Dear readers,
Currently we are in the preparation phase of the migration from Exchange 2010 to Exchange 2013. I have followed the Exchange Deployment Assistant, but unfortunately it does not work as expected.
I think i might have created an autodiscover loop and I don’t know how to fix it. Our setup
2x 2010CAS 192.168.2.10, 192.168.2.11
2x 2010MBX 192.168.2.20, 192.168.2.21 (DAG01)
2x 2013CAS 192.168.2.110, 192.168.2.111
2x 2013MBX 192.168.2.120, 192.168.2.121 (DAG02)
autodiscover.ourextdomain.com for internal clients point to 192.168.2.110
webmail.ourextdomain.com for internal clients point to 192.168.2.110
For now company policy does not allow making the Exchange services available externally. So all the clients only connect internally (on the corporate network or using VPN), also webmail is only accessible internally.
On all the CAS servers (meaning both 2010 and 2013) I have set the internal and external URL for every service (EWS, ECP, OWA, OAB, ActiveSync, Autodiscover, Outlook Any Where) to point to the same external domain: webmail.ourextdomain.com and autodiscover.ourextdomain.com. (This is how I interpreted it from the Exchange Deployment Assistant).
If an internal Outlook 2010 user tries to use autodiscover to connect to his mbx on 2010, he gets httpstatus 401 and 401 errors and autodiscover to <url> failed 0x80004005, 0x800C8203 and is unable to successfully connect. An outlook 2010 user with a 2013 mbx can connect successfully.
If I change autodiscover.ourextdomain.com to point to 192.168.2.10, it is the other way around. The outlook 2010 user with 2010 mbx can connect, but the outlook 2010 user with 2013 mbx cannot.
My guess is that the configuration for the internal and external URLs is not correct, but I am not sure how to fix this. Does anyone have an idea? We have a third part wildcard certificate which I installed on all the CAS servers. This gave certificate errors at first, for some reason clients were still trying to connect to a .local server address. This seems to be fixed after I re-created the Autodiscover vdirs.
As we have had a lot of issues with the certificate (a lot of calls at the service desk) I am a little less enthusiastic about changing the internal and external URLs again, until I am a little more certain it is the right change to make.
Maybe useful info:
- Exchange 2010 did not have Outlook Anywhere enabled until I started following the Exchange deployment assistant
- Exchange 2010 has been an upgrade from Exchange 2003 (there are no Exchange 2003 servers anymore, as than I would not be able to start the 2013 installation at all).
- Running Exchange 2010 SP3 ur7, migrating to Exchange 2013 cu6
Anyone any ideas or pointers in the right direction?