Exchange 2013 co-existence with Exchange 2010 proxying issue.

Hello,
I am testing Exchange 2010 and Exchange 2013 co-existence in my test lab at the moment, with
a view to migrating our production environment to 2013 later in the year.
The lab is setup, and the problem I'm having is that internal Outlook clients cannot open
their respective mailboxes once the 2013 CAS server is introduced into the mix.
The
setup is listed below:
EXCHANGE 2010 Servers
TESTLABEXCH01 - CAS,HT,MBX - Exchange 2010 SP3
TESTLABEXCH02 - CAS,HT,MBX - Exchange 2010 SP3
Both servers are part of a CAS Array - casarray01.testlab.local
Both servers are part of a DAG - DAG01.testlab.local
RpcClientAccessServer on all 2010 databases set to casarray01.testlab.local
The A record for casarray01.testlab.local points to the IP of the VIP of a load balancer.
The loadbalancer serves
the following ports: 25,80,443,143,993,110,995,135,60200,60201
OutlookAnywhere is enabled on both servers:
ClientAuthenticationMethod : Ntlm
IISAuthenticationMethods   : {Basic, Ntlm}
Internal and external mail flow works without issue before the 2013 server is introduced.
Internal and external client access works without issue before the 2013 server is introduced.
Part Two to follow.....
Matt

EXCHANGE 2013 Servers :
TESTLABEXCH03 - CAS,MBX - Exchange 2013 SP1
OutlookAnywhere is enabled on the server:
ClientAuthenticationMethod : Ntlm
IISAuthenticationMethods   : {Basic, Ntlm}
RpcClientAccessServer on all 2013 databases set to casarray01.testlab.local
(This an inherited setting I assume from the pre-existing 2010 organization)
Split DNS is in place and all internal/external URL's point to either:
autidiscover.external.com
mail.external.com
The A record for the mail.external.com points to the IP of the load balancer VIP
The CNAME record for autodiscover.external.com points to mail.external.com
When the TESTLABEXCH03 is added to the load balancer config,
and given highest priority this is when the Outlook clients stop working.
Any existing profiles in Outlook 2010/Outlook 2013 can no be opened as there is a persistent
credentials prompt.
Upon trying to create a new profile, the process errors when reaching the "Log onto server"
stage and again prompts for credentials.
Running the test-outlookconnectivity cmdlet from
either of the 2010 servers produces the following results.
[PS] C:\Windows\system32>Test-OutlookConnectivity -Protocol:http
ClientAccessServer   ServiceEndpoint
Scenario                            Result Latency
TESTLABEXCH02 autodiscover.external.com    Autodiscover:
Web service request. Success 343.20
TESTLABEXCH02 casarray01.testlab.local       RpcProxy::VerifyRpcProxy.
Success    0.00
TESTLABEXCH02 casarray01.testlab.local         RFRI::GetReferral.
Failure   -1.00
TESTLABEXCH02 casarray01.testlab.local        NSPI::GetProfileDetails.
Failure   -1.00
TESTLABEXCH02 casarray01.testlab.local
Mailbox::Connect.                   Failure   -1.00
TESTLABEXCH02 casarray01.testlab.local
Mailbox::Logon.                     Skipped   -1.00
If remove the 2013 CAS server from the loadbalancer config and
all connections go directly to the 2010 servers again, all of the above tests pass and Outlook connectivity is also restored.
IIS has been reset on all 3 servers incidentally, following any changes made whilst troubleshooting.
I'm struggling to see what I'm missing here, if anyone can assist in troubleshooting this
matter further, or point out any errors in my setup it would be greatly appreciated.
Regards
Matt
Matt

Similar Messages

Exchange 2013 EAC coexistence with Exchange 2007

Dear All,
I have an exchange organization comprized of single Exchange 2007 SP3 UR 15 running on Win2008 SP2 and two recently installed Exchange 2013 SP1 CU7 with CAS and Mailbox role running on Win 2012 R2.
Imidiantly after Exchange 2013 install, I am not able to login to Exchange 2013 EAC. When I enter my credentials domain\username, the EAC page simpli dose a quick refresh and I am back where I started.
I have tryid mutiple UTLs to access EAC page, such as:
https://localhost/ecp?ExchClientVer=15
https://localhost/ecp?ExchClientVer=14
https://localhost/ecp
Each of them show the same result, a page gets refreshet. I have tryid to move my Exchange Organization user mailbox to Exchange 2013 to see if that helps but the result.
I also noticed that OWA dosent work for mailboxes that are on Exchange 2013, they are redirected to Exchange 2007 even thou they are on Exchange 2013.
Any idea on this one?
Thank you
b.

Hi,
From your description, I would like to verify if you have configured Exchange 2013 namespace and virtual directories (such as OWA, ECP, OAB, Web Services, AutoDiscover)correctly. Please make sure these virtual directories are configured correctly and check
the result.
For more information about Exchange 2007 migration to Exchange 2013, here is a helpful blog for your reference.
Step-by-Step Exchange 2007 to 2013 Migration
http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-2-step-by-step-exchange-2007-to-2013-migration.aspx
Hope this can be helpful to you.
Best regards,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Amy Wang
TechNet Community Support

Exchange 2013 Sp1 Coexistence with Exchange 2010 SP3 CU5 HTTP 500

I`m trying to make working OWA coexistence between Exchange 2013 SP1 and Exchange 2010 SP3 CU5.
When user login in to OWA where his mailbox is located on Exchange 2013 server it logon successful and owa opened. When i try to login to the same url with user whose mailbox is located on Exchange 2010 server i get Error http 50
The website cannot display the page : HTTP 500 »https://URLEXCHANGE2013/owa/auth.owa«
The same is, when i use https:// URLEXCHANGE2013/ecp?ExchClientVer=14
URL on Exchange 2013 are different as fro Exchange 2010.
I even tried to setup Internal URL for Exchange 2010 to bi set to »null ,Saem error
Exchange server 2013 Sp1 is installed on Windows server 2012 R2.

