Renew certificate on two Exchange 2007 CAS servers

Similar Messages

• Exchange 2007 CAS Unable To Display 2013 Mailbox Free/Busy to Clients

  Hi,
  I'm in the process of migrating to Exchange 2013 from an Exchange 2007 backend.  I have 2 2007 CAS servers in a Windows NLB named webmail.domain.com, and I'm having a problem with only a single one of those CAS servers being able to display the free/busy
  information of a mailbox residing on a 2013 mailbox server.  The other CAS works fine.
  Both CAS servers are Exchange 2007 SP3.  Both CAS servers have their virtual directories named webmail.domain.com/{vitual direction url}.  I built both servers from the ground up and configured them at the same exact time performing the same steps
  on each.  My 2013 CAS servers are in a Windows NLB for mail.domain.com, and they have all their virtual directories named for mail.domain.com.  These are separate entries in DNS.  Other autodiscover services are working fine.  I have most
  traffic flowing Exchange 2013 now as well.
  I've done compares on the virtual directories for each 2007 CAS, and they appear to be the same.  If I bypass the NLB and just go directly to the casname01/owa, I see free/busy no problem.  If I go to casname02/owa, then free/busy doesn't work
  ONLY for 2013 mailboxes.  It will display 2007 mailbox free/busy fine.  To complicate matters, I still have a 2010 CAS in the environment from a failed O365 pilot.
  Where can I look to begin to troubleshoot this?  Thanks.

  In the App log on the 2007 CAS, I'm seeing an Event ID 4002 from MSExchange Availability (below).  This made me check my 2013 CAS NLB.  It looks like it is one of the 2013 CAS servers in the mail.domain.com NLB that is causing this behavior.  I
  could still use guidance.  Thanks.
  Process 3576[w3wp.exe:/LM/W3SVC/1/ROOT/EWS-1-130366189751718750]: Proxy request IntraSite from Requester:S-1-5-21-2089814041-428609448-1854500012-56527 to https://mail.domain.com/EWS/Exchange.asmx failed. Caller SIDs: S-1-5-21-2089814041-428609448-1854500012-56527.
  The exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequestProcessingException: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because
  the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.128.13.38:443
     at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
     at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
     --- End of inner exception stack trace ---
     at System.Web.Services.Protocols.WebClientAsyncResult.WaitForResponse()
     at System.Web.Services.Protocols.WebClientProtocol.EndSend(IAsyncResult asyncResult, Object& internalAsyncState, Stream& responseStream)
     at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
     at Microsoft.Exchange.InfoWorker.Common.Availability.Proxy.Service.EndGetUserAvailability(IAsyncResult asyncResult)
     at Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequest.CompleteRequest(). The request information is ProxyWebRequest type = IntraSite, url = https://mail.domain.com/EWS/Exchange.asmx
  Mailbox list = <NA-Bedford Adriatic Conference Room>SMTP:[email protected], Parameters: windowStart = 1/26/2014 12:00:00 AM, windowEnd = 3/9/2014 12:00:00 AM, MergedFBInterval = 30, RequestedView = MergedOnly
  .. Make sure that Active Directory site/forest containing the user mailbox has at least one local Exchange 2007 server running Exchange Availability service. Turn up logging for MSExchange Availability service and test basic network connectivity.

• Exchange 2007 CAS cutover to 2010 CAS experiencing some problems

  We have just finished the cutover from Exchange 2007 CAS to Exchange 2010 CAS. Have had a few problems that we cannot nail down. First, On some external connections to Exchange 2010 CAS the redirection to the 2007 CAS take about 30 seconds or more. 
  All DNS seems to be in place. We have our external records for webmail.old.com and webmail.new.com. We had the internal records for both as well. the virtual directories have been change on the 2007 CAS servers to point to webmail.old.com. Internal connections
  and redirections seem fine. Externally I can access 2007 and 2010 separately just fine. Any thoughts are assistance would be greatly appreciated. Thank you. 

