Outlook Anywhere - Exchange 2013 /2007 co-existence,certificate upgrade

Hi,

We are in process of migrating from Exchange 2007 to Exchange 2013 Servers.

To meet the migration requirements we have changed the standard single name SSL certificate with UCC Certificate having multiple SAN values using the exchange 2013 EAC wizard. Later on we applied the same certificate to both Exchange 2013 and 2007 CAS servers.

Outlook Anywhere was enabled since long on exchange 2007 servers and was working fine till we made the certificate change. After we make the change of certificate given were the error message we started encountering:

Another change which we noticed were of Domain Controllers names in the same AD site as exchange getting added to VALID PORTS key under given HASH:

HKLM\Software\Microsoft\RPC\RPCProxy

As per my understanding Valid ports entry is populated with all the mailbox servers in organization only until unless we define DC there, which we never did until now. I can also see values for Exchange 2013 mailbox server there.

And now since Valid ports entry contains reference for domain controller i have to made following registry entry on my domain controllers to make it work :

On the Global Catalog servers: a REG_MULTI_SZ  entry needs to be created on each GC named NSPI interface protocol sequences at HKLM\System\CCS\Services\NTDS\Parameters\ and the value set to ncacn_http:6004

I have tried modifying the Valid Ports entry manually and removing the domain controllers reference from there but then my Outlook Anywhere doesn't work anymore. Yes i know that RPCConfigurator again populate the entry every 15 minutes and i can turn it off,i have tried that but no luck.

Result of the above change now my CAS is directly speaking for my domain controllers which earlier mailbox server was doing through DSPROXY.

Can anyone suggest me what is happening wrong here...given are the environment details:

2 CAS +HUB Exchange 2007 SP3 RU13 server on windows 2003 R2

Exchange 2007 Mailbox Server SP3 RU13 SCC on Windows 2003 R2

Exchange 2013  CU5  CAS + Mailbox Server on Windows 2012 R2

Windows 2003 AD with mix of 2008R2 DC.

Regards,

Vishal Malhan