RE: Ex2003 to 2010 Transition
Install Mailbox Failed: Update: On Install setup, it failed the mailbox role with “Couldn’t resolve the user or group “domain.local/Microsoft Exchange Security Groups/Discovery Management.” Blablabla. Since I’m working in an off-line lab, I ran with a hunch and deleted the trust relationship between the forest/domain and a remote office single DC/forest/domain. I forget to clean that out when setting up my lab. Re-ran the install, selected Mailbox Role and WooLa, successful. Joseph Danielsen From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, November 09, 2011 6:45 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition No different than what I wrote before – just install a CAS instead of a multi-role server. ☺ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Harry Singh [mailto:hbo...@gmail.com] Sent: Wednesday, November 09, 2011 5:22 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition +1 on Michael's article, it certainly helped me through our transition earlier in the year. I now wonder if Michael has an article on installing the first CAS into the same AD site and Exch Org. :) (eventually want to build a CAS array but want to stand up a single CAS first) Not having started this project yet, I'm sure, like most things MS, technet is my friend. On Wednesday, November 9, 2011, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Ah. It will be interesting to see what that will do. We've been dithering between installing the current SCCM and waiting for 2012. Not sure how we're going to land just yet. Kurt On Wed, Nov 9, 2011 at 12:59, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The MDM solution is System Center Configuration Manager 2012. It's currently available in public beta. The _management_ piece comes from ActiveSync. I've only played with it using a 3rd party public cert. I don't know how it handles in-house CAs. AFAIK, Autodiscover doesn't have a mechanism for distributing certificates for ActiveSync, but that's not really my area of expertise. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, November 09, 2011 3:53 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition Yes, that follows. I think that's something we're going to have to evaluate later - it's certainly something to ponder. I expect that distributing the cert chain, even to the 50-75 iOS/Android units I expect will be active about then will not be a trivial task. OTOH, I hear that MSFT is prepping an MDM solution, which might alleviate those concerns. Kurt On Wed, Nov 9, 2011 at 11:44, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The real question is whether you are going to use your internal CA for Exchange and ActiveSync or not. If you are, then the root certificate and the chain to the root will need to be loaded on all those devices (and any computers running Outlook that are not part of the domain - I presume that you are/will be publishing certificates to AD so that domain-joined devices can find the root). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, November 09, 2011 2:34 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition I am (very slowly, amid other projects) standing up 2008R2 ADCS - two-tier, with an offline root. I expect that around the middle of next calendar year we'll be migrating from Exchange 2003 to 2010. We are getting a lot of folks in with iPhones, and a few with Androids. Any thoughts on how this will affect ActiveSync for those users? Kurt On Wed, Nov 9, 2011 at 11:06, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: You have touched on what, for some, is the most confusing aspect of a migration. If you are going to be in coexistence mode, you will need at least one additional certificate – the legacy certificate. This is used to securely redirect users on the new server to the old server when necessary. You MAY require a second name – the autodiscover name. You will require it if some of your computers are not domain joined. AND if you don’t have it, you’ll need to create a SRV record I RECOMMEND you get a new UCC certificate that has 3 names: mail, autodiscover, legacy – available for about USD $60 per year from certificatesforexchange.comhttp://certificatesforexchange.com. It really makes configuring things much easier. I wrote a mini-sidebar-article for EMO early last year that covers this: You’ve decided to upgrade from Exchange 2003 to Exchange
Ex2003 to 2010 Transition
Mike – I have a dumb question. Step 6. How do I know if I need Exchange Web Services? I’ve just begun my reading of it in Help but wanted to be sure I’m not missing functionality by not installing or over installing with it. Thanks Joseph Danielsen From: ExchList [mailto:exchl...@networkblade.com] Sent: Thursday, November 10, 2011 9:55 AM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition Install Mailbox Failed: Update: On Install setup, it failed the mailbox role with “Couldn’t resolve the user or group “domain.local/Microsoft Exchange Security Groups/Discovery Management.” Blablabla. Since I’m working in an off-line lab, I ran with a hunch and deleted the trust relationship between the forest/domain and a remote office single DC/forest/domain. I forget to clean that out when setting up my lab. Re-ran the install, selected Mailbox Role and WooLa, successful. Joseph Danielsen From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, November 09, 2011 6:45 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition No different than what I wrote before – just install a CAS instead of a multi-role server. ☺ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Harry Singh [mailto:hbo...@gmail.com] Sent: Wednesday, November 09, 2011 5:22 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition +1 on Michael's article, it certainly helped me through our transition earlier in the year. I now wonder if Michael has an article on installing the first CAS into the same AD site and Exch Org. :) (eventually want to build a CAS array but want to stand up a single CAS first) Not having started this project yet, I'm sure, like most things MS, technet is my friend. On Wednesday, November 9, 2011, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Ah. It will be interesting to see what that will do. We've been dithering between installing the current SCCM and waiting for 2012. Not sure how we're going to land just yet. Kurt On Wed, Nov 9, 2011 at 12:59, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The MDM solution is System Center Configuration Manager 2012. It's currently available in public beta. The _management_ piece comes from ActiveSync. I've only played with it using a 3rd party public cert. I don't know how it handles in-house CAs. AFAIK, Autodiscover doesn't have a mechanism for distributing certificates for ActiveSync, but that's not really my area of expertise. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, November 09, 2011 3:53 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition Yes, that follows. I think that's something we're going to have to evaluate later - it's certainly something to ponder. I expect that distributing the cert chain, even to the 50-75 iOS/Android units I expect will be active about then will not be a trivial task. OTOH, I hear that MSFT is prepping an MDM solution, which might alleviate those concerns. Kurt On Wed, Nov 9, 2011 at 11:44, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The real question is whether you are going to use your internal CA for Exchange and ActiveSync or not. If you are, then the root certificate and the chain to the root will need to be loaded on all those devices (and any computers running Outlook that are not part of the domain - I presume that you are/will be publishing certificates to AD so that domain-joined devices can find the root). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, November 09, 2011 2:34 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition I am (very slowly, amid other projects) standing up 2008R2 ADCS - two-tier, with an offline root. I expect that around the middle of next calendar year we'll be migrating from Exchange 2003 to 2010. We are getting a lot of folks in with iPhones, and a few with Androids. Any thoughts on how this will affect ActiveSync for those users? Kurt On Wed, Nov 9, 2011 at 11:06, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: You have touched on what, for some, is the most confusing aspect of a migration. If you are going to be in coexistence mode, you will need at least one additional certificate – the legacy certificate. This is used to securely redirect users on the new server to the old server when necessary. You MAY require a second name – the autodiscover name. You will require it if some of your computers are not domain joined. AND if you don’t have it, you’ll