Assumption is correct. I have even enable verbose logging, and i can see MSExchange Front End HTTP Proxy , that successfully connect to Exchange 2010 server.
But remember Exchange 2013 is fresh installation on Windows server 2012 R2.
IIS LOG
2014-03-04 08:52:53 fe80::99d1:f542:a4d3:b469%12 RPC_IN_DATA /rpc/rpcproxy.dll [email protected]:6001&CorrelationID=<empty>;&RequestId=391fd8b3-2b98-494a-8812-d38feda2e5a0&cafeReqId=391fd8b3-2b98-494a-8812-d38feda2e5a0;
443 companyNT\SM_9c071c4922fd420fb fe80::99d1:f542:a4d3:b469%12 MSRPC - 200 0 0 5484
2014-03-04 08:52:53 fe80::99d1:f542:a4d3:b469%12 RPC_IN_DATA /rpc/rpcproxy.dll [email protected]:6001&CorrelationID=<empty>;&RequestId=27cfafa2-8224-4563-918b-0b228c6ee8d4&cafeReqId=27cfafa2-8224-4563-918b-0b228c6ee8d4;
443 - fe80::99d1:f542:a4d3:b469%12 MSRPC - 401 1 2148074254 0
2014-03-04 08:52:53 fe80::99d1:f542:a4d3:b469%12 RPC_OUT_DATA /rpc/rpcproxy.dll [email protected]:6001&CorrelationID=<empty>;&RequestId=6d930bcd-7bbc-415a-a25a-8d6488e91401&cafeReqId=6d930bcd-7bbc-415a-a25a-8d6488e91401;
443 - fe80::99d1:f542:a4d3:b469%12 MSRPC - 401 1 2148074254 15
2014-03-04 08:52:55 10.1.0.36 GET /owa/ &CorrelationID=<empty>;&cafeReqId=551cfdd9-18ac-42d8-aea3-cbb546c9d9fb; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C) https://OWA.company.com/
302 0 0 9937
2014-03-04 08:52:56 10.1.0.36 GET /owa/auth/logon.aspx url=https%3a%2f%2fOWA.company.com%2fowa%2f&reason=0&CorrelationID=<empty>;&cafeReqId=c1b97df9-ec56-4906-b2f5-965551b720ae; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C)
https://OWA.company.com/ 200 0 0 1015
2014-03-04 08:52:56 10.1.0.36 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fOWA.company.com%2fowa%2f&CorrelationID=<empty>;&cafeReqId=b92ca682-04f4-4d4f-931e-9a95680ab9ea; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C)
- 200 0 0 671
2014-03-04 08:52:58 10.1.0.36 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=093bd01a-de59-4519-80f6-067484122091; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING) - 302 0 0 0
2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/logon.aspx url=https%3a%2f%2fEXCH2013%2fecp%2f&reason=0&CorrelationID=<empty>;&cafeReqId=c2f7565d-ee6a-48f8-8d86-16d5d3ca65c1; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
- 200 0 0 0
2014-03-04 08:52:58 10.1.0.36 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=ba633030-2376-4bad-a32f-8f160bd87bd4; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING) - 302 0 0 0
2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/logon.aspx url=https%3a%2f%2fEXCH2013%2fecp%2f&reason=0&CorrelationID=<empty>;&cafeReqId=5e94172c-d97c-46a9-a602-6030d6f7da2c; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
- 200 0 0 0
2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fEXCH2013%2fecp%2f&CorrelationID=<empty>;&cafeReqId=9ba2caf3-2a03-44a2-8477-2724689e139c; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
- 200 0 0 46
2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/15.0.847/scripts/premium/flogon.js &CorrelationID=<empty>;&cafeReqId=62bb4655-3bfa-4e07-aa62-27c93e7e8b4d; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
- 200 0 0 0
2014-03-04 08:52:59 10.1.0.36 POST /owa/auth.owa &CorrelationID=<empty>;&cafeReqId=9d52ec1a-2ee1-4954-85e6-89e7e5df407a; 443 [email protected] 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
- 302 0 0 812
2014-03-04 08:52:59 ::1 GET /OWA/Calendar/[email protected]/calendar/calendar.html &CorrelationID=<empty>;&cafeReqId=4ea66475-9a47-41a4-81cb-6b569715d0d6; 443 - ::1 AMProbe/Local/ClientAccess - 200 0 0 8859
2014-03-04 08:53:01 10.1.0.36 POST /owa/auth.owa &CorrelationID=<empty>;&cafeReqId=b3db7480-2192-436c-b01d-29d0e528cfec; 443 UseronEX2010 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C) https://OWA.company.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fOWA.company.com%2fowa%2f
500 0 0 187
2014-03-04 08:53:04 127.0.0.1 GET /Microsoft-Server-ActiveSync/default.eas &CorrelationID=<empty>;&cafeReqId=2e2a655b-00b9-42ae-8789-1e452e6579c3; 443 [email protected] 127.0.0.1 AMProbe/Local/ClientAccess
- 200 0 0 8265
2014-03-04 08:53:14 10.1.0.36 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=8741886f-b9b1-46f9-8c15-baf35809a12c; 443 [email protected] 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
- 200 0 0 15265
2014-03-04 08:53:14 127.0.0.1 GET /OWA/auth.owa &CorrelationID=<empty>;&cafeReqId=8ad938fb-f2c3-42bf-8718-da62b122422c; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 302 0 0 15
HTTPERR LOG :
2014-03-04 08:51:48 10.1.0.36 13937 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
2014-03-04 08:51:48 fe80::99d1:f542:a4d3:b469%12 13872 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
2014-03-04 08:52:25 10.1.0.36 13937 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
2014-03-04 08:52:25 fe80::99d1:f542:a4d3:b469%12 13872 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
2014-03-04 08:52:30 127.0.0.1 14122 127.0.0.1 443 HTTP/1.1 GET /RPC/[email protected] 404 - NotFound -
2014-03-04 08:52:30 ::1%0 14121 ::1%0 443 HTTP/1.1 GET /ecp/ReportingWebService/ 404 - NotFound -
2014-03-04 08:54:42 ::1%0 14117 ::1%0 444 - - - - - Timer_ConnectionIdle -
2014-03-04 08:54:48 10.1.0.36 14211 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
2014-03-04 08:54:48 fe80::99d1:f542:a4d3:b469%12 14285 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
2014-03-04 08:55:35 10.1.0.36 14211 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
2014-03-04 08:55:35 fe80::99d1:f542:a4d3:b469%12 14285 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
Trace login, ok it is xml, so print is..
-Request Summary
Site
1
Process
8232
Failure Reason
STATUS_CODE
Trigger Status
500
Final Status
500
Time Taken
500 msec
Url
http://EXCH2013.companyNT.local:80/powershell?clientApplication=ActiveMonitor;PSVersion=4.0&sessionID=Version_15.0_(Build_846.0)=rJqNiZqNgZuQkpqT0pqH0ZuQkpqTkYvRk5CcnpOBzsbLzsbGyczJyIHPzNDPy9DNz87L38/Gxc/KxcrJ
App Pool
MSExchangePowerShellFrontEndAppPool
Authentication
Kerberos
User from token
companyNT\SM_9c071c4922fd420fb
Activity ID
{8000134C-0001-E300-B63F-84710C7967BB}
-Errors & Warnings
No.↓
Severity
Event
Module Name
157. view trace
Warning
-MODULE_SET_RESPONSE_ERROR_STATUS
ModuleName
ManagedPipelineHandler
Notification
EXECUTE_REQUEST_HANDLER
HttpStatus
500
HttpReason
Request Failed
HttpSubStatus
0
ErrorCode
The operation completed successfully.
(0x0)
ConfigExceptionInfo
ManagedPipelineHandler
See all events for the request

