1 Mailbox server
  Exchange 2013 (2 sites):
  LA:
  1 CAS
  2 MBX servers
  MKE:
  1 CAS 
  2 MBX servers.
  We purchased a certificate from Digicert and added every SAN name we could think of including "legacy.companyname.com", just to be sure. Added certificate to Exchange 2013 CAS servers and 2007 CAS\HUB boxes. Configured virtual directories on Exchange
  2013 MKE-CAS01 but not on Exchange 2013 LA-CAS01. Configured virtual directories to on Exchange 2007 CAS\HUB to point to "legacy.companyname.com". 
  Mailboxes have not been moved yet. I just wanted to get the coexistence between Exchange 2013/2007 up first but some users (not all) receiving
  "The name of the security certificate is invalid or does not match the name of the site" for
  "LEGACY.COMPANYNAME.COM". I remember configuring the AUTODISCOVER virtual directory for Exchange 2007. Any ideas? Thank you.

  Hi,
  Please make sure that the certificate with "legacy.companyname.com" name is enabled for IIS service. We can check it by running the following command in Exchange server 2007:
  Get-ExchangeCertificate | FL
  Thanks,
  Winnie Liang
  TechNet Community Support

• Exchange 2013 - 2007 coexistence - activesync 2007 does not work correctly

  Exchange 2013 SP1.  On going Saga-  Last night we cut over to full co-existence with DNS changes for use of legacy namespace and had to roll back again. We had only two issues but one was considered a show stopper.
  The main issue was that Active Sync would not work correctly for 2007 users. It failed the exchange connectivity test and would only work on a device if the domain was entered - or if the legacy namespace was entered manually. That would have meant
  chaos for several thousand users so we rolled back. (It worked perfectly for 2013 users).
  The error given by the test was "foldersync failed" when I drilled down into the detail. It found autodiscover but failed after the initial handshake. (All other tests passed for 2007 and 2013 users)
  We tried:
  1. Populating both Autodisover internal and external urls with the legacy namespace
  2. Populating only the internal url and leaving the external blank (both 1 and 2 had the same result)
  3. Leaving both URLs blank to force 2013 to proxy to the 2007 cas (totally broke it- would not resolve at all)
  I don't know if this is related but SSO is failing for 2007 OWA - two prompts.
  Environment notes- all internal co-existence is working and the internal LTM F5's are working. Externally we use 2 GTM F5 to the LTM f5's to Ex2013. 2007 has SSL being passed through all the way to the CAS. Servers are split into CAS and MBX over 2 DC's.
  Everything else externally was working when we cut over.
  any and all help appreciated
  Tony

  Hi,
  Glad to know that you have found the solution.
  Thanks for your generous sharing.
  Have a nice day : )
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Exchange 2013 / 2010 coexistence with different public domains