Mobile Access Problems After Mailbox Move from 2003 to 2010
We have a number of incidents open with users whose mailboxes were moved last night. (This is our first large number of mailbox moves) One or two from the iOS customers, but MANY from Android, Windoes Mobile (pre V7), and Symbian customers. For some, a hard reset of their phone and possibly a deletion and recreation of their mail config solved the problem. Some of the mobile devices are stubbornly not working after that. Also, we do not support BES for our users with Blackberries, so they access their mail through BIS. (don't ask - politics) We cannot get their devices to sync at all after the migration. Anyone have the same problems? Thx in advance for any assistance. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Mobile Access Problems After Mailbox Move from 2003 to 2010
So tell us how you configured legacy interop between 2003 and 2010. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Adm [mailto:sms...@gmail.com] Sent: Thursday, November 10, 2011 2:40 PM To: MS-Exchange Admin Issues Subject: Mobile Access Problems After Mailbox Move from 2003 to 2010 We have a number of incidents open with users whose mailboxes were moved last night. (This is our first large number of mailbox moves) One or two from the iOS customers, but MANY from Android, Windoes Mobile (pre V7), and Symbian customers. For some, a hard reset of their phone and possibly a deletion and recreation of their mail config solved the problem. Some of the mobile devices are stubbornly not working after that. Also, we do not support BES for our users with Blackberries, so they access their mail through BIS. (don't ask - politics) We cannot get their devices to sync at all after the migration. Anyone have the same problems? Thx in advance for any assistance. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Ex2003 to 2010 Transition
Unless you have BIS devices or are using scripts that need EWS, you probably don’t need it. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: ExchList [mailto:exchl...@networkblade.com] Sent: Thursday, November 10, 2011 2:24 PM To: MS-Exchange Admin Issues Subject: Ex2003 to 2010 Transition Mike – I have a dumb question. Step 6. How do I know if I need Exchange Web Services? I’ve just begun my reading of it in Help but wanted to be sure I’m not missing functionality by not installing or over installing with it. Thanks Joseph Danielsen From: ExchList [mailto:exchl...@networkblade.com]mailto:[mailto:exchl...@networkblade.com] Sent: Thursday, November 10, 2011 9:55 AM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition Install Mailbox Failed: Update: On Install setup, it failed the mailbox role with “Couldn’t resolve the user or group “domain.local/Microsoft Exchange Security Groups/Discovery Management.” Blablabla. Since I’m working in an off-line lab, I ran with a hunch and deleted the trust relationship between the forest/domain and a remote office single DC/forest/domain. I forget to clean that out when setting up my lab. Re-ran the install, selected Mailbox Role and WooLa, successful. Joseph Danielsen From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Wednesday, November 09, 2011 6:45 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition No different than what I wrote before – just install a CAS instead of a multi-role server. ☺ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Harry Singh [mailto:hbo...@gmail.com]mailto:[mailto:hbo...@gmail.com] Sent: Wednesday, November 09, 2011 5:22 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition +1 on Michael's article, it certainly helped me through our transition earlier in the year. I now wonder if Michael has an article on installing the first CAS into the same AD site and Exch Org. :) (eventually want to build a CAS array but want to stand up a single CAS first) Not having started this project yet, I'm sure, like most things MS, technet is my friend. On Wednesday, November 9, 2011, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Ah. It will be interesting to see what that will do. We've been dithering between installing the current SCCM and waiting for 2012. Not sure how we're going to land just yet. Kurt On Wed, Nov 9, 2011 at 12:59, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The MDM solution is System Center Configuration Manager 2012. It's currently available in public beta. The _management_ piece comes from ActiveSync. I've only played with it using a 3rd party public cert. I don't know how it handles in-house CAs. AFAIK, Autodiscover doesn't have a mechanism for distributing certificates for ActiveSync, but that's not really my area of expertise. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, November 09, 2011 3:53 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition Yes, that follows. I think that's something we're going to have to evaluate later - it's certainly something to ponder. I expect that distributing the cert chain, even to the 50-75 iOS/Android units I expect will be active about then will not be a trivial task. OTOH, I hear that MSFT is prepping an MDM solution, which might alleviate those concerns. Kurt On Wed, Nov 9, 2011 at 11:44, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The real question is whether you are going to use your internal CA for Exchange and ActiveSync or not. If you are, then the root certificate and the chain to the root will need to be loaded on all those devices (and any computers running Outlook that are not part of the domain - I presume that you are/will be publishing certificates to AD so that domain-joined devices can find the root). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, November 09, 2011 2:34 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition I am (very slowly, amid other projects) standing up 2008R2 ADCS - two-tier, with an offline root. I expect that around the middle of next calendar year we'll be migrating from Exchange 2003 to 2010. We are getting a lot of folks in with iPhones, and a few with Androids. Any thoughts on how this will affect ActiveSync for those users? Kurt On Wed, Nov 9, 2011 at 11:06, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: You have
Re: Ex2003 to 2010 Transition
coincidentally, we're attempting to setup a shared calendar feature in sharepoint 2010 and from within the setup of the user whom we want pull this calendar, sharepoint is asking for two things: Outlook web access URL Exchange Web Service URL. Note entirely sure whats the url that each is referring to and before i hop on technet, just wanted to ping the list. I've tried different iterations of my OWA address, but that isn't working. On Thu, Nov 10, 2011 at 3:33 PM, Michael B. Smith mich...@smithcons.comwrote: Unless you have BIS devices or are using scripts that need EWS, you probably don’t need it. ** ** Regards, ** ** Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com ** ** *From:* ExchList [mailto:exchl...@networkblade.com] *Sent:* Thursday, November 10, 2011 2:24 PM *To:* MS-Exchange Admin Issues *Subject:* Ex2003 to 2010 Transition ** ** Mike – I have a dumb question. Step 6. How do I know if I need Exchange Web Services? I’ve just begun my reading of it in Help but wanted to be sure I’m not missing functionality by not installing or over installing with it. ** ** Thanks ** ** Joseph Danielsen ** ** ** ** *From:* ExchList [mailto:exchl...@networkblade.com] *Sent:* Thursday, November 10, 2011 9:55 AM *To:* MS-Exchange Admin Issues *Subject:* RE: Ex2003 to 2010 Transition ** ** Install Mailbox Failed: Update: On Install setup, it failed the mailbox role with “Couldn’t resolve the user or group “domain.local/Microsoft Exchange Security Groups/Discovery Management.” Blablabla. Since I’m working in an off-line lab, I ran with a hunch and deleted the trust relationship between the forest/domain and a remote office single DC/forest/domain. I forget to clean that out when setting up my lab. Re-ran the install, selected Mailbox Role and WooLa, successful. Joseph Danielsen *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Sent:* Wednesday, November 09, 2011 6:45 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Ex2003 to 2010 Transition No different than what I wrote before – just install a CAS instead of a multi-role server. J Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Harry Singh [mailto:hbo...