Exchange 2013 co-existence with 2007 can not send from 2013 - receives OK

2013 SP1 -separate servers for MBX and CAS - 4 of each. Exchange 2007 configured as a CCR
I am in co-existence mode but have not yet switched on the legacy.domainname.com. I have a new certificate installed on all servers - 2007 and 2013 with the legacy namespace included
I can receive on the exchange 2013 servers and can send to exchange 2013 users but cannot send to 2007 users or externally. I have enabled protocol logging and I'm seeing:
2014-04-02T00:57:31.476Z,Outbound Primary,08D1120CF8FEEDBA,0,,10.0.9.1:25,*,,attempting to connect
2014-04-02T00:57:52.521Z,Outbound Primary,08D1120CF8FEEDBA,1,,10.0.9.1:25,*,,"Failed to connect. Winsock error code: 10060, Win32 error code: 10060, Error Message: A connection attempt failed because the connected party did not properly respond after a
period of time, or established connection failed because connected host has failed to respond 10.0.9.1:25"
The client has a pair of Axway mailgateway appliances (Tumbleweed). We can Telnet between the exchange 2013 servers and the Axways. There is a firewall between these mail gateways and the exchange servers and the following ports were opened - 25,443,465,995,110
I used the existing send connectors from 2007 and just added the mailbox servers to them. I created 2 new receive connectors to match 2 specialist 2007 connectors.
But I still can't send mail. Any suggestions where next to check?

Hi Tony
Based on the protocol logs error looks like there is connectivity problem between Ex2007 and Ex2013
First you can try dropping an email through Telnet from Exchange 2013 to Exchange 2007 to see the message failure happens at which transit.
You can add the IP address of Exchange 2013 in Exchange 2007 default receive connector and vice versa.
Restart the transport service and try sending an email from exchange 2013 to Exchange 2007 and see the results
Also you can try creating a dedicated receive connector for Exchange 2007 in Exchange 2013 and vice versa if the above step does not work
Also try disabling the firewall and see if it helps.
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you

SP1 for Exchange 2013 install fails with ECP virtual directory issues and now transport service won't start and mail is unavailable