  Hi,
  Please try to disable Outlook Anywhere on your Exchange 2007 CAS infrastructure in the "Internet Facing AD Site" by utilizing the cmdlet: Disable-OutlookAnywhere -Server <cas2007>. Optionally, you can also remove the RPC over
  HTTP proxy component.</cas2007>
  In addition, I recommend you refer to the following article to compare your configuration:
  Transitioning from an Exchange 2007 environment to Exchange 2010
  Hope this helps!
  Thanks.<cas2007></cas2007>
  Niko Cheng
  TechNet Community Support

• Certificate errors on Exchange 2007

  We have a Exchange 2007 server that is recording certificate errors in the event log (server & domain names changed for post):
  Microsoft Exchange could not find a certificate that contains the domain name contoso.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector DNS with a FQDN parameter of contoso.com.
  Microsoft Exchange could not find a certificate that contains the domain name server.contoso.com in the personal store on the local computer.
  I have checked the configuration of the send and receive connectors:
  Get-SendConnector | FL name, fqdn, objectClass
  Name : DNS
  Fqdn : contoso.com
  ObjectClass : {top, msExchConnector, mailGateway, msExchRoutingSMTPConnector}
  Name : Host IT SMTP
  Fqdn : contoso.com
  ObjectClass : {top, msExchConnector, mailGateway, msExchRoutingSMTPConnector}
  Get-ReceiveConnector | FL name, fqdn, objectClass
  Name : Default servername
  Fqdn : servername.contoso.com
  ObjectClass : {top, msExchSmtpReceiveConnector}
  Name : Client servername
  Fqdn : servername.contoso.com
  ObjectClass : {top, msExchSmtpReceiveConnector}
  There is an installed certificate:
  {mail2.contoso.com, www.mail2.contoso.com, autodiscover.contoso.com, legacy.contoso.com} - IMAP, POP, IIS, SMTP valid until 09/01/2016
  There was a expired certificate:
  {servername, servername.contoso.com} - SMTP valid until 08/12/2010
  The fact that the mail is still working despite the expired certificate, makes me wonder if I could just change the receive connectors to use mail2.contoso.com instead of servername.contoso.com
  In the same vein, could I change the send connector to mail2.contoso.com from contoso.com

  Hi,
  Don’t modify the FQDN value on the default Receive connector Default <Server Name> that's automatically created on Mailbox servers. If you have multiple Mailbox servers in your Exchange organization and you change the FQDN value on the Default
  <Server Name> Receive connector, internal mail flow between Mailbox servers fails. For more information about it, please refer to fqdn parameter in the following article:
  http://technet.microsoft.com/en-us/library/bb125140(v=exchg.80).aspx  
  I suggest we can renew the expired certificate with names: contoso.com, servername.contoso.com instead of changing the FQDN of receive connector and send connector:
  http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspx  
  Thanks,
  Winnie Liang
  TechNet Community Support

• Exchange 2013 MB/CAS integration with legacy Exchange 2007 CAS/MB/Trans server

  Hi All,
  I have an existing running Exchange 2007 SP3 RU13 server acting as MB,CAS,Transport using a Barracuda SPAM for SMTP (MX Record is assigned to here), and a TMG2010 server performing all ActiveSync, Outlook Anywhere, and OWA connectivity.
  I have built a new Exchange 2013 SP1 server that will (for the meantime) act as a MB & CAS server only.
  I successfully migrated a testuser mailbox to the new EX2013 server from the EX2007 server.  The problem is that once migrated, OWA and Outlook can't access the mailbox.
  OWA form our URL gives the message: Outlook Web Access is currently unavailable. If the problem continues, contact technical support for your organization and tell them the following: No Client Access servers of the appropriate version can be accessed from
  the Internet
  If I run OWA from the EX2013 URL it works ok, but not for MBs on the EX2007 server.
  I tested this configuration in a VM lab and it worked ok.  All I had to do was move the mailbox, then run Outlook.  Outlook automatically found the new server and opened the MB.
  Basically what I need to do is move all our existing MBs from the old 2007 server to the new 2013 server.  I want to continue to use the exisiting transport/CAS/EDGE services on 2007 without having to rebuild both the internal and external comunications
  infrastructure at the present time.
  How can I get the EX2013 server to act as the MB server for the EX2007 communications infrastructure?