@gmail.com] *Sent:* Wednesday, November 09, 2011 5:22 PM *To:* MS-Exchange Admin Issues *Subject:* Re: Ex2003 to 2010 Transition +1 on Michael's article, it certainly helped me through our transition earlier in the year. I now wonder if Michael has an article on installing the first CAS into the same AD site and Exch Org. :) (eventually want to build a CAS array but want to stand up a single CAS first) Not having started this project yet, I'm sure, like most things MS, technet is my friend. On Wednesday, November 9, 2011, Kurt Buff kurt.b...@gmail.com wrote: Ah. It will be interesting to see what that will do. We've been dithering between installing the current SCCM and waiting for 2012. Not sure how we're going to land just yet. Kurt On Wed, Nov 9, 2011 at 12:59, Michael B. Smith mich...@smithcons.com wrote: The MDM solution is System Center Configuration Manager 2012. It's currently available in public beta. The _management_ piece comes from ActiveSync. I've only played with it using a 3rd party public cert. I don't know how it handles in-house CAs. AFAIK, Autodiscover doesn't have a mechanism for distributing certificates for ActiveSync, but that's not really my area of expertise. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, November 09, 2011 3:53 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition Yes, that follows. I think that's something we're going to have to evaluate later - it's certainly something to ponder. I expect that distributing the cert chain, even to the 50-75 iOS/Android units I expect will be active about then will not be a trivial task. OTOH, I hear that MSFT is prepping an MDM solution, which might alleviate those concerns. Kurt On Wed, Nov 9, 2011 at 11:44, Michael B. Smith mich...@smithcons.com wrote: The real question is whether you are going to use your internal CA for Exchange and ActiveSync or not. If you are, then the root certificate and the chain to the root will need to be loaded on all those devices (and any computers running Outlook that are not part of the domain - I presume that you are/will be publishing certificates to AD so that domain-joined devices can find the root). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com
RE: Ex2003 to 2010 Transition
https://webmail.example.com/owa -- OWA URL https://webmail.example.com/EWS/Exchange.asmxhttps://mail.example.com/EWS/Exchange.asmx -- EWS URL Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Harry Singh [mailto:hbo...@gmail.com] Sent: Thursday, November 10, 2011 3:45 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition coincidentally, we're attempting to setup a shared calendar feature in sharepoint 2010 and from within the setup of the user whom we want pull this calendar, sharepoint is asking for two things: Outlook web access URL Exchange Web Service URL. Note entirely sure whats the url that each is referring to and before i hop on technet, just wanted to ping the list. I've tried different iterations of my OWA address, but that isn't working. On Thu, Nov 10, 2011 at 3:33 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Unless you have BIS devices or are using scripts that need EWS, you probably don’t need it. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: ExchList [mailto:exchl...@networkblade.commailto:exchl...@networkblade.com] Sent: Thursday, November 10, 2011 2:24 PM To: MS-Exchange Admin Issues Subject: Ex2003 to 2010 Transition Mike – I have a dumb question. Step 6. How do I know if I need Exchange Web Services? I’ve just begun my reading of it in Help but wanted to be sure I’m not missing functionality by not installing or over installing with it. Thanks Joseph Danielsen From: ExchList [mailto:exchl...@networkblade.com]mailto:[mailto:exchl...@networkblade.com] Sent: Thursday, November 10, 2011 9:55 AM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition Install Mailbox Failed: Update: On Install setup, it failed the mailbox role with “Couldn’t resolve the user or group “domain.local/Microsoft Exchange Security Groups/Discovery Management.” Blablabla. Since I’m working in an off-line lab, I ran with a hunch and deleted the trust relationship between the forest/domain and a remote office single DC/forest/domain. I forget to clean that out when setting up my lab. Re-ran the install, selected Mailbox Role and WooLa, successful. Joseph Danielsen From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Wednesday, November 09, 2011 6:45 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition No different than what I wrote before – just install a CAS instead of a multi-role server. ☺ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Harry Singh [mailto:hbo...@gmail.com]mailto:[mailto:hbo...@gmail.com] Sent: Wednesday, November 09, 2011 5:22 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition +1 on Michael's article, it certainly helped me through our transition earlier in the year. I now wonder if Michael has an article on installing the first CAS into the same AD site and Exch Org. :) (eventually want to build a CAS array but want to stand up a single CAS first) Not having started this project yet, I'm sure, like most things MS, technet is my friend. On Wednesday, November 9, 2011, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Ah. It will be interesting to see what that will do. We've been dithering between installing the current SCCM and waiting for 2012. Not sure how we're going to land just yet. Kurt On Wed, Nov 9, 2011 at 12:59, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The MDM solution is System Center Configuration Manager 2012. It's currently available in public beta. The _management_ piece comes from ActiveSync. I've only played with it using a 3rd party public cert. I don't know how it handles in-house CAs. AFAIK, Autodiscover doesn't have a mechanism for distributing certificates for ActiveSync, but that's not really my area of expertise. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, November 09, 2011 3:53 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition Yes, that follows. I think that's something we're going to have to evaluate later - it's certainly something to ponder. I expect that distributing the cert chain, even to the 50-75 iOS/Android units I expect will be active about then will not be a trivial task. OTOH, I hear that MSFT is prepping an MDM solution, which might alleviate those concerns. Kurt On Wed, Nov 9, 2011 at 11:44, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The real question is whether you are going to use your internal CA for Exchange and ActiveSync or not. If you are, then the root certificate and the chain to the root will need to be loaded on all
Re: Mobile Access Problems After Mailbox Move from 2003 to 2010
CAS array and legacy.domain.com have been established and working fine. Is that what you were looking for? On Thu, Nov 10, 2011 at 3:31 PM, Michael B. Smith mich...@smithcons.comwrote: So tell us how you configured legacy interop between 2003 and 2010. ** ** Regards, ** ** Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com ** ** *From:* Adm [mailto:sms...@gmail.com] *Sent:* Thursday, November 10, 2011 2:40 PM *To:* MS-Exchange Admin Issues *Subject:* Mobile Access Problems After Mailbox Move from 2003 to 2010 ** ** We have a number of incidents open with users whose mailboxes were moved last night. (This is our first large number of mailbox moves) One or two from the iOS customers, but MANY from Android, Windoes Mobile (pre V7), and Symbian customers. For some, a hard reset of their phone and possibly a deletion and recreation of their mail config solved the problem. Some of the mobile devices are stubbornly not working after that. Also, we do not support BES for our users with Blackberries, so they access their mail through BIS. (don't ask - politics) We cannot get their devices to sync at all after the migration. Anyone have the same problems? Thx in advance for any assistance. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Ex2003 to 2010 Transition