  Currently in my organization
  1x Exchange 2010 Standard w/SP3 - Client Access / Hub Transport
  1x Exchange 2010 Standard w/SP3 - Unified Messaging Server (we also have Lync 2013 in the environment)
  1x Exchange 2010 Standard w/SP3 - Mailbox
  In my organization, we have approximately 600 mailboxes - 100 office staff, and 500 field employees using a mixture of Outlook 2007/2010/2013 and various mobile devices. Most of our field employees are in remote locations, several hundred
  miles away. We have no IT staff in any of our field locations.
  We also have two public domains that we use, though we are trying to phase out the old one to unify everything.
  domain-old.com - Used when the company had a different name. All Exchange services are published with this one.
  domain-new.com - Used after the company changed names. The goal is to publish all Exchange services with this one.
  domain.local - Our internal Active Directory domain.
  We use Microsoft Exchange Online Protection for all inbound/outbound email. We publish OWA, ActiveSync, etc. through our Sophos firewall. Also, we have two KEMP LoadMaster appliances that for high availability that we currently use for Lync 2013; they are
  severely underutilized.
  Goals for the Exchange migration
  My primary goal is to introduce high availability into our environment by introducing redundancy on multiple levels. I would like to accomplish this by utilizing Exchange 2013 since we will need to purchase additional licensing anyway. My idea of the
  final topology is:
  2x KEMP LoadMaster appliances providing reverse proxy and load balancing to the CAS servers
  2x Physical servers running Hyper-V, separated physically but in the same AD site. Each one would run:
  1x VM with Exchange 2013 Standard w/SP1 - Client Access
  1x VM with Exchange 2013 Enterprise w/SP1 - Mailbox - Utilizing DAGs for high-availability
  I'd like all the new Exchange services to be published under the domain-new.com domain - such as mail.domain-new.com, mail.domain-new.com/owa, smtp.domain-new.com, etc.
  We have purchased two new physical servers that will be Hyper-V hosts running Server 2012R2. My timeframe to start this project is within the next two weeks, so I'll be running the new Exchange 2013 VMs under Server 2012, not R2 as it won't be supported
  until Exchange 2013 SP3 is released.
  Deployment Plan
  Install Exchange 2013 on new VMs.
  Create CAS Array object.
  Configure Exchange 2013 to publish under the new namespace.
  Perform mailbox moves to 2013 for a small group (1-5 users) at a time. Recreate Outlook profiles and mobile device profiles for that group. Test and move to the next group.
  Once all users are moved to the new namespace, decommission the Exchange 2010 servers.
  Unknowns
  My primary unknown is about the namespaces. All of the guides I have read strictly deal with keeping the existing namespace and having the Exchange 2013 CAS proxy requests to Exchange 2010 for mailboxes still on 2010. This should never be an issue for us
  since we'll be using the new domain for each mailbox we move.
  My question boils down to, is this a supported way to migrate to Exchange 2013? And if so, are there some materials or information to help me perform it this way?

  Hi,
  From the description, you want to install Exchange 2013 in another domain and then migrate from Exchange 2010 to Exchange 2013. 
  About DAG, all servers in a DAG must be running the same operating system. If there is only one mailbox server, there is no need to deploy DAG.
  About CAS array, we should know that the CAS Array no longer exists in Exchange 2013.
  About the namespace, based on my knowledge, we can introduce a new namespace. Just as what you said "This should never be an issue for us since we'll be using the new domain for each mailbox we move".
  Here are some articles about how to upgrade from Exchange 2010 to Exchange 2013 in the same organization.
  Checklist: Upgrade from Exchange 2010
  Install Exchange 2013 in an Existing Exchange 2010 Organization
  Upgrade from Exchange 2010 to Exchange 2013
  Hope this helps.
  Best regards,
  Belinda
  Belinda Ma
  TechNet Community Support

• Exchange 2013 CU5 fresh install suffering issues with services not starting and coexistence with 2007

