Exchange 2013 CAS IMAP Proxying to offline 2007 CAS Server

We're running in coexistence mode with 2013 and 2007. We had one of our 2007 CAS servers go down. We have IMAP users that keep getting a login prompt now. Looking at the IMAP logs it's failing when the 2013 CAS server tries
to proxy the IMAP session to the down 2007 CAS server. Is there any way to stop 2013 from attempting to proxy to the down 2007 CAS server? We have 3 other 2007 CAS servers that are available.

Hi,
I‘m following up this thread and if you have any question about the above information I provided, please feel free to let me know.
Thanks,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Angela Shi
TechNet Community Support

Similar Messages

Exchange 2013 CAS server connection to Exchange 2010 Mailbox server

Hi Guys,
I have a quick question i am planning to upgrade my infra from Exchange 2010 to Exchange 2013 and i have come across a small question, my infra looks likes below
3 Exchange server (CAS+ HT + MBX roles) Exchange 2010
1 Exchange server MBX role For journlaing Exchange 2010
1 CAS for internet owa access Exchange 2010
Now i will be installing exchange 2013 CAS on 2 box and MBX on 3 box
will decomm the 3 exchange box which has (CAS+ HT + MBX roles) and 1 CAS which we use for owa access.
will keep the Journaling server as it is will not be decomming it as of now.
My question is is will i be able to connect to the journaling mailbox's which are hosted on exchange 2010 journaling server without actually having any 2010 cas server, will exchange 2013 cas directly help me to connect to the journal mailbox or would i need
to add CAS role on Exchange 2010 journaling server and enable outlook anywhere configure the directories with the url's to make it working.
Please suggest on the same.
BR/Deepak

Hi TheLearner,
Thank you for your question.
Exchange 2013 didn’t connect to the journal mailbox directly when we access it by outlook/OWA. The journal mailbox will connect the former Exchange 2010 CAS. Or we could migrate Journaling mailbox to Exchange 2013. Because Exchange 2010 could communicate
with Exchange 2010 by RPC, but Exchange 2013 could communicate with Exchange 2013 by HTTPS.
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Jim Xu
TechNet Community Support

New Exchange 2013 CAS server in existing Exchange 2007 Organization

Dear Friends,
We have exchange 2007 SP3 with CU13 installed with single copy cluster for database and 1 OWA server for CAS/HT. We will migrate from current to Exchange 2013SP1. As we want to have HA, we have installed 2 new Exchange 2013 SP1 CAS server on widnows 2012
R2 after preparing our organisation for Exchange 2013. The setup went smooth without any error and successfully installed CAS with management tools. After installation it ask to reboot the server which we did. Now after reboot, we are not able to run Exchange
Management Sell. It never connects to the new server. In our old 2007 EMS also doesn't list any exchange 2013 server. We are also not able to connect to new CAS servers with below URL:
https://servername/ecp/?ExchClientVer=15
Its says site under maintenance. Please advise what to check. We were thinking of deploying CAS 1st and make it co-exist with Exchange 2007 before deploying Exchange 2013 mailbox server which will be setup in DAG. What are we doing wrong.
Thanks in advance!!

Dear Friends,
We have exchange 2007 SP3 with CU13 installed with single copy cluster for database and 1 OWA server for CAS/HT. We will migrate from current to Exchange 2013SP1. As we want to have HA, we have installed 2 new Exchange 2013 SP1 CAS server on widnows 2012
R2 after preparing our organisation for Exchange 2013. The setup went smooth without any error and successfully installed CAS with management tools. After installation it ask to reboot the server which we did. Now after reboot, we are not able to run Exchange
Management Sell. It never connects to the new server. In our old 2007 EMS also doesn't list any exchange 2013 server. We are also not able to connect to new CAS servers with below URL:
https://servername/ecp/?ExchClientVer=15
Its says site under maintenance. Please advise what to check. We were thinking of deploying CAS 1st and make it co-exist with Exchange 2007 before deploying Exchange 2013 mailbox server which will be setup in DAG. What are we doing wrong.
Thanks in advance!!
If you have only the 2013 CAS installed and not the mailbox role, then nothing will really work. Remember, in 2013, the mailbox role does all the work, the CAS is simply a proxy for the most part.
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

Some Outlook clients getting internal FQDN of newly installed Exchange 2013 CAS server as Outlook Anywhere Proxy address

Hello Folks,
I have this problem and is making me crazy if anyone have any idea please shed some light on this:-
1. Working Outlook 2010 and 2013 clients with webmail.xyz.com as Outlook Anywhere proxy address.
2. Installed new Exchange 2013 server (server02)with CAS and Mailbox role, Exchange install wizard finished and server is rebooted.
3. Server came up online started changing internal and external FQDN's of Virtual Directories and Outlook Anywhere to webmail.xyz.com
4. As soon as Fqdn's changed some outlook clients create support request that Outlook suddenly white's out and after reopening it is giving error cannot connect to exchange. upon checking Clients Exchange Proxy address is set to http://server02.xyz.com,
even though OA/OWA/ECP/OAB/EWS/Autodiscover/ActiveSync FQDN's Point to webmail.xyz.com, on all servers if i create new outlook profile for same user it picks up correct settings through autodiscover and connects fine, this is happening to about 20% of outlook
clients every time i am introducing new Exchange 2013 server in Organization. we have around 2000 users and planning on installing 4 exchange servers to distribute load and everytime changing outlook profile of close to 150-200 users is not possible.
Any help is greatly appreciated.
Thanks
Cool