Thanks. I'm getting an error about noting being able to establish an SSL/TLS connection, but i'll hop on google/technet to figure that out. Thanks again. On Thu, Nov 10, 2011 at 3:55 PM, Michael B. Smith mich...@smithcons.comwrote: https://webmail.example.com/owa -- OWA URL https://webmail.example.com/EWS/Exchange.asmxhttps://mail.example.com/EWS/Exchange.asmx-- EWS URL ** ** Regards, ** ** Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com ** ** *From:* Harry Singh [mailto:hbo...@gmail.com] *Sent:* Thursday, November 10, 2011 3:45 PM *To:* MS-Exchange Admin Issues *Subject:* Re: Ex2003 to 2010 Transition ** ** coincidentally, we're attempting to setup a shared calendar feature in sharepoint 2010 and from within the setup of the user whom we want pull this calendar, sharepoint is asking for two things: ** ** Outlook web access URL Exchange Web Service URL. ** ** Note entirely sure whats the url that each is referring to and before i hop on technet, just wanted to ping the list. I've tried different iterations of my OWA address, but that isn't working. ** ** ** ** On Thu, Nov 10, 2011 at 3:33 PM, Michael B. Smith mich...@smithcons.com wrote: Unless you have BIS devices or are using scripts that need EWS, you probably don’t need it. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* ExchList [mailto:exchl...@networkblade.com] *Sent:* Thursday, November 10, 2011 2:24 PM *To:* MS-Exchange Admin Issues *Subject:* Ex2003 to 2010 Transition Mike – I have a dumb question. Step 6. How do I know if I need Exchange Web Services? I’ve just begun my reading of it in Help but wanted to be sure I’m not missing functionality by not installing or over installing with it. Thanks Joseph Danielsen *From:* ExchList [mailto:exchl...@networkblade.com] *Sent:* Thursday, November 10, 2011 9:55 AM *To:* MS-Exchange Admin Issues *Subject:* RE: Ex2003 to 2010 Transition Install Mailbox Failed: Update: On Install setup, it failed the mailbox role with “Couldn’t resolve the user or group “domain.local/Microsoft Exchange Security Groups/Discovery Management.” Blablabla. Since I’m working in an off-line lab, I ran with a hunch and deleted the trust relationship between the forest/domain and a remote office single DC/forest/domain. I forget to clean that out when setting up my lab. Re-ran the install, selected Mailbox Role and WooLa, successful. Joseph Danielsen *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Sent:* Wednesday, November 09, 2011 6:45 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Ex2003 to 2010 Transition No different than what I wrote before – just install a CAS instead of a multi-role server. J Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Harry Singh [mailto:hbo...@gmail.com] *Sent:* Wednesday, November 09, 2011 5:22 PM *To:* MS-Exchange Admin Issues *Subject:* Re: Ex2003 to 2010 Transition +1 on Michael's article, it certainly helped me through our transition earlier in the year. I now wonder if Michael has an article on installing the first CAS into the same AD site and Exch Org. :) (eventually want to build a CAS array but want to stand up a single CAS first) Not having started this project yet, I'm sure, like most things MS, technet is my friend. On Wednesday, November 9, 2011, Kurt Buff kurt.b...@gmail.com wrote: Ah. It will be interesting to see what that will do. We've been dithering between installing the current SCCM and waiting for 2012. Not sure how we're going to land just yet. Kurt On Wed, Nov 9, 2011 at 12:59, Michael B. Smith mich...@smithcons.com wrote: The MDM solution is System Center Configuration Manager 2012. It's currently available in public beta. The _management_ piece comes from ActiveSync. I've only played with it using a 3rd party public cert. I don't know how it handles in-house CAs. AFAIK, Autodiscover doesn't have a mechanism for distributing certificates for ActiveSync, but that's not really my area of expertise. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, November 09, 2011 3:53 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition Yes, that follows. I think that's something we're going to have to evaluate later - it's certainly something to ponder. I expect that distributing the cert chain, even to the 50-75
RE: Mobile Access Problems After Mailbox Move from 2003 to 2010
What happens when a user with an Exchange 2003 mailbox tries to sign into the Exchange 2010 CAS? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Adm [mailto:sms...@gmail.com] Sent: Thursday, November 10, 2011 3:57 PM To: MS-Exchange Admin Issues Subject: Re: Mobile Access Problems After Mailbox Move from 2003 to 2010 CAS array and legacy.domain.comhttp://legacy.domain.com have been established and working fine. Is that what you were looking for? On Thu, Nov 10, 2011 at 3:31 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: So tell us how you configured legacy interop between 2003 and 2010. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Adm [mailto:sms...@gmail.commailto:sms...@gmail.com] Sent: Thursday, November 10, 2011 2:40 PM To: MS-Exchange Admin Issues Subject: Mobile Access Problems After Mailbox Move from 2003 to 2010 We have a number of incidents open with users whose mailboxes were moved last night. (This is our first large number of mailbox moves) One or two from the iOS customers, but MANY from Android, Windoes Mobile (pre V7), and Symbian customers. For some, a hard reset of their phone and possibly a deletion and recreation of their mail config solved the problem. Some of the mobile devices are stubbornly not working after that. Also, we do not support BES for our users with Blackberries, so they access their mail through BIS. (don't ask - politics) We cannot get their devices to sync at all after the migration. Anyone have the same problems? Thx in advance for any assistance. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Mobile Access Problems After Mailbox Move from 2003 to 2010
You can try this. Go into and affected persons ad account, open the security tab (Advanced options under view if its not showing), click advanced, and check to see if the Include inheritable permissions from this object's parent is checked. If not check it and try it again from the mobile phone. Same issue as this: http://thoughtsofanidlemind.wordpress.com/2010/10/08/ex2010-insufficient-access/ or http://zahirshahblog.com/2011/05/06/solution-iphone-smartphone-active-sync-users-are-not-able-to-connect-exchange-2010-cas-active-sync-after-migrating-from-exchange-2007-cas-active-sync/ We had a ton of this when migrating from 2003 to 2010. Good luck -Greg p.s. if these users are members of certain protected groups this is normal: http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx From: Adm [mailto:sms...@gmail.com] Sent: Thursday, November 10, 2011 12:57 PM To: MS-Exchange Admin Issues Subject: Re: Mobile Access Problems After Mailbox Move from 2003 to 2010 CAS array and legacy.domain.comhttp://legacy.domain.com have been established and working fine. Is that what you were looking for? On Thu, Nov 10, 2011 at 3:31 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: So tell us how you configured legacy interop between 2003 and 2010. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Adm [mailto:sms...@gmail.commailto:sms...@gmail.com] Sent: Thursday, November 10, 2011 2:40 PM To: MS-Exchange Admin Issues Subject: Mobile Access Problems After Mailbox Move from 2003 to 2010 We have a number of incidents open with users whose mailboxes were moved last night. (This is our first large number of mailbox moves) One or two from the iOS customers, but MANY from Android, Windoes Mobile (pre V7), and Symbian customers. For some, a hard reset of their phone and possibly a deletion and recreation of their mail config solved the problem. Some of the mobile devices are stubbornly not working after that. Also, we do not support BES for our users with Blackberries, so they access their mail through BIS. (don't ask - politics) We cannot get their devices to sync at all after the migration. Anyone have the same problems? Thx in advance for any assistance. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Mobile Access Problems After Mailbox Move from 2003 to 2010