  Hi,
  Please try to create a new user on Exchange 2013, and send/receive email via both Outlook and OWA to test whether the Exchange 2013 mail flow well.
  If Exchange 2013 works well, please try to bypass the TMG on Exchange 2007 for a little while for testing.
  Additionally, we can use CAS 2013 URL to proxy/redirect previous CAS, or publish both CAS 2007 and CAS 2013 to be internet facing server with separate URLs, as Ed suggested.
  Thanks   
  Mavis Huang
  TechNet Community Support

• Exchange 2013 CAS servers cannot accept connections on Exchange ports

  Exchange 2013 Enterprise SP1 / Windows Server 2008 R2 SP1
  I have configured site resilience setup with the following at two sites:
  - two CAS servers
  - six MB servers
  Traffic to the CAS servers pass through HLB.
  I just discovered that the "01" CAS server at each site is not accepting Exchange traffic.
  If I telnet to one of the Exchange ports, it looks like there is a connection, however the moment any character is entered, the connection dies.
  For example
  - telnet Site01CAS01 25
  -   ( screen goes blank and DOES NOT display the expected "220 servername Microsoft ESMTP ...." message )
  - when I attempt to enter  "ehlo" the moment I enter "e" the session is disconnected.
  I can successfully perform a telnet connection to the CAS02 server and run through the complete send a test message through telnet process. The session disconnect occurs on the CAS01 server at each site for ANY port controlled by Exchange: 25, 143, 587,
  717, 993
  I can successfully telnet to ports NOT controlled by Exchange: 80, 81, 8080, 443
  There appears to be nothing essentially wrong with IIS
  The firewall is DISABLED.
  I discovered this issue yesterday.
  I upgraded to Excahgne 2013 SP1 10 days ago.
  I cannot say for sure if this condition existed before the SP! upgrade. I upgraded from CU1 to SP1
  Any thoughts?
  Thanks! Tom

  Well, port 25 doesnt have anything to do with IIS regardless.
  Since this is the CAS, port 25 is handled by the Microsoft Exchange Frontend Transport service .
  A couple of things I would check.
  Check the server component state. Get-ServerComponentState -Identity <server> to ensure everything is "active".
  I assume all the services are running and you have rebooted the server to ensure things start up clean.
  Also ensure the NIC on this server is set to register itself in DNS.
  Finally, If you have disabled the firewall service on the server, its not supported. You should enable the firewall service and then disable it logically netsh advfirewall set Allprofiles state off
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• OWA 2013 Redirect to CAS Servers 2010 Randomly

  Hello there!!
  I think my case is not a problem, I just need a workaround or some fine adjustment to serve my needs. Follow my scenario:
  One Exchange 2013 Server (CU3) with Mailbox and CAS role (coexisting with the 2010 Servers, ready for migration)
  Two Exchange 2010 CAS Servers SP3 no rollups
  Two Exchange 2010 Mailbox Servers SP3 no rollups (in a DAG)
  I have two organizations who share the same exchange infrastructure, just using different smtp address, for example, some users use @yyy.com addresses and others use @zzz.com. We have two CAS servers just to use two different and customized OWA layouts (with
  distinct OWA Internet addresses), one for @yyy.com users and other for the @zzz.com users
  Also, I have the following database organization:
  DB01 - @yyy.com mailboxes - 2010
  DB02 - @zzz.com mailboxes - 2010
  DB03 - @zzz.com mailboxes - will migrate to 2013
  I need to do a partial migration to Exchange 2013, which is to migrate all mailboxes from DB03 database to Exchange 2013,
  which will use the owa address for the @zzz.com addresses (We will point it to the new 2013 server).
  The problem is that when users from DB02 try to use the 2013 OWA (@zzz.com), Exchange will bring up one of the 2010 OWA interfaces, sometimes the yyy.com customized interface and sometimes the zzz.com customized interface, and I need them to use just
  the zzz.com interface.
  There is any way that I can force Exchange 2013 to redirect the 2010 OWA users from a specific database to a specific CAS server? I found the command "Set-MailboxDatabase "Database Name" -RpcClientAccessServer EX2010-1.domain.local"",
  but this work only for internal use (Outlook over RPC)
  Best Regards Folks