Here are the EXCRA results
Here IP (x.x.x.x) returned is my Load Balancer IP (Webmail.xyz.com).
Connectivity Test Successful with Warnings
Test Details
    Testing Outlook connectivity.
    The Outlook connectivity test completed successfully.
       Additional Details
    Elapsed Time: 9881 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to test Autodiscover for [email protected].
    Autodiscover was tested successfully.
       Additional Details
    Elapsed Time: 2063 ms.
       Test Steps
       Attempting each method of contacting the Autodiscover service.
    The Autodiscover service was tested successfully.
       Additional Details
    Elapsed Time: 2063 ms.
       Test Steps
       Attempting to test potential Autodiscover URL https://xyz.com:443/Autodiscover/Autodiscover.xml
    Testing of this potential Autodiscover URL failed.
       Additional Details
    Elapsed Time: 186 ms.
       Test Steps
       Attempting to resolve the host name xyz.com in DNS.
    The host name couldn't be resolved.
       Tell me more about this issue and how to resolve it
       Additional Details
    Host xyz.com couldn't be resolved in DNS InfoNoRecords.
Elapsed Time: 186 ms.
    Attempting to test potential Autodiscover URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml
    Testing of the Autodiscover URL was successful.
       Additional Details
    Elapsed Time: 1876 ms.
       Test Steps
       Attempting to resolve the host name autodiscover.xyz.com in DNS.
    The host name resolved successfully.
       Additional Details
    IP addresses returned: x.x.x.x
Elapsed Time: 338 ms.
    Testing TCP port 443 on host autodiscover.xyz.com to ensure it's listening and open.
    The port was opened successfully.
       Additional Details
    Elapsed Time: 173 ms.
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.
       Additional Details
    Elapsed Time: 318 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.xyz.com on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       Additional Details
    Remote Certificate Subject: CN=webmail.xyz.com, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US.
Elapsed Time: 219 ms.
    Validating the certificate name.
    The certificate name was validated successfully.
       Additional Details
    Host name autodiscover.xyz.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 1 ms.
    Certificate trust is being validated.
    The certificate is trusted and all certificates are present in the chain.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,.
    One or more certificate chains were constructed successfully.
       Additional Details
    A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 36 ms.
    Analyzing the certificate chains for compatibility problems with versions of Windows.
    Potential compatibility problems were identified with some versions of Windows.
       Additional Details
    The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
isn't enabled.
Elapsed Time: 5 ms.
    Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.
       Additional Details
    The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
Elapsed Time: 0 ms.
    Checking the IIS configuration for client certificate authentication.
    Client certificate authentication wasn't detected.
       Additional Details
    Accept/Require Client Certificates isn't configured.
Elapsed Time: 289 ms.
    Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
    The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
       Additional Details
    Elapsed Time: 756 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml for user [email protected].
    The Autodiscover XML response was successfully retrieved.
       Additional Details
    Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Test Exch1</DisplayName>
<LegacyDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1</LegacyDN>
<DeploymentId>4ec753c9-60d9-4c05-9451-5b24e2d527a7</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>[email protected]</Server>
<ServerDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
<ServerVersion>73C0834F</ServerVersion>
<MdbDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>webmail.xyz.com</PublicFolderServer>
<AD>DC-03.domain.xyz.com</AD>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>on</ServerExclusiveConnect>
<EwsPartnerUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsPartnerUrl>
<GroupingInformation>Default-First-Site-Name</GroupingInformation>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://webmail.xyz.com/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://webmail.xyz.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
</Account>
</Response>
</Autodiscover>HTTP Response Headers:
request-id: 9d325a80-f1fd-4496-ac48-2be6bb782c28
X-CalculatedBETarget: Server01.domain.xyz.com
X-DiagInfo: Server01
X-BEServer: Server01
Persistent-Auth: true
X-FEServer: Server01
Content-Length: 11756
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 25 Aug 2014 19:12:25 GMT
Set-Cookie: X-BackEndCookie=S-1-5-21-1293235207-2459173341-1304346827-14544=u56Lnp2ejJqBypqcnsfJx5nSy8ucnNLLnJzP0sfKz8/Sy5nHmsiamZrMyZrLgYHPxtDNy9DNz87L387Gxc7Nxc3J; expires=Thu, 25-Sep-2014 00:12:26 GMT; path=/Autodiscover; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 756 ms.
    Autodiscover settings for Outlook connectivity are being validated.
    The Microsoft Connectivity Analyzer validated the Outlook Autodiscover settings.
       Additional Details
    Elapsed Time: 0 ms.
    Testing RPC over HTTP connectivity to server webmail.xyz.com
    RPC over HTTP connectivity was verified successfully.
       Additional Details
    HTTP Response Headers:
request-id: 835acf95-78b7-40ae-b232-117318d1577e
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: Server01
Date: Mon, 25 Aug 2014 19:12:26 GMT
Content-Length: 0
Elapsed Time: 7817 ms.
       Test Steps
       Attempting to resolve the host name webmail.xyz.com in DNS.
    The host name resolved successfully.
       Additional Details
    IP addresses returned: x.x.x.x
Elapsed Time: 107 ms.
    Testing TCP port 443 on host webmail.xyz.com to ensure it's listening and open.
    The port was opened successfully.
       Additional Details
    Elapsed Time: 180 ms.
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.
       Additional Details
    Elapsed Time: 303 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.xyz.com on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       Additional Details
    Remote Certificate Subject: CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 224 ms.
    Validating the certificate name.
    The certificate name was validated successfully.
       Additional Details
    Host name webmail.xyz.com was found in the Certificate Subject Common name.
Elapsed Time: 0 ms.
    Certificate trust is being validated.
    The certificate is trusted and all certificates are present in the chain.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,
    One or more certificate chains were constructed successfully.
       Additional Details
    A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 34 ms.
    Analyzing the certificate chains for compatibility problems with versions of Windows.
    Potential compatibility problems were identified with some versions of Windows.
       Additional Details
    The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
isn't enabled.
Elapsed Time: 5 ms.
    Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.
       Additional Details
    The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
Elapsed Time: 0 ms.
    Checking the IIS configuration for client certificate authentication.
    Client certificate authentication wasn't detected.
       Additional Details
    Accept/Require Client Certificates isn't configured.
Elapsed Time: 298 ms.
    Testing HTTP Authentication Methods for URL https://webmail.xyz.com/rpc/[email protected]:6002.
    The HTTP authentication methods are correct.
       Additional Details
    The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLMHTTP Response Headers:
request-id: 835acf95-78b7-40ae-b232-117318d1577e
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: Server01
Date: Mon, 25 Aug 2014 19:12:26 GMT
Content-Length: 0
Elapsed Time: 296 ms.
    Attempting to ping RPC proxy webmail.xyz.com.
    RPC Proxy was pinged successfully.
       Additional Details
    Elapsed Time: 454 ms.
    Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 0 ms.
Elapsed Time: 1007 ms.
    Testing the MAPI Address Book endpoint on the Exchange server.
    The address book endpoint was tested successfully.
       Additional Details
    Elapsed Time: 2177 ms.
       Test Steps
       Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 906 ms.
Elapsed Time: 918 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    The test passed with some warnings encountered. Please expand the additional details.
       Tell me more about this issue and how to resolve it
       Additional Details
    The address book Bind operation returned ecNotSupported. This typically indicates that your server requires encryption. The Microsoft Connectivity Analyzer will attempt the Address Book test again with encryption.
NSPI Status: 2147746050
Elapsed Time: 825 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    Check Name succeeded.
       Additional Details
    DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
Elapsed Time: 433 ms.
    Testing the MAPI Referral service on the Exchange Server.
    The Referral service was tested successfully.
       Additional Details
    Elapsed Time: 1808 ms.
       Test Steps
       Attempting to ping the MAPI Referral Service endpoint with identity: [email protected]:6002.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 953 ms.
Elapsed Time: 949 ms.
    Attempting to perform referral for user /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1 on server [email protected].
    We got the address book server successfully.
       Additional Details
    The server returned by the Referral service: [email protected]
Elapsed Time: 858 ms.
    Testing the MAPI Address Book endpoint on the Exchange server.
    The address book endpoint was tested successfully.
       Additional Details
    Elapsed Time: 626 ms.
       Test Steps
       Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 156 ms.
Elapsed Time: 154 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    Check Name succeeded.
       Additional Details
    DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
Elapsed Time: 472 ms.
    Testing the MAPI Mail Store endpoint on the Exchange server.
    We successfully tested the Mail Store endpoint.
       Additional Details
    Elapsed Time: 555 ms.
       Test Steps
       Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 234 ms.
Elapsed Time: 228 ms.
    Attempting to log on to the Mailbox.
    We were able to log on to the Mailbox.
       Additional Details
    Elapsed Time: 326 ms.