No problems at all. On Thu, Nov 10, 2011 at 4:02 PM, Michael B. Smith mich...@smithcons.comwrote: What happens when a user with an Exchange 2003 mailbox tries to sign into the Exchange 2010 CAS? ** ** Regards, ** ** Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com ** ** *From:* Adm [mailto:sms...@gmail.com] *Sent:* Thursday, November 10, 2011 3:57 PM *To:* MS-Exchange Admin Issues *Subject:* Re: Mobile Access Problems After Mailbox Move from 2003 to 2010 ** ** CAS array and legacy.domain.com have been established and working fine. Is that what you were looking for? On Thu, Nov 10, 2011 at 3:31 PM, Michael B. Smith mich...@smithcons.com wrote: So tell us how you configured legacy interop between 2003 and 2010. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Adm [mailto:sms...@gmail.com] *Sent:* Thursday, November 10, 2011 2:40 PM *To:* MS-Exchange Admin Issues *Subject:* Mobile Access Problems After Mailbox Move from 2003 to 2010 We have a number of incidents open with users whose mailboxes were moved last night. (This is our first large number of mailbox moves) One or two from the iOS customers, but MANY from Android, Windoes Mobile (pre V7), and Symbian customers. For some, a hard reset of their phone and possibly a deletion and recreation of their mail config solved the problem. Some of the mobile devices are stubbornly not working after that. Also, we do not support BES for our users with Blackberries, so they access their mail through BIS. (don't ask - politics) We cannot get their devices to sync at all after the migration. Anyone have the same problems? Thx in advance for any assistance. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Mobile Access Problems After Mailbox Move from 2003 to 2010
We're aware of the privileged user problem ... I experienced it myself :) These are regular users who have no access problems prior to the move. After the move they access everything fine via Outlook 2010, but their mobile devices aren't connecting. On Thu, Nov 10, 2011 at 4:09 PM, Greg Olson gol...@markettools.com wrote: You can try this. Go into and affected persons ad account, open the security tab (Advanced options under view if its not showing), click advanced, and check to see if the “Include inheritable permissions from this object’s parent” is checked. If not check it and try it again from the mobile phone. Same issue as this: http://thoughtsofanidlemind.wordpress.com/2010/10/08/ex2010-insufficient-access/ or http://zahirshahblog.com/2011/05/06/solution-iphone-smartphone-active-sync-users-are-not-able-to-connect-exchange-2010-cas-active-sync-after-migrating-from-exchange-2007-cas-active-sync/ ** ** We had a ton of this when migrating from 2003 to 2010. Good luck -Greg ** ** p.s. if these users are members of certain protected groups this is normal: http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx ** ** ** ** ** ** *From:* Adm [mailto:sms...@gmail.com] *Sent:* Thursday, November 10, 2011 12:57 PM *To:* MS-Exchange Admin Issues *Subject:* Re: Mobile Access Problems After Mailbox Move from 2003 to 2010 ** ** CAS array and legacy.domain.com have been established and working fine. Is that what you were looking for? On Thu, Nov 10, 2011 at 3:31 PM, Michael B. Smith mich...@smithcons.com wrote: So tell us how you configured legacy interop between 2003 and 2010. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Adm [mailto:sms...@gmail.com] *Sent:* Thursday, November 10, 2011 2:40 PM *To:* MS-Exchange Admin Issues *Subject:* Mobile Access Problems After Mailbox Move from 2003 to 2010 We have a number of incidents open with users whose mailboxes were moved last night. (This is our first large number of mailbox moves) One or two from the iOS customers, but MANY from Android, Windoes Mobile (pre V7), and Symbian customers. For some, a hard reset of their phone and possibly a deletion and recreation of their mail config solved the problem. Some of the mobile devices are stubbornly not working after that. Also, we do not support BES for our users with Blackberries, so they access their mail through BIS. (don't ask - politics) We cannot get their devices to sync at all after the migration. Anyone have the same problems? Thx in advance for any assistance. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Mobile Access Problems After Mailbox Move from 2003 to 2010
Then like Greg said - take a look at inheritable permissions... Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Adm [mailto:sms...@gmail.com] Sent: Thursday, November 10, 2011 4:31 PM To: MS-Exchange Admin Issues Subject: Re: Mobile Access Problems After Mailbox Move from 2003 to 2010 No problems at all. On Thu, Nov 10, 2011 at 4:02 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: What happens when a user with an Exchange 2003 mailbox tries to sign into the Exchange 2010 CAS? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Adm [mailto:sms...@gmail.commailto:sms...@gmail.com] Sent: Thursday, November 10, 2011 3:57 PM To: MS-Exchange Admin Issues Subject: Re: Mobile Access Problems After Mailbox Move from 2003 to 2010 CAS array and legacy.domain.comhttp://legacy.domain.com have been established and working fine. Is that what you were looking for? On Thu, Nov 10, 2011 at 3:31 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: So tell us how you configured legacy interop between 2003 and 2010. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Adm [mailto:sms...@gmail.commailto:sms...@gmail.com] Sent: Thursday, November 10, 2011 2:40 PM To: MS-Exchange Admin Issues Subject: Mobile Access Problems After Mailbox Move from 2003 to 2010 We have a number of incidents open with users whose mailboxes were moved last night. (This is our first large number of mailbox moves) One or two from the iOS customers, but MANY from Android, Windoes Mobile (pre V7), and Symbian customers. For some, a hard reset of their phone and possibly a deletion and recreation of their mail config solved the problem. Some of the mobile devices are stubbornly not working after that. Also, we do not support BES for our users with Blackberries, so they access their mail through BIS. (don't ask - politics) We cannot get their devices to sync at all after the migration. Anyone have the same problems? Thx in advance for any assistance. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Mobile Access Problems After Mailbox Move from 2003 to 2010
Ok. Sign into OWA and clear their device partnerships and see if that gets them going again. If that doesn't work, enable logging in IIS and take a look at what's happening with the connections from that level. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Adm [mailto:sms...@gmail.com] Sent: Thursday, November 10, 2011 4:37 PM To: MS-Exchange Admin Issues Subject: Re: Mobile Access Problems After Mailbox Move from 2003 to 2010 We're aware of the privileged user problem ... I experienced it myself :) These are regular users who have no access problems prior to the move. After the move they access everything fine via Outlook 2010, but their mobile devices aren't connecting. On Thu, Nov 10, 2011 at 4:09 PM, Greg Olson gol...@markettools.commailto:gol...@markettools.com wrote: You can try this. Go into and affected persons ad account, open the security tab (Advanced options under view if its not showing), click advanced, and check to see if the Include inheritable permissions from this object's parent is checked. If not check it and try it again from the mobile phone. Same issue as this: http://thoughtsofanidlemind.wordpress.com/2010/10/08/ex2010-insufficient-access/ or http://zahirshahblog.com/2011/05/06/solution-iphone-smartphone-active-sync-users-are-not-able-to-connect-exchange-2010-cas-active-sync-after-migrating-from-exchange-2007-cas-active-sync/ We had a ton of this when migrating from 2003 to 2010. Good luck -Greg p.s. if these users are members of certain protected groups this is normal: http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx From: Adm [mailto:sms...@gmail.commailto:sms...@gmail.com] Sent: Thursday, November 10, 2011 12:57 PM To: MS-Exchange Admin Issues Subject: Re: Mobile Access Problems After Mailbox Move from 2003 to 2010 CAS array and legacy.domain.comhttp://legacy.domain.com have been established and working fine. Is that what you were looking for? On Thu, Nov 10, 2011 at 3:31 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: So tell us how you configured legacy interop between 2003 and 2010. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Adm [mailto:sms...@gmail.commailto:sms...@gmail.com] Sent: Thursday, November 10, 2011 2:40 PM To: MS-Exchange Admin Issues Subject: Mobile Access Problems After Mailbox Move from 2003 to 2010 We have a number of incidents open with users whose mailboxes were moved last night. (This is our first large number of mailbox moves) One or two from the iOS customers, but MANY from Android, Windoes Mobile (pre V7), and Symbian customers. For some, a hard reset of their phone and possibly a deletion and recreation of their mail config solved the problem. Some of the mobile devices are stubbornly not working after that. Also, we do not support BES for our users with Blackberries, so they access their mail through BIS. (don't ask - politics) We cannot get their devices to sync at all after the migration. Anyone have the same problems? Thx in advance for any assistance. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Mobile Access Problems After Mailbox Move from 2003 to 2010