  Hi,
  Firstly, I’d like to explain, the property RpcClientAccessServer shows the CAS server which mailbox connects to. It applies to all users and has no influence on OWA redirection. Because this value determines the location of the RPC end point and OWA request
  use HTTPS protocol.
  As far as I know, when there are many CAS Servers with same version in the same site, we couldn’t determine the CAS server which OWA request will redirect to. 
  Maybe we can take advantage of Proxy: proxy request from Exchange 2013 to Exchange 2010 and "disable" redirection:
  http://social.technet.microsoft.com/Forums/exchange/en-US/999e3d3c-5919-4fa2-8e3e-a2c952214159/exchange-2010-cas-redirection
  If you have any question, please feel free to let me know.                       
  Thanks,
  Angela Shi
  TechNet Community Support

• Moving witness server to CAS server two Exchange 2013 servers with a DAG

  Inherited a situation where there is one Exchange 2007 Build 83.6 server running on Win2008R2, acting as witness, and hub transport and yes is a file server too.  In addition there is relays, email and service accts that need to be moved to Exchange
  2013.  
  Presently  there are two Exchange 2013 cu3 servers that are part of a DAG that also run on Win 2008r2...  We wish to add another node to the DAG, and move the witness to another server.
  Do I need to also add a CAS Exchange 2013 server to replace the Ex 2007 server?
  Can this server also act as the Witness?
  What would be the best practices for this senario. All of these machines are VM's.

  Inherited a situation where there is one Exchange 2007 Build 83.6 server running on Win2008R2, acting as witness, and hub transport and yes is a file server too.  In addition there is relays, email and service accts that need to be moved to Exchange
  2013.  
  Presently  there are two Exchange 2013 cu3 servers that are part of a DAG that also run on Win 2008r2...  We wish to add another node to the DAG, and move the witness to another server.
  Do I need to also add a CAS Exchange 2013 server to replace the Ex 2007 server?
  Can this server also act as the Witness?
  What would be the best practices for this senario. All of these machines are VM's.
  With an odd number of nodes, the File Share Witness will not be used, but you can still define it.
  Any server ( any including any non-Exchange server) can serve as the FSW as long as its not a mailbox server n the DAG and it has the Exchange Trusted SubSystem group in the local admin group on that server.
  Since you are using VMs, ensure the FSW isn't on the same host as a MBX DAG member.
  Not sure what you mean by adding a CAS Exchange 2013 server. Do you mean you have not installed the CAS role yet for 2013? If so, then absolutetly you need one.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Exchange 2007 Renew Certificate via IIS Manager

  I am currently in the process of renewing the Exchange 2007 certs and have searched through forums in regards to this topic and can't seem to come across a proper answer. Is it possible to renew the Exchange 2007 cert using the IIS Manager or is Powershell
  the only way of doing so? Under the "IIS Manager > expanding server name > expand websites > default website properties > Directory Security > Server Certificate" you are presented with the option to renew the existing cert. This to
  me seems a lot easier than using shell to request a whole new cert. I am not a fan of the how Powershell can be a bit destructive when requesting a new cert and overwriting the existing one leaving your little ways of backing out if something goes wrong. Can
  someone confirm if using IIS manager is a viable way of renewing the Exchange 2007 cert. I prefer to keep the exact settings of the existing certificates.
  Thank you,
  Emmanuel
  Emmanuel Fumero Exchange Administrator

  Hi
  Yes its possible in Exchange  2010 through EMC . Not sure if this works in Exchange 2007 since i haven't tried renewing through GUI in exchange 2007 and currently do not have any customers running e2k7 to check this option. Probably you can give it
  a try in Exchange 2007 and see if these options are visible. Please check the following,
  When you right-click your Exchange Server, you can select New Exchange Certificate, which will launch the New Exchange Certificate Wizard.
  After defining a friendly name, you are ready to provide all needed information:
  After clicking Finish, you will have a certificate request that you can use ti get a certificate from your own CA, or from an external CA. The Exchange Management Console will show the request as well
  1.Start the Exchange Management Shell. Click Start > Programs > Microsoft Exchange Server 2007, and then click Exchange Management Console.
  2.Click the link to "Manage Databases", and then go to "Server configuration".
  3.Select your certificate from the menu in the center of the screen (The certificate will be listed by the Friendly Name you chose when creating the CSR), and then click the link in the Actions menu to "Complete Pending Request".
  4.Browse to the certificate file you just copied to your server, then click Open > Complete.
  URGENT!! You may receive the following error: "The source data is corrupted or not properly Base64 encoded." You can ignore this error
  5.Press F5 to refresh the certificate list. Verify that it says "False" under "Self Signed".( if its 3rd party or feom CA)
  6.To enable your certificate, return to the Exchange Management Console and click the link to "Assign Services to Certificate."
  Hope this helps
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as
  Answer” if a marked post does not actually answer your question. This can be beneficial to other
  community members reading the thread.
  Regards
  Sathish