Exchange 2013 - CAS Server Multi Namespace & Site Deployment

Hello,
I am
currently designing the new Excahnge 2013 environment that I am looking to deploy by the end of the month. And I have come up with two designs on what could be deployed. The first being an active/passive design with a single namespace across two sites.
One site being the primary site and the other being the secondary DR site in a single DAG. Now this is a common design and similar setups are documented in detail online on many blogs and such.
Where my trouble is with the second design I have come up with which is an active/active model using a multi namespace across the same two sites utilizing two DAGs. The idea here being the first
site is the corporate head office which would only contain those users. While the second site would contain everyone else not based out of the head office. The goal being to cut out internal users from connecting all of the way into the primary site when they
are external to it.
Now the way in which the network is setup between the two sites. Accessing the internet from the primary site requires you to go through the secondary. So for the second design my idea would
be for external Outlook, OWA and ActiveSync connections would connect into the secondary site for it to then proxy over to the primary. Now I am used to how Excahnge 2010 did its proxying and if the ExternalUrl property was blank is knew to proxy to the other
site. Is that still the case with Excahnge 2013 or it does not care at all and I can just populate both the internal/external url properties for all of the CAS servers at the primary site?
Now assuming I do populate both the internal/external url property in Excahnge 2013 for the primary site. And for this example I am going to use mail01.domainname.com for the primary site and
mail02.domainname.com for the second. To get Outlook, OWA and ActiveSync to connect for users of the primary site externally would it be as simple as having that external internet DNS entry for mail01.domainname.com point to the same IP as mail02.domainname.com
would be? With mail02.domainname.com pointing to a externally accessible load balancer for the second site.
Now applying the above logic and assuming as long as you hit a CAS server. And it will find your mailbox for you does that mean I can could also use the same namespace in both locations for
say OWA and ActiveSync? So the idea being we want to keep using webmail.domainname.com for OWA access. So if I set that URL for both the primary and secondary site as long as I hit a CAS server in the secondary site. It will be able to connect over to the
mailbox in the primary site for OWA?
Nicholas

Hello Angela,
I need some clarification to your reply as it has left me a little more confused. Where you start by saying “all client requests will firstly access the internet-facing server”.
Are you talking about when the client is connecting in externally or when the client is internal? As this would make it seem like in my second design where only the secondary site would have internet facing CAS. That clients in the primary site internally
would connect over to the secondary site then be proxyed back to the primary.
Then for the separate namespace portion of your reply. I am assuming you mean the secondary site form my example which will have the internet-facing CAS server? If that is
the case my public DNS entry would be mail02.domain.com only but then how would the client from the primary site who use mail01.domain.com which is not on an internet facing CAS server. Then figure out they can connect in on mail02.domain.com externally from
the internet?
And when you talk about both sites using the same namespace. And using two public DNS entries pointing to the CAS servers in both datacenters. Is that not just going to do
DNS round robin? As described in this technet blog?
http://blogs.technet.com/b/exchange/archive/2014/02/28/namespace-planning-in-exchange-2013.aspx
Or is it because both datacenters will be hosting active mailboxes. Will the clients query each CAS server till it finds one in its site? I do also plan to deploy a load balancer with my CAS servers. So I would think that would cancel our using the two public
DNS option.
Nicholas

Exchange 2013 CAS server returned '500 Message rejected'