  Hi everyone,
  Hope you can help me out on a couple of issues I've been experiencing during the initial stages of a project to upgrade an on premise Exchange 2007 to 2013.
  On Monday last week I installed the first Exchange 2013 server into the network after a few weeks of careful planning, information gathering and remediation of our current Exchange 2007 environment and associated systems.
  The server itself has been having some issues from the word go, some of which I've resolved but none that are show stoppers but I want to get them resolved before building more servers and setting up the planned 2 x 2 node DAG's
  The main problems are as follows:
  There's usually one service that does not start following an OS restart and it's not always the same service. So far I've seen the following not start: DAG Management, Migration Workflow, Anti-spam Update, Unified Messaging, UM Call Router, Transport
  Service.
  The critical system event log entries are complaining of timeouts when the services are starting up but I can't imagine that the servers boot time is too long...  It's a 2 vCPU/12Gb vRAM VM, Windows 2012 R2
  I receive an error in the Event Log regarding RPC over HTTP Proxy
  to one of the 2007 CAS servers (not our primary one). The first error was because the Windows Component was missing but since installing it, disabling Outlook Anywhere, reenabling it, restarting the server, I now have a new error which is shown further down
  this post
  The Exchange 2013 server install is pretty default, CAS/MBX roles and some basic configuration performed such as new DNS entries, Public SSL certs installed and assigned, URL's updates, SCP updated. I have review and resolved some errors from the event logs
  for over chatty warnings about disk space (the warning is that we have loads of space...)
  This is a brief outline of the environment:
  Exchange 2007 SP3 RU13
  UK - Two physical locations in a stretch LAN (100Mb WAN)
  4 x CCR Cluster Mailbox Servers in two separate CCR Clusters
  Cluster 1 - Windows 2003 R2: One physical, one virtual server - don't ask, legacy install and I know the virtual is not a supported configuration.
  Cluster 2 - Windows 2008 R2: Two virtuals - New cluster built following a 4 day failure of Cluster 1. The aim was to move to supported config and decommission cluster 1.
  Note: Migration of Cluster 1 to Cluster 2 was halted as 2013 was so close it seemed pointless to continue the migration and instead migrate both Clusters to 2013 once in production.
  2 x Virtual Windows 2003 R2 - Hub Transport Servers
  2 x Virtual Windows 2003 R2 - Client Access Servers
  1 x Virtual Windows 2003 R2 - Unified Messaging Server
  1 x Virtual Windows 2003 R2 - Edge Transport Server (DMZ)
  US - One physical location
  1 x Physical Windows 2008 R2 - Mailbox, Client Access, Hub Transport Server
  Exchange 2013 CU5
  UK - Installed into same site along side Exchange 2007 servers
  1 x Virtual Windows 2012 R2 - Mailbox, Client Access Server
  Problem 2 Error Message - Please note, server names and domain name changed:
  Log Name:      Application
  Source:        MSExchange Front End HTTP Proxy
  Date:          18/07/2014 10:00:37
  Event ID:      3005
  Task Category: Core
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:      EXC2013.domain.local
  Description:
  [RpcHttp] Marking ClientAccess 2010 server EXC2007CAS1.domain.local (https://EXC2007CAS1.domain.local/rpc/rpcproxy.dll) as unhealthy due to exception: System.Net.WebException: The underlying connection was closed: The connection was closed unexpectedly.
     at System.Net.HttpWebRequest.GetResponse()
     at Microsoft.Exchange.HttpProxy.ProtocolPingStrategyBase.Ping(Uri url)
  Event Xml:
  <Event xmlns=http://schemas.microsoft.com/win/2004/08/events/event>
    <System>
      <Provider Name="MSExchange Front End HTTP Proxy" />
      <EventID Qualifiers="32768">3005</EventID>
      <Level>3</Level>
      <Task>1</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-07-18T09:00:37.000000000Z" />
      <EventRecordID>64832</EventRecordID>
      <Channel>Application</Channel>
      <Computer>EXC2013.domain.local</Computer>
      <Security />
    </System>
    <EventData>
      <Data>RpcHttp</Data>
      <Data>EXC2007CAS1.domain.local</Data>
      <Data>https://EXC2007CAS1.domain.local/rpc/rpcproxy.dll</Data>
      <Data>System.Net.WebException: The underlying connection was closed: The connection was closed unexpectedly.
     at System.Net.HttpWebRequest.GetResponse()
     at Microsoft.Exchange.HttpProxy.ProtocolPingStrategyBase.Ping(Uri url)</Data>
    </EventData>
  </Event>

  Hi Off2work,
  I've gone through the article and the Get-OutlookAnywhere commandlet looks fine (especially when compared with our working CAS).
  Having looked through IIS I have spotted two additional misconfigurations with a missing setting to require SSL on the RPC folder and also the .NET version was not set.
  I've now set those to Require SSL and .NET 2.0.5072 however this has made no difference following restarted of both 2007 CAS and 2013 servers.
  I could potentially reinstall the CAS server or additionally decommission it as we have two of them and the other is not causing any errors with the 2013 server. This broken CAS server doesn't even have DNS records (except it's own hostname) or firewall
  rules pointing to it, nor does it have any active client connections if I check with a quick netstat -a
  As for UM, it's next on my list following some client/server connectivity testing so I have not yet assigned the SSL to the services or setup the dial plans, etc.
  The services do start most of the time, but others then don't so it's not a consistent issue with just this service. On my current boot, the DAG Management service failed to start, but again I don't have a DAG implemented yet.
  I will see if UM drops out of that list once I've configured it shortly
  Thanks for taking the time to respond (and that goes to DareDevil too)