• Migrating from Exchange 2007 to exchange 2013 ( special case )

  Hello , 
  what is the BEST scenario ( fastest , most efficient , most secure in terms of data loss )  , to migrate from exchange 2007 ( one server , all exchange roles installed on this server , 1200 mailbox ) , to exchange 2013 ? 
  knowing my environment needs to be connected to their mailboxes , 24/7 ! 
  it's very frustrating . 
  and i have no clue even if this is the right place to post about this , if not please refer me as to where to post . 
  Also , All my domain controllers are 2008 .

  It's fine to post your question here, and you are fine with Server 2008 Domain Controllers - that is a supported scenario.
  If you haven't performed such an upgrade and you need to have 24/7 mailbox availability, I would seriously recommend you to duplicate the production environment on a test network and run through the upgrade at least once.
  Most people neglect the Outlook clients requirements - they need to be updated and include several specific updates, which allow the automatic reconfiguration of internal clients. If you are preparing for this upgrade, you should be aware that all internal
  Outlook clients switch to Outlook Anywhere. Clients that miss these updates will get connectivity problems.
  Another common problem is the configuration of the Exchange URL - I mean the Exchange 2013 URL and the modified Exchange 2007 URL that will allow the co-existence. In your case, you definitely need to plan for co-existence - that includes requesting and
  installing a new Exchange UCC (Multiple Domain Certificate) on both Exchange servers, configuring Split DNS (or preferably PinPoint DNS zones), and correct timing when replacing the existing Certificate on the Exchange 2007 server. Failure to configure the
  correct URL (and it's quite easy to miss one, so triple check them) will get you in trouble.
  Once you get through the switchover (switching the mail flow and Client Access through the Exchange 2013 server), move just a couple of test mailboxes and check the result.
  Finally, if you are moving the Public Folders, make sure that the lock is really applied before you complete the process. Most people proceed right away and that get's the process stuck. If you can afford it (the mailboxes are already on the Exchange 2013
  server at that point), just restart the Exchange 2007 server (after locking the Public Folders) and then complete the Public Folder migration.
  Good Luck with the project!
  Step by Step Screencasts and Video Tutorials

• Exchange 2013 EAC will not run with Exchange 2010 CAS\HT servers shut down.

  Hi Folks,
  A little background - We have just migrated all our user mailboxes and public folders to Office 365 using a hybrid configuration. Now that the migration is essentially finished, I'd like to decommission our on-prem Exchange infrastructure and remove the
  hybrid config. We are using dirsync with password sync to replicate our AD to the cloud.
  I've read that even if you remove your hybrid configuration, it's a good idea to keep one on-prem Exchange server around so you can edit Exchange attribs (such as email addresses) in a supported manner, rather than using ASDI edit, etc.
  To this end, I installed a single Exchange 2013 CA\MBX server. After installation, the EAC worked fine, and I was able to view our on-prem users, groups, etc. Last week, I shut down our two Exchange 2010 CAS\HT servers as a test to see if anything broke
  prior to decommissioning them (these were the hybrid servers as well). After doing so, the Exchange 2013 EAC no longer works for some reason, and behaves in a very bizarre fashion. About once every 20 times or so, it will actually start and run. The other
  times, it just has you enter your creds, then generates an HTTP 500 internal server error after entering them. It seems to make no difference if you attempt to access it by the fqdn, hostname, or localhost right on the box itself. Same behavior on Chrome or
  IE.
  Today as a test, I started up one of the 2010 CAS servers and lo and behold, the 2013 EAC ran without difficulty again. Any idea why this might be so? Thanks for any help,
  Ian