Hi, all.
Exchange 2013 with CAS server and 2 mailbox servers. Health checks are all 100% healthy.
One of our users cannot receive email from an external user. Our CAS server keeps rejecting the message. I can trace the message and see that it did indeed hit our servers, and was rejected. But I cannot find out WHY it was rejected.
Here is the Delivery Report from the EAC:
Delivery Report for               NAME ‎([email protected])
Failed
3/30/2015 1:41 PM <CAS servername>
The message couldn't be delivered.
[{LRT=};{LED=500 Message rejected};{FQDN=};{IP=}]
The external user gets this NDR:
<our local CAS servername> gave this error:
Message rejected
In the Diagnostic information for administrator section:
<our local CAS servername> returned '500 message rejected'
followed by the Original message headers. I think I'm looking for some more verbose logging to see what rule or configuration rejected the message. Any help would be greatly appreciated!
Thanks!
Dan

My main question: how can I see what triggered my CAS server to reject this message with error 500?
Our user can receive email from other external senders ok. It seems to be just this one sender having trouble.
Our transport rules are not complex, and I see no rules that would block this sender or domain.
We use Exchange Online Protection. The message gets through EOP and hits our CAS server. The CAS server rejects the message - it never gets to the Client.
The CAS server gives the error 500 - but that's all I can find. I need a command or somewhere to look to see what triggered the 500 error.
I've posted the NDR received by the sender and scrubbed our identifying information.
Rcn.com looks like the sender's online forwarding host - the spf record for senderdomain.net points back to rcn.com. I've run an spf record check and it passes, so I do not believe that is the issue.
Here is the NDR:
From: [email protected]
To: [email protected]
Sent: Monday, March 30, 2015 1:41 PM
Subject: Undeliverable: Hello from FirstName
CAS1.our_internal_domain.local rejected your message to the following email addresses:
FirstName LastName ([email protected])
A problem occurred while delivering your message to this email address. Try sending your message again. If the problem continues, please contact your email admin.
CAS1.our_internal_domain.local gave this error:
Message rejected
Diagnostic information for administrators:
Generating server: BY1PR0501MB1112.namprd05.prod.outlook.com
[email protected]
CAS1.our_internal_domain.local
Remote Server returned '500 Message rejected'
Original message headers:
Received: from BLUPR05CA0049.namprd05.prod.outlook.com (10.141.20.19) by
BY1PR0501MB1112.namprd05.prod.outlook.com (25.160.103.146) with Microsoft
SMTP Server (TLS) id 15.1.118.21; Mon, 30 Mar 2015 17:40:54 +0000
Received: from BL2FFO11FD027.protection.gbl (2a01:111:f400:7c09::115) by
BLUPR05CA0049.outlook.office365.com (2a01:111:e400:855::19) with Microsoft
SMTP Server (TLS) id 15.1.125.19 via Frontend Transport; Mon, 30 Mar 2015
17:40:54 +0000
Received: from smtp.rcn.com (69.168.97.78) by
BL2FFO11FD027.mail.protection.outlook.com (10.173.161.106) with Microsoft
SMTP Server (TLS) id 15.1.130.10 via Frontend Transport; Mon, 30 Mar 2015
17:40:54 +0000
Return-Path: [email protected]
X_CMAE_Category: , ,
X-CNFS-Analysis: v=2.0 cv=PMSNCIWC c=1 sm=1 a=gRQJo8bc1j9+0GSSRogFxg==:17 a=NTyKUL13AAAA:8 a=ML7w5Z3_AAAA:8 a=3H5rcUylbt2uBKgiyYQA:9 a=wPNLvfGTeEIA:10 a=XQfDMMe_SRUA:10 a=SEXQnC1BqQAA:10 a=7ZjHjvgxCjAA:10 a=Wcs1mLwGzyUA:10 a=sBa8ZLUje9YA:10 a=k-GqB2yPh3IA:10
a=N4kHG9ehtKzd7-3o534A:9 a=_W_S_7VecoQA:10 a=gRQJo8bc1j9+0GSSRogFxg==:117
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
X-Authed-Username: ZHAtZm1hQHJjbi5jb20=
Authentication-Results: smtp02.rcn.cmh.synacor.com
[email protected]; sender-id=neutralourdomain.com; dkim=none
(message not signed) header.d=none;ourdomain.com; dmarc=pass action=none
header.from=senderdomain.net;
Authentication-Results: smtp02.rcn.cmh.synacor.com [email protected]; spf=neutral; sender-id=neutral
Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.user=sender; auth=pass (LOGIN)
Received-SPF: neutral (smtp02.rcn.cmh.synacor.com: 69.72.92.252 is neither permitted nor denied by domain of senderdomain.net)
Received: from [69.72.92.252] ([69.72.92.252:2689] helo=FirstNameLastName)
        by smtp.rcn.com (envelope-from <[email protected]>)
        (ecelerity 3.6.2.43620 r(Platform:3.6.2.0)) with ESMTPA
        id 58/6E-17115-4AA89155; Mon, 30 Mar 2015 13:40:53 -0400
Message-ID: <011A7DBF0D954F62987032D45778AF29@FirstNameLastName>
From: FirstName LastName <[email protected]>
To: FirstName LastName <[email protected]>
Subject: Hello from FirstName
Date: Mon, 30 Mar 2015 13:40:49 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_NextPart_000_0007_01D06AEF.223E4A60"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
X-EOPAttributedMessage: 0
Received-SPF: Pass (protection.outlook.com: domain of senderdomain.net designates
69.168.97.78 as permitted sender) receiver=protection.outlook.com;
client-ip=69.168.97.78; helo=smtp.rcn.com;
Authentication-Results: spf=pass (sender IP is 69.168.97.78)
[email protected];
X-Forefront-Antispam-Report:
        CIP:69.168.97.78;CTRY:US;IPV:NLI;EFV:NLI;SFV:SKN;SFS:;DIR:INB;SFP:;SCL:-1;SRVR:BY1PR0501MB1112;H:smtp.rcn.com;FPR:;SPF:None;LANG:en;
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0501MB1112;
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test:
        BCL:0;PCL:0;RULEID:(601004);SRVR:BY1PR0501MB1112;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0501MB1112;
X-OriginatorOrg: ourdomain.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Mar 2015 17:40:54.1243
(UTC)
X-MS-Exchange-CrossTenant-Id: c92ecf05-92f8-42f4-a246-24bee4988793
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0501MB1112
Dan