• Exchange 2013 2007 co-existence Outlook Anywhere issues

  Sorted out all other issues (apart from a SSO issue- another thread) . Activesync, autodiscover etc all working- but Outlook Anywhere does not work for Exchange 2007 external mailboxes. It does work for 2013 mailboxes internally and externally-
  and 2007 mailboxes internally.
  Exchange 2013 SP1. Exchange 2007 Sp3 RU10. Legacy namespace is in use and on certificate. Outlook Anywhere IIS Authentication is set to Basic and NTLM on both 2007 and 2013 servers.  Outlook Anywhere external client authentication is set to Basic.
  Any sugestions what to look at next?

  Tony,
  I apologize for the stupid question, but was Outlook Anywhere working on Exchange 2007 before you started the upgrade?
  When you open command prompt on Exchange 2007 and ping the Exchange 2007 internal FQDN or NetBIOS name, do you get an IPv4 address or you get the IPv6 one?
  Step by Step Screencasts and Video Tutorials

• OWA SSO issues in Exchange 2013 - 2007 co-existence

  This may not be possible. For a multitude of reasons the client needs OWA authentication of Windows Integrated and Basic. As a result I''ve got a double prompt for users still on 2007 for OWA externally.
  Do you have to use Forms Based Authentication to get SSO to work? Is it possible to enable FBA as well as basic and Windows auth?

  FBA is required on the source and destination, yes. You would need to enable that and not use Basic or Windows Auth.
  http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
  CAS2013 in Site1 will authenticate the user, do a service discovery, and determine that the mailbox is located within the local AD site on an Exchange 2007 Mailbox server.
  CAS2013 will initiate a single sign-on silent redirect (assumes FBA is enabled on source and target) to
  legacy.contoso.com. CAS2007 will then facilitate the request and retrieve the necessary data from the Exchange 2007 Mailbox server.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Exchange 2013 EAC coexistence with Exchange 2007

  Dear All,
  I have an exchange organization comprized of single Exchange 2007 SP3 UR 15 running on Win2008 SP2 and two recently installed Exchange 2013 SP1 CU7 with CAS and Mailbox role running on Win 2012 R2.
  Imidiantly after Exchange 2013 install, I am not able to login to Exchange 2013 EAC. When I enter my credentials domain\username, the EAC page simpli dose a quick refresh and I am back where I started.
  I have tryid mutiple UTLs to access EAC page, such as:
  https://localhost/ecp?ExchClientVer=15
  https://localhost/ecp?ExchClientVer=14
  https://localhost/ecp
  Each of them show the same result, a page gets refreshet. I have tryid to move my Exchange Organization user mailbox to Exchange 2013 to see if that helps but the result.
  I also noticed that OWA dosent work for mailboxes that are on Exchange 2013, they are redirected to Exchange 2007 even thou they are on Exchange 2013.
  Any idea on this one?
  Thank you
  b.