SP1 for Exchange 2013 install failed on me with ECP virtual directory issues:
Error:
The following error was generated when "$error.Clear();
          $BEVdirIdentity = $RoleNetBIOSName + "\ecp (name)";
          $be = get-EcpVirtualDirectory -ShowMailboxVirtualDirectories -Identity $BEVdirIdentity -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
          if ($be -eq $null)
          new-EcpVirtualDirectory -Role Mailbox -WebSiteName "name" -DomainController $RoleDomainController;
          set-EcpVirtualdirectory -Identity $BEVdirIdentity -FormsAuthentication:$false -WindowsAuthentication:$true;
          set-EcpVirtualdirectory -Identity $BEVdirIdentity -InternalUrl $null -ExternalUrl $null;
          . "$RoleInstallPath\Scripts\Update-AppPoolManagedFrameworkVersion.ps1" -AppPoolName:"MSExchangeECPAppPool" -Version:"v4.0";
        " was run: "The virtual directory 'ecp' already exists under 'server/name'.
Parameter name: VirtualDirectoryName".
Error:
The following error was generated when "$error.Clear();
          $BEVdirIdentity = $RoleNetBIOSName + "\ECP (name)";
          $be = get-EcpVirtualDirectory -ShowMailboxVirtualDirectories -Identity $BEVdirIdentity -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
          if ($be -eq $null)
          new-EcpVirtualDirectory -Role Mailbox -WebSiteName "name" -DomainController $RoleDomainController;
          set-EcpVirtualdirectory -Identity $BEVdirIdentity -FormsAuthentication:$false -WindowsAuthentication:$true;
          set-EcpVirtualdirectory -Identity $BEVdirIdentity -InternalUrl $null -ExternalUrl $null;
          . "$RoleInstallPath\Scripts\Update-AppPoolManagedFrameworkVersion.ps1" -AppPoolName:"MSExchangeECPAppPool" -Version:"v4.0";
        " was run: "The operation couldn't be performed because object 'server\ECP (name)' couldn't be found on 'DC0xx.domain.com'.".
Error:
The following error was generated when "$error.Clear();
          $BEVdirIdentity = $RoleNetBIOSName + "\ECP (name)";
          $be = get-EcpVirtualDirectory -ShowMailboxVirtualDirectories -Identity $BEVdirIdentity -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
          if ($be -eq $null)
          new-EcpVirtualDirectory -Role Mailbox -WebSiteName "name" -DomainController $RoleDomainController;
          set-EcpVirtualdirectory -Identity $BEVdirIdentity -FormsAuthentication:$false -WindowsAuthentication:$true;
          set-EcpVirtualdirectory -Identity $BEVdirIdentity -InternalUrl $null -ExternalUrl $null;
          . "$RoleInstallPath\Scripts\Update-AppPoolManagedFrameworkVersion.ps1" -AppPoolName:"MSExchangeECPAppPool" -Version:"v4.0";
        " was run: "The operation couldn't be performed because object 'server\ECP (name)' couldn't be found on 'DC0xx.domain.com'.".
!! And now transport service won't start and mail is unavailable !!
Any help would be appreciated.
I have removed the ecp site from default site and attempting to rerun SP1 now. I do not have high hopes. :(

Hi,
Thanks for your response.
From the error description, you need to manually remove the ECP with IIS manager in both the Default Web Site and the Exchange Back End firstly. And then continue the upgrade to check the result.
Hope this can be helpful to you.
Best regards,
Amy Wang
TechNet Community Support

Outlook Anywhere settings in a Exchange 2013 coexistence scenario with Exchange 2007

I have exchange 2013 and 2007 set up in a coexist environment. At the moment, the few mailboxes I am testing on Exchange 2013 are getting multiple pop ups in outlook and cannot connect to items like Public Folders on 2007. I found an article
that told me to change the authentication method from Negotiate to NTLM and that broke some of my Lync 2013 compatibility issues on users on exchange 2007 (ie conversation history and they got outlook integration errors.) I would like someone to confirm
if the change I am about to make from doing research will help me in my situation.
Current Setup:
Exchange 2007 OA CAS Settings
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod: NTLM
IISAuthenticationMethods : {Basic, Ntlm}
Exchange 2013 OA CAS Settings
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod: Negotiate
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
New Settings I am considering based on research:
Exchange 2007 OA CAS Settings
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod: Basic
IISAuthenticationMethods : {NTLM}
Exchange 2013 OA CAS Settings
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod: Basic
IISAuthenticationMethods : {Basic}
Will this work and eliminate my popups?

Hi,
The following TechNet article indicates that:
“In order to support access for Outlook Anywhere clients whose mailboxes are on legacy versions of Exchange, you will need to make some changes to your environment which are documented in the steps within the
Exchange Deployment Assistant. Specifically,
you will need to enable Outlook Anywhere on your legacy Client Access servers and enable NTLM in addition to basic authentication for the IIS Authentication Method.”
Client Connectivity in an Exchange 2013 Coexistence Environment
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
As for the Autodiscover service, please make sure the Autodiscover.domain.com is pointed to your Exchange 2013 in Internal and External DNS. For more detailed information about Exchange 2013 coexistence with Exchange 2007, please refer to:
http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-3-step-by-step-exchange-2007-to-2013-migration.aspx
Regards,
Winnie Liang
TechNet Community Support

Some Outlook clients getting internal FQDN of newly installed Exchange 2013 CAS server as Outlook Anywhere Proxy address

Hello Folks,
I have this problem and is making me crazy if anyone have any idea please shed some light on this:-
1. Working Outlook 2010 and 2013 clients with webmail.xyz.com as Outlook Anywhere proxy address.
2. Installed new Exchange 2013 server (server02)with CAS and Mailbox role, Exchange install wizard finished and server is rebooted.
3. Server came up online started changing internal and external FQDN's of Virtual Directories and Outlook Anywhere to webmail.xyz.com
4. As soon as Fqdn's changed some outlook clients create support request that Outlook suddenly white's out and after reopening it is giving error cannot connect to exchange. upon checking Clients Exchange Proxy address is set to http://server02.xyz.com,
even though OA/OWA/ECP/OAB/EWS/Autodiscover/ActiveSync FQDN's Point to webmail.xyz.com, on all servers if i create new outlook profile for same user it picks up correct settings through autodiscover and connects fine, this is happening to about 20% of outlook
clients every time i am introducing new Exchange 2013 server in Organization. we have around 2000 users and planning on installing 4 exchange servers to distribute load and everytime changing outlook profile of close to 150-200 users is not possible.
Any help is greatly appreciated.
Thanks
Cool