Thanks for the suggestions. We'll try tonight/tomorrow. Appreciate the help On Thu, Nov 10, 2011 at 4:41 PM, Michael B. Smith mich...@smithcons.comwrote: Ok. Sign into OWA and clear their device partnerships and see if that gets them going again. ** ** If that doesn’t work, enable logging in IIS and take a look at what’s happening with the connections from that level. ** ** Regards, ** ** Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com ** ** *From:* Adm [mailto:sms...@gmail.com] *Sent:* Thursday, November 10, 2011 4:37 PM *To:* MS-Exchange Admin Issues *Subject:* Re: Mobile Access Problems After Mailbox Move from 2003 to 2010 ** ** We're aware of the privileged user problem ... I experienced it myself :) These are regular users who have no access problems prior to the move. After the move they access everything fine via Outlook 2010, but their mobile devices aren't connecting. On Thu, Nov 10, 2011 at 4:09 PM, Greg Olson gol...@markettools.com wrote: You can try this. Go into and affected persons ad account, open the security tab (Advanced options under view if its not showing), click advanced, and check to see if the “Include inheritable permissions from this object’s parent” is checked. If not check it and try it again from the mobile phone. Same issue as this: http://thoughtsofanidlemind.wordpress.com/2010/10/08/ex2010-insufficient-access/ or http://zahirshahblog.com/2011/05/06/solution-iphone-smartphone-active-sync-users-are-not-able-to-connect-exchange-2010-cas-active-sync-after-migrating-from-exchange-2007-cas-active-sync/ We had a ton of this when migrating from 2003 to 2010. Good luck -Greg p.s. if these users are members of certain protected groups this is normal: http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx *From:* Adm [mailto:sms...@gmail.com] *Sent:* Thursday, November 10, 2011 12:57 PM *To:* MS-Exchange Admin Issues *Subject:* Re: Mobile Access Problems After Mailbox Move from 2003 to 2010 CAS array and legacy.domain.com have been established and working fine. Is that what you were looking for? On Thu, Nov 10, 2011 at 3:31 PM, Michael B. Smith mich...@smithcons.com wrote: So tell us how you configured legacy interop between 2003 and 2010. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Adm [mailto:sms...@gmail.com] *Sent:* Thursday, November 10, 2011 2:40 PM *To:* MS-Exchange Admin Issues *Subject:* Mobile Access Problems After Mailbox Move from 2003 to 2010 We have a number of incidents open with users whose mailboxes were moved last night. (This is our first large number of mailbox moves) One or two from the iOS customers, but MANY from Android, Windoes Mobile (pre V7), and Symbian customers. For some, a hard reset of their phone and possibly a deletion and recreation of their mail config solved the problem. Some of the mobile devices are stubbornly not working after that. Also, we do not support BES for our users with Blackberries, so they access their mail through BIS. (don't ask - politics) We cannot get their devices to sync at all after the migration. Anyone have the same problems? Thx in advance for any assistance. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Mobile Access Problems After Mailbox Move from 2003 to 2010
So our issues were exactly like you said as well. Regular users who didn't have any issues before the move from 2003. The inheritable permissions issue seems to sometimes affect normal migrated users as well as the protected group users. I only put in the protected groups at the bottom as info, as on the regular users the change sticks, and on the protected group members it reverts back in an hour or so. -Greg From: Adm [mailto:sms...@gmail.com] Sent: Thursday, November 10, 2011 1:37 PM To: MS-Exchange Admin Issues Subject: Re: Mobile Access Problems After Mailbox Move from 2003 to 2010 We're aware of the privileged user problem ... I experienced it myself :) These are regular users who have no access problems prior to the move. After the move they access everything fine via Outlook 2010, but their mobile devices aren't connecting. On Thu, Nov 10, 2011 at 4:09 PM, Greg Olson gol...@markettools.commailto:gol...@markettools.com wrote: You can try this. Go into and affected persons ad account, open the security tab (Advanced options under view if its not showing), click advanced, and check to see if the Include inheritable permissions from this object's parent is checked. If not check it and try it again from the mobile phone. Same issue as this: http://thoughtsofanidlemind.wordpress.com/2010/10/08/ex2010-insufficient-access/ or http://zahirshahblog.com/2011/05/06/solution-iphone-smartphone-active-sync-users-are-not-able-to-connect-exchange-2010-cas-active-sync-after-migrating-from-exchange-2007-cas-active-sync/ We had a ton of this when migrating from 2003 to 2010. Good luck -Greg p.s. if these users are members of certain protected groups this is normal: http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx From: Adm [mailto:sms...@gmail.commailto:sms...@gmail.com] Sent: Thursday, November 10, 2011 12:57 PM To: MS-Exchange Admin Issues Subject: Re: Mobile Access Problems After Mailbox Move from 2003 to 2010 CAS array and legacy.domain.comhttp://legacy.domain.com have been established and working fine. Is that what you were looking for? On Thu, Nov 10, 2011 at 3:31 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: So tell us how you configured legacy interop between 2003 and 2010. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Adm [mailto:sms...@gmail.commailto:sms...@gmail.com] Sent: Thursday, November 10, 2011 2:40 PM To: MS-Exchange Admin Issues Subject: Mobile Access Problems After Mailbox Move from 2003 to 2010 We have a number of incidents open with users whose mailboxes were moved last night. (This is our first large number of mailbox moves) One or two from the iOS customers, but MANY from Android, Windoes Mobile (pre V7), and Symbian customers. For some, a hard reset of their phone and possibly a deletion and recreation of their mail config solved the problem. Some of the mobile devices are stubbornly not working after that. Also, we do not support BES for our users with Blackberries, so they access their mail through BIS. (don't ask - politics) We cannot get their devices to sync at all after the migration. Anyone have the same problems? Thx in advance for any assistance. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
Re: Mobile Access Problems After Mailbox Move from 2003 to 2010
Interesting. The latest error report was: Unable to open connection to server due to security error Let me check this out further. Thx On Thu, Nov 10, 2011 at 5:16 PM, Greg Olson gol...@markettools.com wrote: So our issues were exactly like you said as well. Regular users who didn’t have any issues before the move from 2003. The inheritable permissions issue seems to sometimes affect normal “migrated” users as well as the protected group users. I only put in the protected groups at the bottom as info, as on the regular users the change sticks, and on the protected group members it reverts back in an hour or so. ** ** -Greg ** ** ** ** ** ** *From:* Adm [mailto:sms...@gmail.com] *Sent:* Thursday, November 10, 2011 1:37 PM *To:* MS-Exchange Admin Issues *Subject:* Re: Mobile Access Problems After Mailbox Move from 2003 to 2010 ** ** We're aware of the privileged user problem ... I experienced it myself :) These are regular users who have no access problems prior to the move. After the move they access everything fine via Outlook 2010, but their mobile devices aren't connecting. On Thu, Nov 10, 2011 at 4:09 PM, Greg Olson gol...@markettools.com wrote: You can try this. Go into and affected persons ad account, open the security tab (Advanced options under view if its not showing), click advanced, and check to see if the “Include inheritable permissions from this object’s parent” is checked. If not check it and try it again from the mobile phone. Same issue as this: http://thoughtsofanidlemind.wordpress.com/2010/10/08/ex2010-insufficient-access/ or http://zahirshahblog.com/2011/05/06/solution-iphone-smartphone-active-sync-users-are-not-able-to-connect-exchange-2010-cas-active-sync-after-migrating-from-exchange-2007-cas-active-sync/ We had a ton of this when migrating from 2003 to 2010. Good luck -Greg p.s. if these users are members of certain protected groups this is normal: http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx *From:* Adm [mailto:sms...