  Hi,
  From your description, I would like to verify if you have configured Exchange 2013 namespace and virtual directories (such as OWA, ECP, OAB, Web Services, AutoDiscover)correctly. Please make sure these virtual directories are configured correctly and check
  the result.
  For more information about Exchange 2007  migration to Exchange 2013, here is a helpful blog for your reference.
  Step-by-Step Exchange 2007 to 2013 Migration
  http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-2-step-by-step-exchange-2007-to-2013-migration.aspx
  Hope this can be helpful to you.
  Best regards,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Amy Wang
  TechNet Community Support

• Cross-forest access to public folders Exchange 2013-2007

  Dear.
  We have an Exchange 2007 org in one forest and an Exchange 2013 org in another forest.
  User accounts remain in the 2007 AD, mailbox moved to Exchange 2013 in the other forest, so a linked mailbox.
  What do I need to do in the Exchange 2007 public folders to give the migrated mailboxes (not migrated users) access to these public folders?
  Thanks for the support.
  Regards.
  Peter Van Keymeulen, IT Infrastructure Solution Architect, www.edeconsulting.be

  Hi Stephen,<o:p></o:p>
  <o:p> </o:p>
  Do you have trust between Exchange 2007 forest and Exchange 2013 forest? Please set up a trust between the two forests. Then set the public folder client  permission
  to see if we can access the
  public folders.<o:p></o:p>
  <o:p> </o:p>
  If not, since Public folder cross forest migration is not supported in from an Exchange 2007/2010 forest to an exchange 2013 forest, refer to forum:
  http://social.technet.microsoft.com/Forums/office/en-US/51da1b97-fbb1-4f81-87da-c3370960c4ab/crossforest-public-folder-migration?forum=exchangesvrdeploy
  http://social.technet.microsoft.com/Forums/office/en-US/663f0dc3-a977-408a-93c7-94584fbefc62/public-folder-issue-cross-forest-migration-exchange-2010-to-2013?forum=exchangesvrdeploy
  <o:p></o:p>
  Title: Migrate Public Folders to Exchange 2013 From Previous Versions<o:p></o:p>
  Link:
  http://technet.microsoft.com/en-us/library/jj150486(v=exchg.150).aspx<o:p></o:p>
  <o:p> </o:p>
  So for public folder migration,
  the only supported path is cross forest 2007/2010 to 2007/2010 and then inter forest 2007/010 to 2013. Or
  we can first export all the public folder to PST from the Exchange 2007 forest, then import the PST to the Exchange 2013 forest.
  <o:p></o:p>
  Regards, Eric Zou

• Migration to Exchange 2013 from 2010 - Client side issues

  Hi Everyone, 
     I've been having issues with clients connecting to an existing Exchange server (Getting login prompt- but not usual reason).  
  We currently run Exchange 2010 with approx 200 mailboxes on the server.  Last night I renewed the certificate on the 2010 server (go daddy SAN cert, all ok) and added the cert to my new Exchange 2013 server.  I tested it with my account, and a
  test account approx 12 times, and had not login prompt when launching Outlook. All seemed ok, until this morning.....
  This morning, most (not all) users are getting the login prompt.  We are able to get by this by inputting domain\username and Outlook opens fine and is able to connect.  No users are on the Exchange 2013 server yet (only 1 test account) 
  I've been googling all morning and I'm not seeing anything directly relating to my issue.  I've read about the Anon vs Negotiate issues (KB2834139) - But - the strange thing is all clients are set to negotiate network security (And encrypt data) This
  is opposite of what the MS article says.  CLients are all Outlook 2010 
  Here are my outlook anywhere settings: 
  ServerName               : exchange2010
  IISAuthenticationMethods : {Basic}
  ServerName               : exchange2013A
  IISAuthenticationMethods : {Basic, Ntlm}
  ServerName               : exchange2013B
  IISAuthenticationMethods : {Basic, Ntlm}
  Identity                          ClientAuthenticationMethod IISAuthenticationMethods
  exchange2010\Rpc (Default Web Site)                        Basic {Basic}
  exchange2013a\Rpc (Default Web Site)                       Ntlm {Basic, Ntlm}
  exchange2013b\Rpc (Default Web Site)                       Ntlm {Basic, Ntlm}
  If I change the Exchange 2010 server to NTLM, will this resolve what I'm seeing? And do I need to restart RPC Client Access and Transport Service to make changes take effect? Or reboot the whole server? 
  If you need more info or logs please let me know
  Thank you for any help! 
  -Jeff