Exchange 2013 CAS incorrectly proxying after mailbox move to Exchange 2013

Hi,
I am moving Exchange 2010 mailboxes to Exchange 2013 SP1 in production. When I move 2010 mailbox Outlook, OWA works fine right after the move but ActiveSync (HTTPProxy log shows
on CAS 2013 server that it is still re-directing it to Exchange 2010 CAS servers). Exchange 2013 CAS server ActiveSync takes hours before it starts to see that mailbox is moved to Exchange 2013. I am certain it is not ActiveDirectory replication since all
other clients are working.
This time I move another user this time it did not work for 3.5hrs. I had to reboot Exchange 2013 CAS server after that it worked.
There is must be something that is not refreshing on Exchange 2013 CAS server.
Is there anything I can do right after the move to make it quick, I can not re-start server after every mailbox move. Currently we are in Pilot mode and only moving few
mailboxes at a time.
Thanks,
Raman

Hi,
I am moving Exchange 2010 mailboxes to Exchange 2013 SP1 in production. When I move 2010 mailbox Outlook, OWA works fine right after the move but ActiveSync (HTTPProxy log shows
on CAS 2013 server that it is still re-directing it to Exchange 2010 CAS servers). Exchange 2013 CAS server ActiveSync takes hours before it starts to see that mailbox is moved to Exchange 2013. I am certain it is not ActiveDirectory replication since all
other clients are working.
This time I move another user this time it did not work for 3.5hrs. I had to reboot Exchange 2013 CAS server after that it worked.
There is must be something that is not refreshing on Exchange 2013 CAS server.
Is there anything I can do right after the move to make it quick, I can not re-start server after every mailbox move. Currently we are in Pilot mode and only moving few
mailboxes at a time.
Thanks,
Raman
Does simply recycling the ActiveSync app pool speed things up?
Also, I would recommend installing CU6 instead of SP1.
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

Autodiscover after deploying Exchange 2013 CAS in a Exchange 2007 organization

I am deploying Exchange 2013 CAS in a Exchange 2007 organization. Will all the clients be directed to the Exchange 2013 CAS servers for autodiscover. Will there be any issue with outlook clients connecting to their mailbox servers in Exchange 2007

All clients should be pointed to the Exchange 2013 CAS for the autodiscover service. This means:
A. For local clients
You need to modify the autodiscover Internal URI on the Exchange 2007 server and point it to Exchange 2013. For example, if you are using split-brain DNS on the Local Network and mail.yourdomain.com is resolved to Exchange 2013 local IP, the Exchange 2007
Autodiscover Internal URI should be "https://mail.yourdomain.com/Autodiscover/Autodiscover.xml"
Exactly the same way, you should modify the Exchange 2013 Autodiscover Internal URI and use the same address "https://mail.yourdomain.com/Autodiscover/Autodiscover.xml"
B. For remote clients - all clients will hit the Exchange 2013 CAS first (ex. mail.yourdomain.com)
If the user's mailbox is on Exchange 2007 server, the correct XML will be generated and provided, and the user will be proxied for Outlook Anywhere/ActiveSync and redirected for OWA/WebServices
If the user's mailbox is on Exchange 2013 server, the correct XML will be generated and provided
Bottom line - based on the location of the user's mailbox, Exchange 2013 will generate and provide the correct XML file (there is not proxying involved in providing the Autodiscover info).

Deploying 2x Exchange Server 2013 CAS server email traffic high availability during patching & reboot

Hi people,
What is the best way to utilize VMware technology to host 2x the Exchange Server 2013 CAS role VM in my production VM to ensure that the email traffic is not halted during server patching ?
Previously in Exchange Server 2007 I am using Windows NLB (IGMP Multicast) on my ESXi 4.1, now with ESXi 5.1 and 2013 I wonder if there is any better way to make sure that the server failover does not disrupt the mail flow between the Smarthost and the CAS server role.
Thanks

Hey AlbertWT,
Can you clarify exactly what you mean when you say "server patching?" Do you mean patching at the ESXi host level or something within the guest?
As you probably know Exchange 2013 CAS no longer needs NLB or even a hardware load balancer. Due to changes in the architecture, even simple DNS round robin is "enough" to load balance the CAS role. NLB has its own set of headaches which you are probably all too familiar with so getting rid of that can help remove a lot of complexity from the situation.
If you can clarify what you mean by "server patching" and "server failover" in your post I think that would be helpful for me to give you a more definitive answer.
Matt
http://www.thelowercasew.com

Exchange 2013 CAS - Round Robin DNS not working properly

I have exchange 2013 server (2MB, 2CAS) server. I created two dns records for mail.test.com, autodiscover.test.com pointing to my two CAS servers.
But the problem is if i switched of one cas server, client outlook not connecting automatically to other CAS server. By restarting the outlook also its not working. By restarting the system or running the command ipconfig /flushdns in command prompt, it
working.
is there any configuration iam missing, please advice how to achieve decent load balancing in Exchange 2013 CAS without going for third party Loadbalancer...

