Exchange 2007 Migration Outlook Anywhere Issues

undomiel · 07-17-2009, 04:08 PM

So we're in the midst of migrating from a single server 2003 to single server 2007. I'm having problems with Outlook Anywhere working properly with the Exchange 2007 server. All services have been moved over to the new server, though all mailboxes have not moved over yet. CAS agrees to proxy mailboxes that are on the 2003 server, but refuses for anything on the 2007 server. Rpcping is returning exception 1722 when I test ports 6001, 6002 and 6004 on the new server. Oddly enough it returns exception 5 on the old server for those ports, which is supposed to be access denied according to this article How to use the RPC Ping utility to troubleshoot connectivity issues with the Exchange over the Internet feature in Outlook 2007 and in Outlook 2003 but Outlook Anywhere works for mailboxes on that server. I checked ValidPorts according to this article You Had Me At EHLO... : How does Outlook Anywhere work (and not work)? which looks correct. Even went through the steps for taking dsproxy out of the equation. Users are able to login through owa and I do have a proper 3rd party cert assigned to the site. Any help and ideas would be appreciated as I feel like I'm hitting a wall right now. Thanks.

Claymoore · 07-17-2009, 04:28 PM

This website is about to be your new best friend:

https://testexchangeconnectivity.com/

Just to be sure, is Outlook Anywhere enabled for the users on your 2007 server?

undomiel · 07-17-2009, 04:59 PM

Nice site, I definitely could have used that earlier this week.

Yes, Outlook Anywhere is enabled. Site did throw an error on pinging rpc endpoint 6001. The "fix it" link took me to an article I've already browsed for verifying the ValidPorts key and testing via telnet (which works internally). Just verified again and yes they are responding to telnet.

blargoe · 07-18-2009, 03:07 AM

Only thing I can think of... Check whether Basic or NTLM is set on the server side for Outlook Anywhere and verify that the client is using the same.

undomiel · 07-18-2009, 10:40 AM

That was my initial thought as well but I had verified the settings several thousand times with no success. Project's on hold now as things went from bad to worse with the mail database getting corrupted. Had to fix that then migrate those accounts off back to the old server. It was pie on the face of the IT department that day I tell you.

blargoe · 07-18-2009, 01:49 PM

We've all had days like that.

Can you tell us a little more about your setup? Is it a single 2003 server and a single 2007 server with HT/CAS/Mailbox?

undomiel · 07-18-2009, 03:48 PM

Bingo, single 2003 server to single 2007 server MB/CAS/HT. 2003 is a MS virtual server hosted on top of a DC. Note, I had nothing whatsoever to do with setting up that environment.

And one SonicWall that doesn't do port redirection so I've had to get tricky to have coexistence for access to both boxes since apparently webmail doesn't proxy but redirects when you have the CAS on the MB server. So it has been a bit of a pain from day one.

Claymoore · 07-20-2009, 12:24 PM

Corrupted mailbox stores are no fun.

Either by expanding the test results from the testexchangeconnectivity site or from the Test E-mail Autoconfiguration option in Outlook 2007, you can examine the XML data that is returned from the autodiscover service. There should be two sections that list the web services urls, one is EXCH and one is EXPR. The EXPR records should be the same as the ExternalURL property of the web services virtual directory when you do a get-webservicesvirtualdirectory | fl .

You want to make sure the URLs that are being returned are the same and are correct. Check for typos, http instead of https, resolvable/routable web address, correct authentication methods, SSL enabled, etc.

There seems to be some confusion about the difference between the InternalURL and ExternalURL settings. I was confused, MS support was confused, and the documentation was confused so there is some confusion. It turns out the ExternalURL site setting on the webservicesvirtualdirectory is ONLY advertised if Outlook Anywhere is enabled and is ONLY used by Outlook Anywhere. Documentation that tells you to set this for cross-forest availability is wrong (but should be fixed soon) - in every other case the InternalURL will be returned. When ISA is used to publish Autodiscover, the link translation settings will re-write the XML data and change https://autodiscover.domain.local to https://autodiscover.domain.com. The internal and external URL settings for OWA operated differently, and AFAIK the use/disuse of these settings for OWA CAS redirection works as documented.

blargoe · 07-20-2009, 01:00 PM

I assumed he was trying to set up the clients manually... are you using autodiscover?

undomiel · 07-20-2009, 02:40 PM

Clients are all set up manually. Unfortunately I won't be able to poke at this for a couple of weeks since people so freaked out on the Friday Failure. Still dealing with some fallout from that with some clients unable to redirect back to the old server. Fixing those manually one by one as they come in.

blargoe · 07-20-2009, 03:10 PM

You may be having a GC problem then... either that or exchange 2003 is configured manually to point to a DC that isn't a GC or something

royal · 07-22-2009, 11:48 AM

Windows 2008?
Exchange 2007 SP1 and Server 2008 issues and information | Elan Shudnow's Blog

undomiel · 07-22-2009, 01:06 PM

Yes, Server 2008. I'd already caught the IPv6 documentation and had that disabled. Made sure it was listening on those ports as well which it was. The buggy NTLM could apply though. Thanks for the list!

undomiel · 08-12-2009, 02:17 PM

Ok, finally have a resolution on this one. Answer? None of the above.

The OAB had to be recreated. Once that was done, replicated and assigned, everything else just fell into place. Time to start migrating users once again!