Here are the EXCRA results
Here IP (x.x.x.x) returned is my Load Balancer IP (Webmail.xyz.com).
Connectivity Test Successful with Warnings
Test Details
    Testing Outlook connectivity.
    The Outlook connectivity test completed successfully.
       Additional Details
    Elapsed Time: 9881 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to test Autodiscover for [email protected].
    Autodiscover was tested successfully.
       Additional Details
    Elapsed Time: 2063 ms.
       Test Steps
       Attempting each method of contacting the Autodiscover service.
    The Autodiscover service was tested successfully.
       Additional Details
    Elapsed Time: 2063 ms.
       Test Steps
       Attempting to test potential Autodiscover URL https://xyz.com:443/Autodiscover/Autodiscover.xml
    Testing of this potential Autodiscover URL failed.
       Additional Details
    Elapsed Time: 186 ms.
       Test Steps
       Attempting to resolve the host name xyz.com in DNS.
    The host name couldn't be resolved.
       Tell me more about this issue and how to resolve it
       Additional Details
    Host xyz.com couldn't be resolved in DNS InfoNoRecords.
Elapsed Time: 186 ms.
    Attempting to test potential Autodiscover URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml
    Testing of the Autodiscover URL was successful.
       Additional Details
    Elapsed Time: 1876 ms.
       Test Steps
       Attempting to resolve the host name autodiscover.xyz.com in DNS.
    The host name resolved successfully.
       Additional Details
    IP addresses returned: x.x.x.x
Elapsed Time: 338 ms.
    Testing TCP port 443 on host autodiscover.xyz.com to ensure it's listening and open.
    The port was opened successfully.
       Additional Details
    Elapsed Time: 173 ms.
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.
       Additional Details
    Elapsed Time: 318 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.xyz.com on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       Additional Details
    Remote Certificate Subject: CN=webmail.xyz.com, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US.
Elapsed Time: 219 ms.
    Validating the certificate name.
    The certificate name was validated successfully.
       Additional Details
    Host name autodiscover.xyz.com was found in the Certificate Subject Alternative Name entry.
Elapsed Time: 1 ms.
    Certificate trust is being validated.
    The certificate is trusted and all certificates are present in the chain.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,.
    One or more certificate chains were constructed successfully.
       Additional Details
    A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 36 ms.
    Analyzing the certificate chains for compatibility problems with versions of Windows.
    Potential compatibility problems were identified with some versions of Windows.
       Additional Details
    The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
isn't enabled.
Elapsed Time: 5 ms.
    Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.
       Additional Details
    The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
Elapsed Time: 0 ms.
    Checking the IIS configuration for client certificate authentication.
    Client certificate authentication wasn't detected.
       Additional Details
    Accept/Require Client Certificates isn't configured.
Elapsed Time: 289 ms.
    Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
    The Microsoft Connectivity Analyzer successfully retrieved Autodiscover settings by sending an Autodiscover POST.
       Additional Details
    Elapsed Time: 756 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.xyz.com:443/Autodiscover/Autodiscover.xml for user [email protected].
    The Autodiscover XML response was successfully retrieved.
       Additional Details
    Autodiscover Account Settings
XML response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>Test Exch1</DisplayName>
<LegacyDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1</LegacyDN>
<DeploymentId>4ec753c9-60d9-4c05-9451-5b24e2d527a7</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>[email protected]</Server>
<ServerDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
<ServerVersion>73C0834F</ServerVersion>
<MdbDN>/o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>webmail.xyz.com</PublicFolderServer>
<AD>DC-03.domain.xyz.com</AD>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>on</ServerExclusiveConnect>
<EwsPartnerUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsPartnerUrl>
<GroupingInformation>Default-First-Site-Name</GroupingInformation>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://webmail.xyz.com/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://webmail.xyz.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
<Protocol>
<Type>EXHTTP</Type>
<Server>webmail.xyz.com</Server>
<ASUrl>https://webmail.xyz.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://webmail.xyz.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://webmail.xyz.com/OAB/6a6a06ad-4717-4636-bd98-0b4fa3aaf4a5/</OABUrl>
<UMUrl>https://webmail.xyz.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Ntlm</AuthPackage>
<EwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EwsUrl>
<EmwsUrl>https://webmail.xyz.com/ews/exchange.asmx</EmwsUrl>
<EcpUrl>https://webmail.xyz.com/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.xyz.com</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.xyz.com</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.xyz.com</EcpUrl-sms>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.xyz.com</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.xyz.com</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.xyz.com</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.xyz.com</EcpUrl-extinstall>
<ServerExclusiveConnect>On</ServerExclusiveConnect>
</Protocol>
</Account>
</Response>
</Autodiscover>HTTP Response Headers:
request-id: 9d325a80-f1fd-4496-ac48-2be6bb782c28
X-CalculatedBETarget: Server01.domain.xyz.com
X-DiagInfo: Server01
X-BEServer: Server01
Persistent-Auth: true
X-FEServer: Server01
Content-Length: 11756
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Mon, 25 Aug 2014 19:12:25 GMT
Set-Cookie: X-BackEndCookie=S-1-5-21-1293235207-2459173341-1304346827-14544=u56Lnp2ejJqBypqcnsfJx5nSy8ucnNLLnJzP0sfKz8/Sy5nHmsiamZrMyZrLgYHPxtDNy9DNz87L387Gxc7Nxc3J; expires=Thu, 25-Sep-2014 00:12:26 GMT; path=/Autodiscover; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 756 ms.
    Autodiscover settings for Outlook connectivity are being validated.