I have exchange 2013 server (2MB, 2CAS) server. I created two dns records for mail.test.com, autodiscover.test.com pointing to my two CAS servers.
But the problem is if i switched of one cas server, client outlook not connecting automatically to other CAS server. By restarting the outlook also its not working. By restarting the system or running the command ipconfig /flushdns in command prompt, it
working.
is there any configuration iam missing, please advice how to achieve decent load balancing in Exchange 2013 CAS without going for third party Loadbalancer...
If a CAS role server is down or unable to service clients, you have to remove it from DNS round-robin consideration manually. There is no health check with DNS round-robin unlike a true load balancer.
Also, I would set the TTL to a low value for the CAS servers in the round-robin.
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

Exchange 2010 CAS proxy to Exchange 2013 CAS: Use the following link to open this mailbox with the best performance:

Hello,
I've installed Exchange 2013 into Exchange 2010 infrastructure
[ single Exchange 2010 server; single AD site; AD = 2003 ],
and moved one mailbox [ Test user ] to Exchange 2013.
When I login internally through 2013 OWA to access mailboxes on 2010, then proxy works fine.
When I login internally through 2010 OWA to access mailboxes on 2013, then a message appears:
    Use the following link to open this mailbox with the best performance: with link to 2013 OWA...
What is wrong ?
I've checked and changed settings by:
Get-OwaVirtualDirectory, Set-OwaVirtualDirectory
[PS] C:\work>Get-OwaVirtualDirectory -Identity 'ex10\owa (Default Web Site)' | fl server,name, *auth*,*redir*,*url*
Server                        : EX10
Name                          : owa (Default Web Site)
ClientAuthCleanupLevel        : High
InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
BasicAuthentication           : True
WindowsAuthentication         : True
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}
RedirectToOptimalOWAServer    : True
LegacyRedirectType            : Silent
Url                           : {}
SetPhotoURL                   :
Exchange2003Url               :
FailbackUrl                   :
InternalUrl                   : https://ex10.contoso.com/owa
ExternalUrl                   : https://ex10.contoso.com/owa
[PS] C:\work>Get-OwaVirtualDirectory -Identity 'ex13\owa (Default Web Site)' | fl server,name, *auth*,*redir*,*url*
Server                        : EX13
Name                          : owa (Default Web Site)
ClientAuthCleanupLevel        : High
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication           : True
WindowsAuthentication         : True
DigestAuthentication          : False
FormsAuthentication           : False
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}
RedirectToOptimalOWAServer    : True
LegacyRedirectType            : Silent
Url                           : {}
SetPhotoURL                   :
Exchange2003Url               :
FailbackUrl                   :
InternalUrl                   : https://ex13.contoso.com/owa
ExternalUrl                   :
best regards Janusz Such

Hi Janusz Such,
Based on my knowledge, CAS proxy can only from later version to previous version.
Some like CAS2013 to CAS2010/2007, CAS2013 to CAS2013.
Thanks
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Mavis Huang
TechNet Community Support

Exchange 2013 CAS-MBX / Exchange 2007 Edge Mail flow

I am in the process of migrating from Exchange 2007 to Exchange 2013. I have installed my 2013 Cas/MBX into my environment with the existing 2007 Hub/MBX and existing 2007 Edge. Mail flow on the 2007 side is unchanged (working) but on the 2013
side I am able to receive mail but I can't send (from test mailbox). It just sits in the que on the 2013 CAS/MBX until it expires.
Any ideas? My Exchange 2007 servers are both upgraded to SP3 Rollup 13 so the versions should be fine.

I redid my edge subscription (applying the xml on the 2013 hub). All works the same (mail flow on the 2007 side works fine but unable to send out for mailbox's that live on the 2013 side). One thing I noticed is that when I ran start-edgesynchronization
I get the following:
RunspaceId : xxxxxx
Result : CouldNotConnect
Type : Recipients
Name : XXXX
FailureDetails : The LDAP server is unavailable.
StartUTC : 9/15/2014 2:03:23 AM
EndUTC : 9/15/2014 2:03:23 AM
Added : 0
Deleted : 0
Updated : 0
Scanned : 0
TargetScanned : 0
RunspaceId : xxxxxx
Result : CouldNotConnect
Type : Configuration
Name : XXXX
FailureDetails : The LDAP server is unavailable.
StartUTC : 9/15/2014 2:03:23 AM
EndUTC : 9/15/2014 2:03:23 AM
Added : 0
Deleted : 0
Updated : 0
Scanned : 0
TargetScanned : 0
I am able to ping my domain controllers / edge server and I can also telnet to ports 389 & 3268. I have restarted my Active directory topology service

Cannot receive mail on Exchange 2013 CAS: 451 4.7.0 Temporary server error. Please try again later. PRX4