@gmail.com] *Sent:* Thursday, November 10, 2011 12:57 PM *To:* MS-Exchange Admin Issues *Subject:* Re: Mobile Access Problems After Mailbox Move from 2003 to 2010 CAS array and legacy.domain.com have been established and working fine. Is that what you were looking for? On Thu, Nov 10, 2011 at 3:31 PM, Michael B. Smith mich...@smithcons.com wrote: So tell us how you configured legacy interop between 2003 and 2010. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Adm [mailto:sms...@gmail.com] *Sent:* Thursday, November 10, 2011 2:40 PM *To:* MS-Exchange Admin Issues *Subject:* Mobile Access Problems After Mailbox Move from 2003 to 2010 We have a number of incidents open with users whose mailboxes were moved last night. (This is our first large number of mailbox moves) One or two from the iOS customers, but MANY from Android, Windoes Mobile (pre V7), and Symbian customers. For some, a hard reset of their phone and possibly a deletion and recreation of their mail config solved the problem. Some of the mobile devices are stubbornly not working after that. Also, we do not support BES for our users with Blackberries, so they access their mail through BIS. (don't ask - politics) We cannot get their devices to sync at all after the migration. Anyone have the same problems? Thx in advance for any assistance. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist -- smsadm --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or
RE: Ex2003 to 2010 Transition
Mike: I followed your article to the T. When I attempt to log into OWA with a user account which has mailbox on 2003 , it redirects me to a different URL. Original URL of 2010 (mail.domain.com) then redirected to (legacy.domain.com). I knee jerk reaction was to create a public DNS record for “legacy” pointing to the same IP of “mail”. Any thoughts on this? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, November 10, 2011 3:34 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition Unless you have BIS devices or are using scripts that need EWS, you probably don’t need it. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: ExchList [mailto:exchl...@networkblade.com] Sent: Thursday, November 10, 2011 2:24 PM To: MS-Exchange Admin Issues Subject: Ex2003 to 2010 Transition Mike – I have a dumb question. Step 6. How do I know if I need Exchange Web Services? I’ve just begun my reading of it in Help but wanted to be sure I’m not missing functionality by not installing or over installing with it. Thanks Joseph Danielsen From: ExchList [mailto:exchl...@networkblade.com]mailto:[mailto:exchl...@networkblade.com] Sent: Thursday, November 10, 2011 9:55 AM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition Install Mailbox Failed: Update: On Install setup, it failed the mailbox role with “Couldn’t resolve the user or group “domain.local/Microsoft Exchange Security Groups/Discovery Management.” Blablabla. Since I’m working in an off-line lab, I ran with a hunch and deleted the trust relationship between the forest/domain and a remote office single DC/forest/domain. I forget to clean that out when setting up my lab. Re-ran the install, selected Mailbox Role and WooLa, successful. Joseph Danielsen From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Wednesday, November 09, 2011 6:45 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition No different than what I wrote before – just install a CAS instead of a multi-role server. ☺ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Harry Singh [mailto:hbo...@gmail.com]mailto:[mailto:hbo...@gmail.com] Sent: Wednesday, November 09, 2011 5:22 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition +1 on Michael's article, it certainly helped me through our transition earlier in the year. I now wonder if Michael has an article on installing the first CAS into the same AD site and Exch Org. :) (eventually want to build a CAS array but want to stand up a single CAS first) Not having started this project yet, I'm sure, like most things MS, technet is my friend. On Wednesday, November 9, 2011, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Ah. It will be interesting to see what that will do. We've been dithering between installing the current SCCM and waiting for 2012. Not sure how we're going to land just yet. Kurt On Wed, Nov 9, 2011 at 12:59, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The MDM solution is System Center Configuration Manager 2012. It's currently available in public beta. The _management_ piece comes from ActiveSync. I've only played with it using a 3rd party public cert. I don't know how it handles in-house CAs. AFAIK, Autodiscover doesn't have a mechanism for distributing certificates for ActiveSync, but that's not really my area of expertise. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, November 09, 2011 3:53 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition Yes, that follows. I think that's something we're going to have to evaluate later - it's certainly something to ponder. I expect that distributing the cert chain, even to the 50-75 iOS/Android units I expect will be active about then will not be a trivial task. OTOH, I hear that MSFT is prepping an MDM solution, which might alleviate those concerns. Kurt On Wed, Nov 9, 2011 at 11:44, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The real question is whether you are going to use your internal CA for Exchange and ActiveSync or not. If you are, then the root certificate and the chain to the root will need to be loaded on all those devices (and any computers running Outlook that are not part of the domain - I presume that you are/will be publishing certificates to AD so that domain-joined devices can find the root). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, November 09, 2011 2:34 PM To:
deleting old Exchange server from AD
I have an Exchange 2007 server that was migrated from (I think Exchange 2000) prior to me. It has rebooted itself twice in two weeks and I see two errors. To not confuse things this is just one of them. This is a single server. The old server is still on site but disconnected and powered down a few years ago. The error log reports this: Event Type:Warning Event Source:MSExchangeTransport Event Category:Routing Event ID:5020 Date:11/10/2011 Time:4:41:33 PM User:N/A Computer:SERVER1 Description: The topology doesn't contain a route to Exchange 2000 Server or Exchange Server 2003 server oldserver.domain in Routing Group CN=First Routing Group,CN=Routing Groups,CN=First Administrative Group,CN=Administrative Groups,CN=company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain in routing tables with the timestamp 11/10/2011 9:41:33 PM. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type:Error Event Source:MSExchangeTransport Event Category:Routing Event ID:5015 Date:11/10/2011 Time:4:41:33 PM User:N/A Computer:SERVER1 Description: Microsoft Exchange cannot find a route to the source transport server or home MTA server CN=oldserver,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain for connector CN=SMTP Connector,CN=Connections,CN=First Routing Group,CN=Routing Groups,CN=First Administrative Group,CN=Administrative Groups,CN=company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain in routing tables with timestamp 11/10/2011 9:41:33 PM. Microsoft Exchange is ignoring the source transport server. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. I used ADSI edit. Under config, services, MS Excahnge, company, administrative groups I see two structures. One is the current server: Exchange administrative group, servers, mycurrent server with IS-MTA-SA and Protocols underneath The other is the old server: First Admininistrative group, servers, oldserver with IS-MTA-SA-protocols underneath. To remove the old server reference can I just delete oldserver with IS-MTA-SA-protocols underneath Thanks. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
RE: Ex2003 to 2010 Transition