    The Microsoft Connectivity Analyzer validated the Outlook Autodiscover settings.
       Additional Details
    Elapsed Time: 0 ms.
    Testing RPC over HTTP connectivity to server webmail.xyz.com
    RPC over HTTP connectivity was verified successfully.
       Additional Details
    HTTP Response Headers:
request-id: 835acf95-78b7-40ae-b232-117318d1577e
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: Server01
Date: Mon, 25 Aug 2014 19:12:26 GMT
Content-Length: 0
Elapsed Time: 7817 ms.
       Test Steps
       Attempting to resolve the host name webmail.xyz.com in DNS.
    The host name resolved successfully.
       Additional Details
    IP addresses returned: x.x.x.x
Elapsed Time: 107 ms.
    Testing TCP port 443 on host webmail.xyz.com to ensure it's listening and open.
    The port was opened successfully.
       Additional Details
    Elapsed Time: 180 ms.
    Testing the SSL certificate to make sure it's valid.
    The certificate passed all validation requirements.
       Additional Details
    Elapsed Time: 303 ms.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server webmail.xyz.com on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
       Additional Details
    Remote Certificate Subject: CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05, Issuer: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 224 ms.
    Validating the certificate name.
    The certificate name was validated successfully.
       Additional Details
    Host name webmail.xyz.com was found in the Certificate Subject Common name.
Elapsed Time: 0 ms.
    Certificate trust is being validated.
    The certificate is trusted and all certificates are present in the chain.
       Test Steps
       The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=webmail.xyz.com, OU=Terms of use at www.verisign.com/rpa (c)05,
    One or more certificate chains were constructed successfully.
       Additional Details
    A total of 1 chains were built. The highest quality chain ends in root certificate CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign,
Inc.", C=US.
Elapsed Time: 34 ms.
    Analyzing the certificate chains for compatibility problems with versions of Windows.
    Potential compatibility problems were identified with some versions of Windows.
       Additional Details
    The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature
isn't enabled.
Elapsed Time: 5 ms.
    Testing the certificate date to confirm the certificate is valid.
    Date validation passed. The certificate hasn't expired.
       Additional Details
    The certificate is valid. NotBefore = 1/3/2013 12:00:00 AM, NotAfter = 11/16/2015 11:59:59 PM
Elapsed Time: 0 ms.
    Checking the IIS configuration for client certificate authentication.
    Client certificate authentication wasn't detected.
       Additional Details
    Accept/Require Client Certificates isn't configured.
Elapsed Time: 298 ms.
    Testing HTTP Authentication Methods for URL https://webmail.xyz.com/rpc/[email protected]:6002.
    The HTTP authentication methods are correct.
       Additional Details
    The Microsoft Connectivity Analyzer found all expected authentication methods and no disallowed methods. Methods found: Basic, Negotiate, NTLMHTTP Response Headers:
request-id: 835acf95-78b7-40ae-b232-117318d1577e
Server: Microsoft-IIS/8.5
WWW-Authenticate: Basic realm="webmail.xyz.com",Negotiate,NTLM
X-Powered-By: ASP.NET
X-FEServer: Server01
Date: Mon, 25 Aug 2014 19:12:26 GMT
Content-Length: 0
Elapsed Time: 296 ms.
    Attempting to ping RPC proxy webmail.xyz.com.
    RPC Proxy was pinged successfully.
       Additional Details
    Elapsed Time: 454 ms.
    Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 0 ms.
Elapsed Time: 1007 ms.
    Testing the MAPI Address Book endpoint on the Exchange server.
    The address book endpoint was tested successfully.
       Additional Details
    Elapsed Time: 2177 ms.
       Test Steps
       Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 906 ms.
Elapsed Time: 918 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    The test passed with some warnings encountered. Please expand the additional details.
       Tell me more about this issue and how to resolve it
       Additional Details
    The address book Bind operation returned ecNotSupported. This typically indicates that your server requires encryption. The Microsoft Connectivity Analyzer will attempt the Address Book test again with encryption.
NSPI Status: 2147746050
Elapsed Time: 825 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    Check Name succeeded.
       Additional Details
    DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
Elapsed Time: 433 ms.
    Testing the MAPI Referral service on the Exchange Server.
    The Referral service was tested successfully.
       Additional Details
    Elapsed Time: 1808 ms.
       Test Steps
       Attempting to ping the MAPI Referral Service endpoint with identity: [email protected]:6002.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 953 ms.
Elapsed Time: 949 ms.
    Attempting to perform referral for user /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1 on server [email protected].
    We got the address book server successfully.
       Additional Details
    The server returned by the Referral service: [email protected]
Elapsed Time: 858 ms.
    Testing the MAPI Address Book endpoint on the Exchange server.
    The address book endpoint was tested successfully.
       Additional Details
    Elapsed Time: 626 ms.
       Test Steps
       Attempting to ping the MAPI Address Book endpoint with identity: [email protected]:6004.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 156 ms.
Elapsed Time: 154 ms.
    Testing the address book "Check Name" operation for user [email protected] against server [email protected].
    Check Name succeeded.
       Additional Details
    DisplayName: Test Exch1, LegDN: /o=DOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=add423106fbb47d5bf237462f52b8dab-Test Exch1
Elapsed Time: 472 ms.
    Testing the MAPI Mail Store endpoint on the Exchange server.
    We successfully tested the Mail Store endpoint.
       Additional Details
    Elapsed Time: 555 ms.
       Test Steps
       Attempting to ping the MAPI Mail Store endpoint with identity: [email protected]:6001.
    The endpoint was pinged successfully.
       Additional Details
    The endpoint responded in 234 ms.
Elapsed Time: 228 ms.
    Attempting to log on to the Mailbox.
    We were able to log on to the Mailbox.
       Additional Details
    Elapsed Time: 326 ms.