  Hi,
  Please confirm if the Login prompt issue occurs when users open the Outlook client at first time after renewing Exchange certificate or happens when opening the Outlook every time.
  I noticed that the user can connect to Exchange server after inputting domain\username. Please confirm if the issue happens to external users who use Outlook Anywhere. For Outlook Anywhere coexistence,
  please choose NTLM for IIS authentication.
  Set-OutlookAnywhere -Identity "exchange2010\Rpc (Default Web Site)" -IISAuthenticationMethods Basic,Ntlm
  Regards,
  Winnie Liang
  TechNet Community Support

• Outlook 2007 - single profile connecting to Exchange 2013 / 2007 mailboxes

  Hi,
  I am in the early part of a migration from Exchange 2007 to Exchange 2013. So far I have 2013 installed and running in a DAG and just moved my own mailbox to the new server.
  I set up a new profile in Outlook 2007 which connects to my mailbox on Exchange 2013. The problem is that I need to add additional mailboxes to my profile which are still hosted on Exchange 2007, however this is not working.
  I thought at one stage I tested this and was able to get it work with a test mailbox also hosted on Exchange 2013.. but maybe I never did.
  Does anyone know if this is possible at all (single Outlook profile, primary mailbox hosted on Exchange 2013 and other mailboxes on Exchange 2007). Most of our users have an additional mailbox mapped in their profile so I hope there is some way around this.
  Thank you!

  Hi,
  It is possible to open a shared mailboxes on a legacy server.
  Your problem could be caused by:
  Not having one of the later CU installed (read CU4 or CU5)
  Incorrect authentication methods configured (see link below)
  Outlook is not at the latest patch level
  Users of Exchange Server 2013 can't open public folders or shared mailboxes on an Exchange 2010 or Exchange 2007 server
  http://support.microsoft.com/kb/2834139
  Martina Miskovic

• Exchange 2013 in coexistence with 2010, Outlook keep looking for Exchange 2010 server slow connection

  All,
  not sure if this topic has already answered, but can't find anything around.
  Here's the scenario. Migrating from a single Exchange 2010 to a cluster of 2 + 1 Exchange 2013. Two in a site, One in the other site (DC).
  I have migrated successfully a firsat batch of users. Mail flow works perfectly. The only thing is that often the migrated users are experiencing a long time (about 30 minutes) to get their Outlook syncronized. Both OL 2010 and 2013 doesn't make any difference.
  They're using OL Anywhere, and I've already tried to rebuild the profile.
  From a check on the OL connection status, looks like they're still looking for something on EX2010, but no idea what could be. If I disable the cache mode it works smooth and quick.
  My best guess is that is something in cache they're trying to keep updated... but still this doesn't explain the huge delay.
  Any help would be highly appreciated!
  Thanks!

  Hi Alessandro,
  What happens in OWA? I guess it should be good.
  Did you have public folders with Exchange 2010? Were they moved over to Exch 2013? Technically you should move the PF to the latest version from the legacy version before moving over the users?
  - Moved the PF to OL2013. same behaviour
  May be the outlook clients are looking for th OAB? Did you move the OAB to Exchange 2013?
  - Did this too.
  Try running outlook on safe mode and see what happens? may be one of the outlook add-in's are looking for something on Exchange 2010?
  - Will try that....
  Can you do a Test Email Auto Configuration in outlook (Hold CNTRL key and right click on outlook icon on status bar) and see if the exchange url's are pointed to Exch 2013?
  - Will try that....
  Is this happening to all migrated users or specific? Are they BlackBerry users?
  - All users and there are no BB users
  Do you have any archived emails on those migrated users? May be outlook is looking for some archived stuff on the Exch 2010 side?
  - I instructed Exchange to migrate also the archiving database, however There are no archived mailbox on 2010
  Could this be because of any calendar entries? May be migrated user mailboxes are having issues with working with non-migrated mailbox calendars?
  - This maybe a possibility. I have only 10 users actively using Exchange, while all others have the mailboxes only because they've Lync. I've completed all migrations today, so there shouldn't be anything left on 2010
  Let me know how it went - all the best!
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. Regards, Siva