Legacy should point to the 2003 server. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: ExchList [mailto:exchl...@networkblade.com] Sent: Thursday, November 10, 2011 6:03 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition Mike: I followed your article to the T. When I attempt to log into OWA with a user account which has mailbox on 2003 , it redirects me to a different URL. Original URL of 2010 (mail.domain.com) then redirected to (legacy.domain.com). I knee jerk reaction was to create a public DNS record for “legacy” pointing to the same IP of “mail”. Any thoughts on this? From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Thursday, November 10, 2011 3:34 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition Unless you have BIS devices or are using scripts that need EWS, you probably don’t need it. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: ExchList [mailto:exchl...@networkblade.com]mailto:[mailto:exchl...@networkblade.com] Sent: Thursday, November 10, 2011 2:24 PM To: MS-Exchange Admin Issues Subject: Ex2003 to 2010 Transition Mike – I have a dumb question. Step 6. How do I know if I need Exchange Web Services? I’ve just begun my reading of it in Help but wanted to be sure I’m not missing functionality by not installing or over installing with it. Thanks Joseph Danielsen From: ExchList [mailto:exchl...@networkblade.com]mailto:[mailto:exchl...@networkblade.com] Sent: Thursday, November 10, 2011 9:55 AM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition Install Mailbox Failed: Update: On Install setup, it failed the mailbox role with “Couldn’t resolve the user or group “domain.local/Microsoft Exchange Security Groups/Discovery Management.” Blablabla. Since I’m working in an off-line lab, I ran with a hunch and deleted the trust relationship between the forest/domain and a remote office single DC/forest/domain. I forget to clean that out when setting up my lab. Re-ran the install, selected Mailbox Role and WooLa, successful. Joseph Danielsen From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Wednesday, November 09, 2011 6:45 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition No different than what I wrote before – just install a CAS instead of a multi-role server. ☺ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Harry Singh [mailto:hbo...@gmail.com]mailto:[mailto:hbo...@gmail.com] Sent: Wednesday, November 09, 2011 5:22 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition +1 on Michael's article, it certainly helped me through our transition earlier in the year. I now wonder if Michael has an article on installing the first CAS into the same AD site and Exch Org. :) (eventually want to build a CAS array but want to stand up a single CAS first) Not having started this project yet, I'm sure, like most things MS, technet is my friend. On Wednesday, November 9, 2011, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Ah. It will be interesting to see what that will do. We've been dithering between installing the current SCCM and waiting for 2012. Not sure how we're going to land just yet. Kurt On Wed, Nov 9, 2011 at 12:59, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The MDM solution is System Center Configuration Manager 2012. It's currently available in public beta. The _management_ piece comes from ActiveSync. I've only played with it using a 3rd party public cert. I don't know how it handles in-house CAs. AFAIK, Autodiscover doesn't have a mechanism for distributing certificates for ActiveSync, but that's not really my area of expertise. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, November 09, 2011 3:53 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition Yes, that follows. I think that's something we're going to have to evaluate later - it's certainly something to ponder. I expect that distributing the cert chain, even to the 50-75 iOS/Android units I expect will be active about then will not be a trivial task. OTOH, I hear that MSFT is prepping an MDM solution, which might alleviate those concerns. Kurt On Wed, Nov 9, 2011 at 11:44, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The real question is whether you are going to use your internal CA for Exchange and ActiveSync or not. If you are, then the root certificate and the chain to the root will need to be loaded on all those devices (and any computers running Outlook that are not part of the
RE: Ex2003 to 2010 Transition
OK then one more clarification since this is not working EXTERNALLY. Once I log onto OWA with (for example – Administrator), it redirects me to legacy.publicdomain.com/exchweb/bin/auth/owaauth.dll (which is the same public IP as mail.publicdomain.com). Internally Legacy.privatedomain.local points to 192.168.1.1 and Exch2010 points to 192.168.1.2. Externally Legacy.publicdomain.com points to x.x.x.x (same public IP as mail.publicdomain.com). Is this correct or should I setup a separate public IP address for legacy.publicdomain.com and NAT that to 192.168.1.1 From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, November 10, 2011 6:30 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition Legacy should point to the 2003 server. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: ExchList [mailto:exchl...@networkblade.com] Sent: Thursday, November 10, 2011 6:03 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition Mike: I followed your article to the T. When I attempt to log into OWA with a user account which has mailbox on 2003 , it redirects me to a different URL. Original URL of 2010 (mail.domain.com) then redirected to (legacy.domain.com). I knee jerk reaction was to create a public DNS record for “legacy” pointing to the same IP of “mail”. Any thoughts on this? From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Thursday, November 10, 2011 3:34 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition Unless you have BIS devices or are using scripts that need EWS, you probably don’t need it. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: ExchList [mailto:exchl...@networkblade.com]mailto:[mailto:exchl...@networkblade.com] Sent: Thursday, November 10, 2011 2:24 PM To: MS-Exchange Admin Issues Subject: Ex2003 to 2010 Transition Mike – I have a dumb question. Step 6. How do I know if I need Exchange Web Services? I’ve just begun my reading of it in Help but wanted to be sure I’m not missing functionality by not installing or over installing with it. Thanks Joseph Danielsen From: ExchList [mailto:exchl...@networkblade.com]mailto:[mailto:exchl...@networkblade.com] Sent: Thursday, November 10, 2011 9:55 AM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition Install Mailbox Failed: Update: On Install setup, it failed the mailbox role with “Couldn’t resolve the user or group “domain.local/Microsoft Exchange Security Groups/Discovery Management.” Blablabla. Since I’m working in an off-line lab, I ran with a hunch and deleted the trust relationship between the forest/domain and a remote office single DC/forest/domain. I forget to clean that out when setting up my lab. Re-ran the install, selected Mailbox Role and WooLa, successful. Joseph Danielsen From: Michael B. Smith [mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com] Sent: Wednesday, November 09, 2011 6:45 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition No different than what I wrote before – just install a CAS instead of a multi-role server. ☺ Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Harry Singh [mailto:hbo...@gmail.com]mailto:[mailto:hbo...@gmail.com] Sent: Wednesday, November 09, 2011 5:22 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition +1 on Michael's article, it certainly helped me through our transition earlier in the year. I now wonder if Michael has an article on installing the first CAS into the same AD site and Exch Org. :) (eventually want to build a CAS array but want to stand up a single CAS first) Not having started this project yet, I'm sure, like most things MS, technet is my friend. On Wednesday, November 9, 2011, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Ah. It will be interesting to see what that will do. We've been dithering between installing the current SCCM and waiting for 2012. Not sure how we're going to land just yet. Kurt On Wed, Nov 9, 2011 at 12:59, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: The MDM solution is System Center Configuration Manager 2012. It's currently available in public beta. The _management_ piece comes from ActiveSync. I've only played with it using a 3rd party public cert. I don't know how it handles in-house CAs. AFAIK, Autodiscover doesn't have a mechanism for distributing certificates for ActiveSync, but that's not really my area of expertise. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, November 09, 2011 3:53 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition Yes, that