  Hi,
  From your description, I recommend you use the following URL to check if you can access EAC. I see it works for several people about this issue.
  https://<Exchange 2013 CAS FQDN>/ecp?ExchClientVer=15
  Hope it helps.
  Best regards,
  Amy Wang
  TechNet Community Support

• Autodiscover after deploying Exchange 2013 CAS in a Exchange 2007 organization

  I am deploying Exchange 2013 CAS in a Exchange 2007 organization. Will all the clients be directed to the Exchange 2013 CAS servers for autodiscover. Will there be any issue with outlook clients connecting to their mailbox servers in Exchange 2007

  All clients should be pointed to the Exchange 2013 CAS for the autodiscover service. This means:
  A. For local clients
  You need to modify the autodiscover Internal URI on the Exchange 2007 server and point it to Exchange 2013. For example, if you are using split-brain DNS on the Local Network and mail.yourdomain.com is resolved to Exchange 2013 local IP, the Exchange 2007
  Autodiscover Internal URI should be "https://mail.yourdomain.com/Autodiscover/Autodiscover.xml" 
  Exactly the same way, you should modify the Exchange 2013 Autodiscover Internal URI and use the same address "https://mail.yourdomain.com/Autodiscover/Autodiscover.xml"
  B. For remote clients - all clients will hit the Exchange 2013 CAS first (ex. mail.yourdomain.com)
  If the user's mailbox is on Exchange 2007 server, the correct XML will be generated and provided, and the user will be proxied for Outlook Anywhere/ActiveSync and redirected for OWA/WebServices
  If the user's mailbox is on Exchange 2013 server, the correct XML will be generated and provided
  Bottom line - based on the location of the user's mailbox, Exchange 2013 will generate and provide the correct XML file (there is not proxying involved in providing the Autodiscover info).

• Exchange 2013 CAS IMAP Proxying to offline 2007 CAS Server

  We're running in coexistence mode with 2013 and 2007.  We had one of our 2007 CAS servers go down.  We have IMAP users that keep getting a login prompt now.  Looking at the IMAP logs it's failing when the 2013 CAS server tries
  to proxy the IMAP session to the down 2007 CAS server.  Is there any way to stop 2013 from attempting to proxy to the down 2007 CAS server?  We have 3 other 2007 CAS servers that are available.

  Hi,
  I‘m following up this thread and if you have any question about the above information I provided, please feel free to let me know.
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Angela Shi
  TechNet Community Support

• Exchange 2007 migrate to Exchange 2013

  Dear MS Support,
  I did migrate Exchange 2007 to Exchange 2013
  The install complete, the exchange 2007 and 2013 can work together successful
  DAG has created and work fine
  Below is capture on exchange group after migrate
  The exchange 2007 work fine with outlook anywhere, all the users can connected and send and receive mail in 5 year
  The cerificate enroll with
  Alternative Names: mail.biendongpoc.vn
  The autodiscover on exchange 2007:
  [PS] C:\Windows\system32>Get-ClientAccessServer | ft Identity,*uri* -AutoSize
  Creating a new session for implicit remoting of "Get-ClientAccessServer" command...
  Identity      AutoDiscoverServiceInternalUri
  BDPOC-SERVER1 https://mail.biendongpoc.vn/Autodiscover/Autodiscover.xml
  I have created new certificate for Two exchange 2013
  The certificate enroll with
  Alternative Names: cas.biendongpoc.vn
  I have create cname cas point to dag  on DNS server
  I have create A record autodiscover.biendongpoc.vn point to IP of dag.biendongpoc.vn
  I did migrate mailbox from exchange 2007 to exchange 2013, the migrate successful , the outlook can
  connected to Exchange 2013 and working perfectly
  Our problem, the account exchange 2007 work not stable ,
  sometime it connect to mail.abc.com, sometime it connect to cas.abc.com
  If the outlook connect to cas.biendongpoc.vn, the request put password and i can't connect to exchange 2007, if outlook connect to mail.biendongpoc.vn i can connect
  It is not stable for current exchange 2007
  Anyone who can help me ?
  Thanks