• Exchange 2013 + 2007 OWA coexistance not redirecting properly (HTTP 400)

  Hello.  I am using this document to funnel our new Exchange 2013 external traffic through an IIS ARR reverse proxy, much like we already do for MIcrosoft
  Lync 2013 on this machine.  
  http://blogs.technet.com/b/exchange/archive/2013/08/02/part-2-reverse-proxy-for-exchange-server-2013-using-iis-arr.aspx
  I followed this guide to a T. especially the part on the page 2 that I linked above about creating the legacy.domain.com server farm and URL rewrite rule.  This
  IIS ARR proxy seems to work fine for Outlook Anywhere, ActiveSync, OWA if the user's mailbox is on the Exchange 2013 server, but it does not work if an OWA user logs in with a mailbox on 2007.
  When the user has a mailbox on 2007, after logging into OWA they get HTTP 400 error.  The URL bar in the browser is changed to https://legacy.domain.com/owa/auth/owaauth.dll
  The Exchange 2007 server IIS logs show this:
  70.x.x.x, -, 11/1/2014, 9:45:48, W3SVC1, MAIL, 10.1.1.3, 0, 523, 132, 400, 0, POST, /owa/auth/owaauth.dll, -,
  I can't figure out why this is happening.  DNS is correct.  legacy.domain.com points to the 2007 Exchange server.  webm.domain.com points to the
  Exchange 2013 server.
  Any ideas?

  Doing more testing, I almost think the Exchange 2007 server keeps redirecting.  So the HTTP 400 is because when you hit legacy.domain.com, it redirects
  to webm.domain.com which redirects back to legacy.domain.com and vice versa.
  I put a test.txt file in the Exchange 2007 owa virtual directory and I cannot access it in any browser.  I tried https://legacy.domain.com/owa/test.txt and
  It redirects me to https://webm.domain.com(Exchange 2013).  I can however go
  one level (or more) deep on the legacy server and get a file such as https://legacy.doamin.com/owa/8.3.342.1/themes/base/logon.css and
  in the browser I see the code (both externally AND internally, so I know DNS and firewall is working).
  I can't find anywhere on IIS 6.0 on the Exchange 2007 server where any kind of redirection is taking place though.  Virtual Directory properies for owa say
  "A directory located on this computer: "C:\Program Files\Microsoft\Exchange Server\ClientAccess\owa"  Enable default content page is checked with default.aspx but I looked at default.aspx in notepad and I don't see ANY code telling it to
  redirect.
  In Exchange 2007 management console OWA internal URL and External URL both sayhttps://legacy.domain.com/owa .
  I have no idea what is causing this redirection.  I did an iisreset and also recycled the OwaAppPool and no change.

• Exchange 2013 CU7 server performance/outage issues.

