I'm in the middle of a migration from Exchange 2007 to Exchange 2013 and have hit a snag that's baffling me. I've been using the excellent instructions at
http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part1.html as a template, and they've worked fine for our small organization up until I tried to connect
Outlook 2013 to a test mailbox on the new Exchange 2013 server (page 13 of the above article). No matter what I do, it won't connect.
This is a small environment with only a single Exchange server under normal circumstances. Now we have the old 2007 server and the new 2013 server coexisting until the migration is done. Mail flow between the two servers seems to be fine, and I can send and receive mail on the test mailbox using OWA on the 2013 server. I just can't connect Outlook to it.
When I try to create a new Outlook profile for the 2013 mailbox, something odd happens. If I use "EX2013" as the server name, it doesn't find the server or mailbox. (DNS has no problem resolving the server name correctly.) If I type "EX2007" (the old server name) it [i]does[/i] resolve... but it fills in the server name of EX2013.internal-domain.org. It's supposed to fill in a server name of <mailbox GUID>@email-domain.com, but it doesn't. I then get this message: "Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange has failed."
If I run test-OutlookWebServices on EX2013, I get failure on the autodiscover test and "skipped" on the remaining ones. Specifically, I get this error:
System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at
Microsoft.Exchange.Management.SystemConfigurationTasks.ServiceValidatorBase.InternalInvoke()
at
Microsoft.Exchange.Management.SystemConfigurationTasks.ServiceValidatorBase.Invoke()
If I run test-OutlookWebServices on EX2007, I would get the same result until I disabled loopback check (as a test) per the article athttp://support2.microsoft.com/default.aspx?id=896861. With the loopback check disabled on EX2007 I get further, but then there's an error 1013 that says, "[EXPR]-Error when connecting to https://mail.maildomain.com/Rpc received the error The server committed a protocol violation. Section=ResponseStatusLine". This is followed by an error 1017 about contacting the RPC/HTTP service at the same address.
I've disabled IPv6 on the EX2007 server since it has been suggested as a possible culprit in this kind of scenario (seehttps://support.microsoft.com/kb/2794253?wa=wsignin1.0).
I've also tried modifying the hosts file on both the client and EX2013 in an effort to connect to it directly (autodiscover and all internal mail server names pointing to EX2013, bypassing EX2007 altogether), but I get the same result.
Domain names are as follows (modified to protect my client):
Old server: EX2007.internal-domain.org
New server: EX2013.internal-domain.org
E-mail addresses: <user>@email-domain.com
External: mail.external-domain.com
SCP (both servers): https://autodiscover.email-domain.com/autodiscover/autodiscover.xml
Yes, that's three different domain names we're dealing with. It's not my choice to do it that way, but it's what we've got in place. Outlook Anywhere is not being used externally, though, so that simplifies things somewhat.
The following is in the SSL certificate:
mail.external-domain.com (and this is the certificate name)
EX2007.internal-domain.org
EX2013.internal-domain.org
autodiscover.email-domain.com
Internally I have split DNS to point mail.external-domain.com to the EX2007 server. The autodiscover.email-domain.com address points to the EX2007 server, but as I said above, I tried pointing that name to EX2013, and it made no difference I could see.
I figure I must be missing a permissions issue or a domain name mixup somewhere, but nothing I've tried has fixed it, and I've hit a dead end on knowledge base articles and existing answers I've found in support forums. Anybody have any ideas?
This is a small environment with only a single Exchange server under normal circumstances. Now we have the old 2007 server and the new 2013 server coexisting until the migration is done. Mail flow between the two servers seems to be fine, and I can send and receive mail on the test mailbox using OWA on the 2013 server. I just can't connect Outlook to it.
When I try to create a new Outlook profile for the 2013 mailbox, something odd happens. If I use "EX2013" as the server name, it doesn't find the server or mailbox. (DNS has no problem resolving the server name correctly.) If I type "EX2007" (the old server name) it [i]does[/i] resolve... but it fills in the server name of EX2013.internal-domain.org. It's supposed to fill in a server name of <mailbox GUID>@email-domain.com, but it doesn't. I then get this message: "Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange has failed."
If I run test-OutlookWebServices on EX2013, I get failure on the autodiscover test and "skipped" on the remaining ones. Specifically, I get this error:
System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at
Microsoft.Exchange.Management.SystemConfigurationTasks.ServiceValidatorBase.InternalInvoke()
at
Microsoft.Exchange.Management.SystemConfigurationTasks.ServiceValidatorBase.Invoke()
If I run test-OutlookWebServices on EX2007, I would get the same result until I disabled loopback check (as a test) per the article athttp://support2.microsoft.com/default.aspx?id=896861. With the loopback check disabled on EX2007 I get further, but then there's an error 1013 that says, "[EXPR]-Error when connecting to https://mail.maildomain.com/Rpc received the error The server committed a protocol violation. Section=ResponseStatusLine". This is followed by an error 1017 about contacting the RPC/HTTP service at the same address.
I've disabled IPv6 on the EX2007 server since it has been suggested as a possible culprit in this kind of scenario (seehttps://support.microsoft.com/kb/2794253?wa=wsignin1.0).
I've also tried modifying the hosts file on both the client and EX2013 in an effort to connect to it directly (autodiscover and all internal mail server names pointing to EX2013, bypassing EX2007 altogether), but I get the same result.
Domain names are as follows (modified to protect my client):
Old server: EX2007.internal-domain.org
New server: EX2013.internal-domain.org
E-mail addresses: <user>@email-domain.com
External: mail.external-domain.com
SCP (both servers): https://autodiscover.email-domain.com/autodiscover/autodiscover.xml
Yes, that's three different domain names we're dealing with. It's not my choice to do it that way, but it's what we've got in place. Outlook Anywhere is not being used externally, though, so that simplifies things somewhat.
The following is in the SSL certificate:
mail.external-domain.com (and this is the certificate name)
EX2007.internal-domain.org
EX2013.internal-domain.org
autodiscover.email-domain.com
Internally I have split DNS to point mail.external-domain.com to the EX2007 server. The autodiscover.email-domain.com address points to the EX2007 server, but as I said above, I tried pointing that name to EX2013, and it made no difference I could see.
I figure I must be missing a permissions issue or a domain name mixup somewhere, but nothing I've tried has fixed it, and I've hit a dead end on knowledge base articles and existing answers I've found in support forums. Anybody have any ideas?