  Hi
  huynhtrongnhatminh,
  I suggest you please go through this article.
  http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
  Please check this for step by step guide.
  http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-1-step-by-step-exchange-2007-to-2013-migration.aspx
  Please point your autodiscover and commonname to Exchange2013 CAS
  Please configure your URLs. There is no CAS array in Exchange2013 but the concept of single name space remains.
  You need to have an A record (e.g. legacy.domain.com) in yout external DNS and add that name (legacy.domain.com) in your certificate for exchange 2007 users to have access externally. 
  Configure your commonname URLs in Exchange2013. Point commonname and autodiscover to exchange2013 in both external and internal DNS servers
  Configure URLshttp://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2013/
  No CASARRAY in 2013http://exchangeserverpro.com/exchange-2013-client-access-server-high-availability/
  Please configure splitdns or pinpoint DNS in your internal DNS server if not configured
  http://exchange.sembee.mobi/network/split-dns.asp
  Thanks, MAS
  Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• Active Sync not Working - Exchange 2013 with Exchange 2007

  Hi
  Recently we introduced Exchange 2013 servers to our existing Exchange 2007 organization. The servers are just configured with default self-signed certificate and URLs are pointing to server FQDNs.
  Everything is at default as far as configuration is concerned in Exchange 2013.
  After just introducing the Exchange 2013 CAS servers was checking the ActiveSync functionality using a new mailbox created on Exchange 2013. We have not yet published our Exchange 2013 servers to
  Internet (before even doing that, want to ensure ActiveSync is working). We're connecting using our Private network and trying to make a connection to CAS FQDN. Checked a iOS7 (iPad) and a Windows Phone device, both of them configure successfully (with the
  certificate warning, which is obvious) but when it comes to synchronizing the contents they fail saying "Cannot Get Mail. Connection to Server Failed"
  Checked the IIS Logs on CAS server and found that the device makes a successful connection - as is indicated by successful configuration but thereafter nothing happnes on the device and no error
  logged in Event Viewer as well. Could it be that the mailbox server is denying the connection....how to check. How to go ahead with the troubleshooting.
  Everything else expect ActiveSync is working perfectly. Tries accessing the ActiveSync VD using the link
  HTTPS://Server_FQDN/Microsoft-Server-ActiveSync, this pops-up a window asking for credentials – which is normal behavior indicating ActiveSync virtual directory is good.
  Thanks
  Taranjeet Singh
  zamn

  Hey Guys
  Just to update here my initial testing revieled that if I run Test-ActiveSyncConnectivity by not specifying the -URL parameter like this:
  Test-ActiveSyncConnectivity -MailboxCredential (get-credential User1) |FL
   the command fails for an obvious reason as shown in the result. The command is getting the mailbox server name in the ActiveSync URL returned automatically:
  ClientAccessServer         
  : SITE-MBX-02.ABC.COM
  Scenario                   
  : Options
  ScenarioDescription        
  : Issue an HTTP OPTIONS command to retrieve the Exchange ActiveSync protocol version.
  PerformanceCounterName     
  : DirectPush Latency
  Result                     
  : Failure
  Error                      
  : The OPTIONS command returned HTTP 200, but the Exchange ActiveSync header
                             (MS-Server-ActiveSync) wasn't returned. The request likely did not reach a
  Client Access
  server, either because
  - A proxy server intervened (check the headers below for any that may have been
  returned by a proxy)
  -The virtual directory could not be reached:
  https://SITE-MBX-02.ABC.COM/Microsoft-Server-ActiveSync
                       - The virtual directory does not point to a Client Access server:
  https://SITE-MBX-02.ABC.COM/Microsoft-Server-ActiveSync
  If however, I manually provide the -URL parameter value with FQDN of CAS server:
  Test-ActiveSyncConnectivity -URL
  https://SITE-CAS-02.ABC.COM/Microsoft-Server-ActiveSync
  -MailboxCredential (get-credential User1) |FL
  it succeeds.
  We have our CAS and Mailbox servers installed on separate systems - no colocation.
  This is strange and makes me curious to find out, where does the command without -URL parameter is getting the ActiveSync URL that has mailbox server in it. I checked that the new Exchange 2013 CAS servers have InternalURL parameteres populated with their
  own FQDNs and the ExternalURL is empty for now.
  Need help in drilling down this further.
  Thanks
  Taranjeet Singh 
  zamn