First Exchange 2013 server in an Exchange 2010 SP3 organization

I've read the documentation that states to install Exchange 2013 with CU2 as the first Exchange 2013 server in an organization running Exchange 2010 SP3. Maybe I over-read this to mean "Exchange 2013 with at least CU2" (meaning to start with Exchange2013-x64-cu3.exe),
but when I installed the CU3 version I ended up with Standard rather than Enterprise. I need to run 2013 with Enterprise. I've looked around for an Enterprise version of Exchange2013-x64-cu3.exe but cannot find one.
How do I install Exchange 2013 Enterprise into my Exchange 2010 SP3 organization? Thank you.

Please review
http://technet.microsoft.com/en-us/library/bb232170(v=exchg.150).aspx
These (Exchange 2013 Standard Edition and Enterprise Edition)
licensing editions are defined by a product key. When you enter a valid license product key, the supported edition for the server is established. Product keys can be used for the same edition key swaps and upgrades only; they can't be used
for downgrades. You can use a valid product key to move from the evaluation version (Trial Edition) of Exchange 2013 to either Standard Edition or Enterprise Edition.
You can also use a valid product key to move from Standard Edition to Enterprise Edition.

Migrating Users from Exchange 2007 to Exchange 2013 Without redirection through exchange 2013.

We have all our users and mailboxes on Exchange 2007 and I have introduced two Exchange 2013 servers in my organization and both have mailbox and CAS server installed on them.
With Exchange 2007 server, I had not modified any of the internal and external url/uri and had stayed with the defaults.
For migration most of the documents are suggesting of changing the default internal URL and Auto Discover Service internal URI values.
In my case, I want to migrate all the users and mailbox (everything that is on Exchange 2007) form 2007 to 2013 and decommission exchange 2007 completely from our organization.
I am in the phase of transferring users from Exchange 2007 to Exchange 2013 and do not want to change any settings on the existing 2007 servers.
I have created new dns entry mailx.abc.com with two IPs of both exchange 2013 and changed the Outlook Anywhere internal URL on both Exchange 2013 server to mailx.abc.com.
So by doing these, I think all existing clients will still connect to exchange 2007 and after moving their mailbox they will be connect to exchange 2013.
In short I am not redirecting or using 2013 as proxy for 2007 clients and clients whose mailbox is on exchange 2013 will directly connect to 2013 server.
Questions are, Is this the right way to migrate all the users to Exchange 2013?
Will it affect the operation of existing Exchange 2007 server?

Read the below blog on Client Connectivity in Exchange co-existence. There can't be better blog than this on this topic.
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
Clients connect to Exchange from Internal-Outlook, External-Outlook, Web & Active Sync.
For Internal the configuration that you have mentioned should work as clients would get Autodiscover information from Active Directory (SCP) and get connected to right server.
However, for external connectivity it makes sense to use External URL on Exchange 2013 servers (keep the Exchange exposed to Internet), configure legacy URL for exchange 2007 and use Exchange 2013 external URL for mailboxes that are Exchange 2007 and Exchange
2013 for standardization.
Refer article for configuring URLs -
http://silbers.net/blog/2014/01/22/exchange-20072013-coexistence-urls/
- Sarvesh Goel - Enterprise Messaging Administrator

Autodiscover after deploying Exchange 2013 CAS in a Exchange 2007 organization

I am deploying Exchange 2013 CAS in a Exchange 2007 organization. Will all the clients be directed to the Exchange 2013 CAS servers for autodiscover. Will there be any issue with outlook clients connecting to their mailbox servers in Exchange 2007

All clients should be pointed to the Exchange 2013 CAS for the autodiscover service. This means:
A. For local clients
You need to modify the autodiscover Internal URI on the Exchange 2007 server and point it to Exchange 2013. For example, if you are using split-brain DNS on the Local Network and mail.yourdomain.com is resolved to Exchange 2013 local IP, the Exchange 2007
Autodiscover Internal URI should be "https://mail.yourdomain.com/Autodiscover/Autodiscover.xml"
Exactly the same way, you should modify the Exchange 2013 Autodiscover Internal URI and use the same address "https://mail.yourdomain.com/Autodiscover/Autodiscover.xml"
B. For remote clients - all clients will hit the Exchange 2013 CAS first (ex. mail.yourdomain.com)
If the user's mailbox is on Exchange 2007 server, the correct XML will be generated and provided, and the user will be proxied for Outlook Anywhere/ActiveSync and redirected for OWA/WebServices
If the user's mailbox is on Exchange 2013 server, the correct XML will be generated and provided
Bottom line - based on the location of the user's mailbox, Exchange 2013 will generate and provide the correct XML file (there is not proxying involved in providing the Autodiscover info).

Exchange 2013 (co-existence 2007) - 2013 mailbox can not connect with Outlook 2010

This was working but after some problems with third party pop3 its been broken. Grrrrrrr
OWA internally works fine for my 2013 test mailboxes. It doesn't work externally yet because I have yet to cutover to co-existence. (Still pointing to the 07 CAS externally)
Internally Outlook 2010 is working for 2007 users. But for my three test 2013 mailboxes it is not. Outlook 2010 is patched to the correct level (even tried sp2)
It finds the user name - finds the server but refuses to authenticate. I have checked the outlook anywhere url on the 2013 server and I get the correct urls- internal and external set the same. I have set the service control point for autodiscover
on 2013.
Now I haven't yet cut over externally to 2013 - and my internal urls for OWA are still set to webmail. But the legacy name exists and is set internally for all others. Authentication? basic externally NTLM internally
Where do I start looking. .

Hi
Did you try running ExRCA test ?
If you have tried whats the result for EXRCA?
Do you have a valid Certificate assigned for Exchange 2013 ?
Do you have a valid cert principal Name for Exchange 2013 ?
Do you get any errors while trying to open outlook for test migrated users ?
If so can you paste the errors
You can also use test-outlookconnectivity cmdlet to test connectivity and see the results for any errors
Note :The outlook that you are using should patched with latest patch at-least with Nov 2013 patch.
Since Exchange 2013 has minimum requirement on the outlook version. Also check the authentication for Outlook Anywhere should be NTLM in co-existence mode of Exchange 2007 and 2013.
you can verify them using ps Get-OutlookAnywhere | fl and check the Authentication method for external and internal.
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on www.exchangequery.com

Exchange 2013 in coexistence with 2010, Outlook keep looking for Exchange 2010 server slow connection

All,
not sure if this topic has already answered, but can't find anything around.
Here's the scenario. Migrating from a single Exchange 2010 to a cluster of 2 + 1 Exchange 2013. Two in a site, One in the other site (DC).
I have migrated successfully a firsat batch of users. Mail flow works perfectly. The only thing is that often the migrated users are experiencing a long time (about 30 minutes) to get their Outlook syncronized. Both OL 2010 and 2013 doesn't make any difference.
They're using OL Anywhere, and I've already tried to rebuild the profile.
From a check on the OL connection status, looks like they're still looking for something on EX2010, but no idea what could be. If I disable the cache mode it works smooth and quick.
My best guess is that is something in cache they're trying to keep updated... but still this doesn't explain the huge delay.
Any help would be highly appreciated!
Thanks!