Hi all,
I have just deployed Exchange 2013 on two CAS boxes and two MBX boxes as follows:
10.10.20.11
CAS01
10.10.20.12
CAS02
10.10.10.11
MBX01
10.10.10.12
MBX02
If I telnet to the internet facing IP on CAS01 and attempt to send an email internally (to a mailbox on MBX01) I get the following:
220 smtp.myrealdomain.com Microsoft ESMTP MAIL Service ready at Wed, 26 Mar 2014 01:14:24 +1000
EHLO test.com
250-smtp.myrealdomain.com Hello [10.10.20.11]
250-SIZE 36700160
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH
250-8BITMIME
250-BINARYMIME
250 CHUNKING
MAIL FROM:[email protected]
250 2.1.0 Sender OK
RCPT TO:[email protected]
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
Subject:Test email 452
This is test email 452
451 4.7.0 Temporary server error. Please try again later. PRX4
Connectivity Log on CAS01:
2014-03-25T15:27:15.353Z,08D11605A575FAE1,SMTP,internalproxy,+,Undefined 00000000-0000-0000-0000-000000000000;QueueLength=<no priority counts>
2014-03-25T15:27:15.353Z,08D11605A575FAE1,SMTP,internalproxy,>,"MBX02.myaddomain.com[10.10.10.12], MBX01.myaddomain.com[10.10.10.11]"
2014-03-25T15:27:15.353Z,08D11605A575FAE1,SMTP,internalproxy,>,Established connection to 10.10.10.12
2014-03-25T15:27:15.369Z,08D11605A575FAE1,SMTP,internalproxy,-,Messages: 0 Bytes: 0 (Attempting next target)
2014-03-25T15:27:15.369Z,08D11605A575FAE2,SMTP,internalproxy,+,Undefined 00000000-0000-0000-0000-000000000000;QueueLength=<no priority counts>
2014-03-25T15:27:15.369Z,08D11605A575FAE2,SMTP,internalproxy,>,Established connection to 10.10.10.11
2014-03-25T15:27:15.369Z,08D11605A575FAE2,SMTP,internalproxy,-,Messages: 0 Bytes: 0 (Retry : EHLO Options do not match for proxy)
2014-03-25T15:28:10.328Z,08D11605A575FAFA,SMTP,internalproxy,+,Undefined 00000000-0000-0000-0000-000000000000;QueueLength=<no priority counts>
2014-03-25T15:28:21.669Z,08D11605A575FAFA,SMTP,internalproxy,>,"MBX01.myaddomain.com[10.10.10.11], MBX02.myaddomain.com[10.10.10.12]"
2014-03-25T15:28:21.669Z,08D11605A575FAFA,SMTP,internalproxy,>,Established connection to 10.10.10.11
2014-03-25T15:28:21.669Z,08D11605A575FAFA,SMTP,internalproxy,-,Messages: 0 Bytes: 0 (Attempting next target)
2014-03-25T15:28:21.669Z,08D11605A575FAFF,SMTP,internalproxy,+,Undefined 00000000-0000-0000-0000-000000000000;QueueLength=<no priority counts>
2014-03-25T15:28:21.669Z,08D11605A575FAFF,SMTP,internalproxy,>,Established connection to 10.10.10.12
2014-03-25T15:28:21.669Z,08D11605A575FAFF,SMTP,internalproxy,-,Messages: 0 Bytes: 0 (Retry : EHLO Options do not match for proxy)
SmtpSend Log on CAS01:
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,1,10.10.20.11:25495,10.10.10.12:25,+,,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,2,10.10.20.11:25495,10.10.10.12:25,<,220 ********************************************************************************************************************,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,3,10.10.20.11:25495,10.10.10.12:25,*,,Proxying inbound session with session id 08D11605A575FB5D
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,4,10.10.20.11:25495,10.10.10.12:25,>,EHLO CAS01.myaddomain.com,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,5,10.10.20.11:25495,10.10.10.12:25,<,250-MBX02.myaddomain.com Hello [10.10.20.11],
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,6,10.10.20.11:25495,10.10.10.12:25,<,250-SIZE,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,7,10.10.20.11:25495,10.10.10.12:25,<,250-PIPELINING,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,8,10.10.20.11:25495,10.10.10.12:25,<,250-DSN,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,9,10.10.20.11:25495,10.10.10.12:25,<,250-ENHANCEDSTATUSCODES,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,10,10.10.20.11:25495,10.10.10.12:25,<,250-XXXXXXXA,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,11,10.10.20.11:25495,10.10.10.12:25,<,250-XXXXXXXXXXXXXB,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,12,10.10.20.11:25495,10.10.10.12:25,<,250-AUTH NTLM,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,13,10.10.20.11:25495,10.10.10.12:25,<,250-XXXXXXXXXXXXXXXXXC,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,14,10.10.20.11:25495,10.10.10.12:25,<,250-8BITMIME,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,15,10.10.20.11:25495,10.10.10.12:25,<,250-BINARYMIME,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,16,10.10.20.11:25495,10.10.10.12:25,<,250-XXXXXXXD,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,17,10.10.20.11:25495,10.10.10.12:25,<,250-XXXXXXE,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,18,10.10.20.11:25495,10.10.10.12:25,<,250-XXXXF,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,19,10.10.20.11:25495,10.10.10.12:25,<,250 XXXXXXXXXXXXXG,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,20,10.10.20.11:25495,10.10.10.12:25,*,,"EHLO options between current server and proxy target do not match : Chunking, Xrdst. Critical non
matching options : Chunking, Xrdst. Failing over."
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,0,,10.10.10.11:25,*,,attempting to connect
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,21,10.10.20.11:25495,10.10.10.12:25,>,QUIT,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,1,10.10.20.11:25496,10.10.10.11:25,+,,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,22,10.10.20.11:25495,10.10.10.12:25,<,221 2.0.0 Service closing transmission channel,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB5E,23,10.10.20.11:25495,10.10.10.12:25,-,,Local
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,2,10.10.20.11:25496,10.10.10.11:25,<,220 ********************************************************************************************************************,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,3,10.10.20.11:25496,10.10.10.11:25,*,,Proxying inbound session with session id 08D11605A575FB5D
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,4,10.10.20.11:25496,10.10.10.11:25,>,EHLO CAS01.myaddomain.com,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,5,10.10.20.11:25496,10.10.10.11:25,<,250-MBX01.myaddomain.com Hello [10.10.20.11],
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,6,10.10.20.11:25496,10.10.10.11:25,<,250-SIZE,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,7,10.10.20.11:25496,10.10.10.11:25,<,250-PIPELINING,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,8,10.10.20.11:25496,10.10.10.11:25,<,250-DSN,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,9,10.10.20.11:25496,10.10.10.11:25,<,250-ENHANCEDSTATUSCODES,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,10,10.10.20.11:25496,10.10.10.11:25,<,250-XXXXXXXA,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,11,10.10.20.11:25496,10.10.10.11:25,<,250-XXXXXXXXXXXXXB,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,12,10.10.20.11:25496,10.10.10.11:25,<,250-AUTH NTLM,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,13,10.10.20.11:25496,10.10.10.11:25,<,250-XXXXXXXXXXXXXXXXXC,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,14,10.10.20.11:25496,10.10.10.11:25,<,250-8BITMIME,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,15,10.10.20.11:25496,10.10.10.11:25,<,250-BINARYMIME,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,16,10.10.20.11:25496,10.10.10.11:25,<,250-XXXXXXXD,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,17,10.10.20.11:25496,10.10.10.11:25,<,250-XXXXXXE,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,18,10.10.20.11:25496,10.10.10.11:25,<,250-XXXXF,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,19,10.10.20.11:25496,10.10.10.11:25,<,250 XXXXXXXXXXXXXG,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,20,10.10.20.11:25496,10.10.10.11:25,*,,"EHLO options between current server and proxy target do not match : Chunking, Xrdst. Critical non
matching options : Chunking, Xrdst. Failing over."
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,21,10.10.20.11:25496,10.10.10.11:25,>,QUIT,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,22,10.10.20.11:25496,10.10.10.11:25,<,221 2.0.0 Service closing transmission channel,
2014-03-25T15:32:34.158Z,Inbound Proxy Internal Send Connector,08D11605A575FB67,23,10.10.20.11:25496,10.10.10.11:25,-,,Local
Can anyone help? I'm at the end of my Googling!