  Hi Forum,
  We are constantly faced with incidents from users that the connections are lost with the exchange server. As a result, we hired a consultant to install an new Exchange 2013 environment based on the Microsoft, VM-Ware and NetApp best practices.
  We are still having problems with performance issues. From the client prospective, the performance has not changed, weekly hangs are still happening and I’m at my wits end.
  This is our configuration:
  2 Windows Server 2012 R2 CAS and DB
  VM with 4 vCpu, 16GB, 1 Vmxnet3, IPv6 disabled (the Microsoft way)
  VM Ware 5.1 U1
  Cluster without AAP
  DB1 active on Server 1 (Datacenter 1 with 3 host cluster)
  DB2 active on Server 2 (Datacenter 2 with 3 host cluster)
  Veeam 8 Backup (Move-ActiveMailboxDatabase DB2 -ActivateOnServer Server1 , backup server 2 then Move-ActiveMailboxDatabase back to
   Server2.
  Exchange is in Online-Mode due to Citrix XD VDI clients.
  1300 Mailboxes and 750 users.
  NetApp with SATA disks. (1.5TB E: Vol for DB1/1.5TB F: Vol for DB2)
  No archiving
  Unlimited mailbox sizes.
  The problems are:
  If we migrate a non-Exchange VM in the same cluster or to\from the same host, this results in a 30 second to 5 min Outlook outage;
  If we make both DB’s active on mail server 1 and reboot server 2, this results in a 30 second to 5 min Outlook outage;
  If we make both DB’s active on mail server 1 and do a Veeam backup of server 2, sometimes one of the DB’s go back to server 1, on its own;
  While monitoring we see that the w3wp.exe and the Microsoft.Exchange.Store.worker.exe are consuming most of the cpu and memory;
  What can I do to solve the outages?
  Tnx. Timotatty.
  Exchange server performance issues.
  Hi Forum,
  We are constantly faced with incidents from users that the connections are lost with the exchange server. As a result, we hired a consultant to install an new Exchange 2013 environment based on the Microsoft, VM-Ware and NetApp best practices.
  We are still having problems with performance issues. From the client prospective, the performance has not changed, weekly hangs are still happening and I’m at my wits end.
  This is our configuration:
  2 Windows Server 2012 R2 CAS and DB
  VM with 4 vCpu, 16GB, 1 Vmxnet3, IPv6 disabled (the Microsoft way)
  VM Ware 5.1 U1
  Cluster without AAP
  DB1 active on Server 1 (Datacenter 1 with 3 host cluster)
  DB2 active on Server 2 (Datacenter 2 with 3 host cluster)
  Veeam 8 Backup (Move-ActiveMailboxDatabase DB2 -ActivateOnServer Server1 , backup server 2 then Move-ActiveMailboxDatabase back to
   Server2.
  Exchange is in Online-Mode due to Citrix XD VDI clients.
  1300 Mailboxes and 750 users.
  NetApp with SATA disks. (1.5TB E: Vol for DB1/1.5TB F: Vol for DB2)
  No archiving
  Unlimited mailbox sizes.
  The problems are:
  If we migrate a non-Exchange VM in the same cluster or to\from the same host, this results in a 30 second to 5 min Outlook outage;
  If we make both DB’s active on mail server 1 and reboot server 2, this results in a 30 second to 5 min Outlook outage;
  If we make both DB’s active on mail server 1 and do a Veeam backup of server 2, sometimes one of the DB’s go back to server 1, on its own;
  While monitoring we see that the w3wp.exe and the Microsoft.Exchange.Store.worker.exe are consuming most of the cpu and memory;
  What can I do to solve the outages?
  Tnx. Timotatty.

  Hi Simon,<o:p></o:p>
  Apparently we are using basic authentication which result in a FailingCode=401 as seen in the Event Log under Active Monitoring --> Probe Results from ECP and others. This
  became apparent after reading this blog:
  http://blogs.technet.com/b/ehlro/archive/2014/02/20/exchange-2013-managed-availability-healthset-troubleshooting.aspx<o:p></o:p>
  We are now overriding some of the monitors which require Forms Based Authentication.<o:p></o:p>
  Regarding the other 2 issues we have changed the licensing model for Veeam 8 to allow full throughput which will reduce the backup time and add compression.
  The KEMP support team helped us by deselecting Use HTTP/1.1 under View/Modify Services --> ECP –> Modify --> Real Servers. This
  now only flags a service (ECP or ActiveSync or OWA) as being down instead of an etire server should one component fail.<o:p></o:p>
  I am satisfied but still not happy with the steps required to troubleshoot an Unhealthy Health Sets:<o:p></o:p>
  Invoke-MonitoringProbe always returns with: WARNING: Could not find assembly or object type associated with monitor identity '<Healthe Set >\< Probe >'. Please ensure
  that the given monitor identity exists on the server.
  This makes it very difficult to troubleshoot
  Unhealthy Health Sets.
  Regards,
  Timotatty