Hi Alessandro,
What happens in OWA? I guess it should be good.
Did you have public folders with Exchange 2010? Were they moved over to Exch 2013? Technically you should move the PF to the latest version from the legacy version before moving over the users?
- Moved the PF to OL2013. same behaviour
May be the outlook clients are looking for th OAB? Did you move the OAB to Exchange 2013?
- Did this too.
Try running outlook on safe mode and see what happens? may be one of the outlook add-in's are looking for something on Exchange 2010?
- Will try that....
Can you do a Test Email Auto Configuration in outlook (Hold CNTRL key and right click on outlook icon on status bar) and see if the exchange url's are pointed to Exch 2013?
- Will try that....
Is this happening to all migrated users or specific? Are they BlackBerry users?
- All users and there are no BB users
Do you have any archived emails on those migrated users? May be outlook is looking for some archived stuff on the Exch 2010 side?
- I instructed Exchange to migrate also the archiving database, however There are no archived mailbox on 2010
Could this be because of any calendar entries? May be migrated user mailboxes are having issues with working with non-migrated mailbox calendars?
- This maybe a possibility. I have only 10 users actively using Exchange, while all others have the mailboxes only because they've Lync. I've completed all migrations today, so there shouldn't be anything left on 2010
Let me know how it went - all the best!
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. Regards, Siva

Mail Delivery betweek Exchange Server 2013 co-existance with Exchange server 2010

Hello Guys
I have a mailflow issue, hoping someone can help with detail description, below is the setup
Exchange server 2010 SP3 with all roles in one server
Exchange server 2013 SP1 with CU6 with all roles in one server - this server is in a different subnet to the 2010 server. I am able to see exchange 2010 databases and mailboxes from Exchange 2013. For testing purposes, I have moved 3 mailbox from 2010
to 2013. These 3 mailbox, is able to send and receive email from Internet but to each other via OWA or Outlook. These 3 mailbox also not able to send to receive email from any mailbox that is still in 2010 server via OWA or Outlook. I am not planning the whole
server cutover in a go and planning to do state by stage mailbox migration so I need mailflow working properly. When I send an email from one of the migrated mailbox that is in 2013 server, I can see that the email leaves the mailbox outbox and sits in the
queue ..
Can someone please provide detailed solution what needs to be configured?
MCITP, MCSA, MCSE,VCP - Consultant, Solution Design, Implementation

Hi,
1.please check the mailbox send and receive quota for exchange 2013 migrated mailbox.
2.Please check the email attributes of the exchange 2013 migrated mailbox because it seems to be a problem with that particular mailbox.
3.Then do the message tracking and that would be the only way to find the where the send messages has gone.
4.Please check and confirm you have an enough space on the disk where exchange queue database is residing.
I think I need to create a receive connector in the 2013 to receive from 2010 ?
No need ,by design exchange 2013 cas server default frontend receive connector will be having an
entire ipv4 and ipv6 segment and anonymous connection is checked by default.
I think I also need to create a send and receive connector for 2013 users to each other?
No need , an intra organisation send connector and the default receive connectors in exchange will be used
for internal mail flow between the exchange 2013 users.
Please reply me if you have any queries .
Regards
S.Nithyanandham
Thanks S.Nithyanandham

Update from Exchange 2013 Cu2 to SP1 - Outlook 2010 with SP2 clients disconnected

Hi,
we recently upgraded a standalone Exchange 2013 Server to SP1. Owa works fine, but all internal Outlook 2010 Clients (with SP2) get disconnected. Creating a new Profile, and testing the internal autodiscovery leeds to an Error 12030 (Connection reset) during
the discovery process.
I already checked the Service Point, the discovery URLs, even recreated the autodiscover virtual Directory in iis. But nothing changed.
The self signed certificate, that was used before the update is further used, and well known to all Clients. As I tested, OWA is working well everywhere.
Anyone some new ideas?
Best regards
Bernhard

Hi,
How did you recreate outlook profile? Manually or Automatic?
If automatic failed, please try to recreate manually and check the result.
If manual failed, please refer to the following methods to troubleshoot the issue:
1>Try to open the following link and check the result:
https://CASName/autodiscover/autodiscover.xml
2>Try to use RCA to test outlook autodiscover and check the result.
https://testconnectivity.microsoft.com/
Thansk.
Niko Cheng
TechNet Community Support

Exchange 2010 co-existence with Exchange 2007 issue NDR size Four Times then we send

Hi All,
I am facing some strange issues of NDR size four times then we send like if I send 1 MB message to internal OR external recipient then we receive 4 MB NDR.
Even we send one black mail with subject Test mail of 4 kb then we receive 16 kb NDR is it due to architecture change or something else.
Everything was fine with Exchange 2007 but facing this issues after we change the mail flow to Ex2010.
Any help really appreciated
Regards
Anand S
Thanks & Regards Anand Sunka MCSA+CCNA+MCTS

Hi Anand,
From your description, the NDR size is four times than original message size. I would like to verify the following thing for troubleshooting:
How many people has this issue, only one or all the people?
If only one user has this issue, I recommend you move the user's mailbox to another mailbox database and check the result.
If all the people have this issue, please enable Pipeline tracing and see if there is any hint. If the issue persists, please install the latest Service Pack and Rollup and check the result.
Here is an article for your reference.
Enable Pipeline Tracing
http://technet.microsoft.com/en-us/library/bb125018(v=exchg.141).aspx
Hope it helps.
Best regards,
Amy Wang
TechNet Community Support

Exchange 2013 co-existence with Exchange 2010 proxying issue.

Similar Messages

Maybe you are looking for