The answer has been found. In our case, we had to disable the Mailguard feature of the Cisco ASA between the CAS subnet and the MBX subnet. Essentially it was stripping AUTH commands from the SMTP handshake which meant the servers could not authenticate
to each other and establish a secured connection.
I guess for future reference, if you're getting a PRX4 error code you should look at any device that could be inspecting SMTP between your CAS and MBX servers.
This Microsoft KB article has more information: http://support.microsoft.com/kb/320027

Exchange 2013 CAS functionality in coexistence with Exchange 2010 CAS

Hi,
I am planning to migrate Exchange 2010 to Exchange 2013 for 15000 users. We have a pool of 6 CAS 2010 servers added in a single CAS array. So my question is if we introduce a new CAS 2013 server in same site then will it affect CAS traffic anyway ? If we
point our HLB to all CAS servers including CAS 2010 and CAS 2013 so will the CAS 2010 servers wil take traffic or is it only CAS 2013 servers who will take traffic. We will be putting same URLs in CAS 2013 same as CAS 2010. I have read lot of MS articles and
all say that CAS 2013 should be enabled for CAS traffic and it will proxy request to CAS 2010. But I am not sure if we will face any CAS traffic issue whenever we will introduce CAS 2013 servers in same site and traffic will be pointed to CAS 2010 and CAS
2013 both. Is it possible to add CAS 2013 in Exchange 2010 CAS array ? Please guide. Thanks in advance.

For mailbox that exist on Exchange 2010, EXCH2013 CAS will proxy the request to an Exchange 2010 Client Access servers that exists within the mailbox’s local site.
For mailboxes that exist on Exchange 2013, EXCH2013 CAS will proxy the request to the Exchange 2013 Mailbox server that is hosting the active copy of the user’s mailbox which will generate the Autodiscover response.
-->Is it possible to add CAS 2013 in Exchange 2010 CAS array ?
No. CAS Array is no longer exits in Exchange 2013. But concept of a single namespace for Outlook connectivity remains. Please check this and this. In
your case you dont need to worry as you have a HLB in place it will do the job
When a new exchange2013 is deployed Outlook Anywhere has been enabled on all Client Access servers within the infrastructure and the mail.contoso.com and autodiscover.contoso.com namespaces have been moved to resolve to Exchange 2013 Client Access server
infrastructure. In your case it is pointed to both as you have a load balancer in place but the same URL should be configured in exch2013
Make sure you have exchange2010-SP3 minimum as it is the prerequisite requirement for upgarding EXCh2010 to 2013.
Please check the exchange server deployment assistant
tool for moving mailboxes
After moving a mailbox check the URLs. Configure autodiscover,EWS,OAB URLs on exchange2013. Please check this as
well for checking URLs.
I hope you know MAPI/RPC (RPC over TCP) traffic is now replaced with RPC over HTTP/s instead in exch2013.
Thanks
MAS
Please don't forget to mark an answer if it answers your question or mark as helpful if it helps

Connect to Exchange 2013 using IMAP/SMTP from the Internet

Hello,
I would like to enable connectivity to my exchange server using imap and smtp. my exchange server is using the default configuration for imap and smtp which are port 143 and 25 respectively. I have two exchange servers both with CAS and MB roles
installed. I also have an edge server on my DMZ. I have also published my OWA using IIS ARR module. I wonder where I should direct my traffic from my firewall to enable IMAP connectivity taking into considerations my two servers with CAS and MB roles are inside
my network. I also wonder how I can enable redundancy for IMAP connections. Thanks a lot.
Regards,
Pooriya
Pooriya Aghaalitari

Hi Pooriya,
When you install Microsoft Exchange Server 2013, IMAP4 client connectivity isn't enabled. We can do the following steps to configure it:
1. Start two IMAP services: the Microsoft Exchange IMAP4 service and the Microsoft Exchange IMAP4 Backend service.
Set-service msExchangeIMAP4 -startuptype automatic
Start-service msExchangeIMAP4
Set-service msExchangeIMAP4BE -startuptype automatic
Start-service msExchangeIMAP4BE
2. Make sure there is an valid certificate which is assigned with IMAP service. Also confirm the Published Exchange server name (For example: mail.domain.com) has been included in this certificate:
Get-ExchangeCertificate | FL
3. Configure the external IMAP connection settings:
Set-ImapSettings -ExternalConnectionSetting {mail.domain.com:993:SSL}
4. Configure SMTP settings:
Get-ReceiveConnector "*\client Frontend*" | Set-ReceiveConnector -AdvertiseClientSettings $true -Fqdn mail.domain.com
5. You must restart IIS service (running IISReset /noforce from the Command Prompt window) after applying all settings.
For more information about IMAP in Exchange 2013, please refer to:
http://technet.microsoft.com/en-us/library/jj657728(v=exchg.150).aspx
Regards,
Winnie Liang
TechNet Community Support

Exchange 2013 CAS IMAP Proxying to offline 2007 CAS Server

Similar Messages

Maybe you are looking for