This article is an excerpt from the Exchange Server 2010 to 2013 Migration Guide.

With the correct SSL certificates installed on the Exchange 2013 servers we can now proceed with configuration of the Client Access server role.

Both of the Exchange 2013 servers deployed so far, EX2013SRV1 and EX2013SRV2, are multi-role servers, and need their Client Access roles configured.

Configuring Client Access URLs

The Client Access URLs are configured to match the namespaces that we planned earlier. Because the AutoDiscover URL was already configured immediately after Exchange 2013 was installed that only leaves:

  • Outlook Anywhere
  • Outlook Web App
  • Exchange Control Panel
  • ActiveSync
  • Exchange Web Services
  • Offline Address Book

These are easy to configure with a simple PowerShell script. Here is an example:

param(
	[Parameter( Mandatory=$true)]
	[string]$Server,

	[Parameter( Mandatory=$true)]
	[string]$InternalURL,

	[Parameter( Mandatory=$true)]
	[string]$ExternalURL
	)

Write-Host "Configuring Outlook Anywhere URLs"
Get-OutlookAnywhere -Server $Server | Set-OutlookAnywhere -ExternalHostname $externalurl -InternalHostname $internalurl -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true -DefaultAuthenticationMethod NTLM

Write-Host "Configuring Outlook Web App URLs"
Get-OwaVirtualDirectory -Server $server | Set-OwaVirtualDirectory -ExternalUrl https://$externalurl/owa -InternalUrl https://$internalurl/owa

Write-Host "Configuring Exchange Control Panel URLs"
Get-EcpVirtualDirectory -Server $server | Set-EcpVirtualDirectory -ExternalUrl https://$externalurl/ecp -InternalUrl https://$internalurl/ecp

Write-Host "Configuring ActiveSync URLs"
Get-ActiveSyncVirtualDirectory -Server $server | Set-ActiveSyncVirtualDirectory -ExternalUrl https://$externalurl/Microsoft-Server-ActiveSync -InternalUrl https://$internalurl/Microsoft-Server-ActiveSync

Write-Host "Configuring Exchange Web Services URLs"
Get-WebServicesVirtualDirectory -Server $server | Set-WebServicesVirtualDirectory -ExternalUrl https://$externalurl/EWS/Exchange.asmx -InternalUrl https://$internalurl/EWS/Exchange.asmx

Write-Host "Configuring Offline Address Book URLs"
Get-OabVirtualDirectory -Server $server | Set-OabVirtualDirectory -ExternalUrl https://$externalurl/OAB -InternalUrl https://$internalurl/OAB

A version of this PowerShell script can also be downloaded from Github – ConfigureExchangeURLs.ps1

Simply run the script using the Exchange Management Shell (from a server or workstation with the Exchange 2013 management tools installed) with the required parameters, for example:

[PS] C:Admin>.ConfigureURLs.ps1 -Server ex2013srv1 -InternalURL mail.exchangeserverpro.net -ExternalURL mail.exchangeserverpro.net

[PS] C:Admin>.ConfigureURLs.ps1 -Server ex2013srv2 -InternalURL mail.exchangeserverpro.net -ExternalURL mail.exchangeserverpro.net

Configuring OWA and ECP Authentication

The default authentication for Exchange 2013 OWA is forms-based. If you need to use a different authentication type then you should configure it now on the OWA and ECP virtual directories for your Exchange 2013 servers. The virtual directory configuration is found in the Exchange Admin Center in the Servers -> Virtual Directories area.

exchange-2013-owa-auth

For example, here I am changing the username format to UPN so that users can login with their “email address” (because the organization uses UPNs that match the primary SMTP address).

exchange-2013-owa-auth-02

Restart IIS

An IISReset of each server should also be performed so that the virtual directory changes can take effect.

[PS] C:Admin>iisreset ex2013srv1

Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted

[PS] C:Admin>iisreset ex2013srv2

Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted

Configure POP/IMAP Settings

If you are also using POP or IMAP in your environment you should configure those services as well. For each server set the X509 certificate name, and the internal/external connection settings.

[PS] C:\>Set-PopSettings -Server ex2013srv1 -X509CertificateName pop.exchangeserverpro.net -InternalConnectionSetting pop.exchangeserverpro.net:995:SSL,pop.exchangeserverpro.net:110:TLS -ExternalConnectionSettings pop.exchangeserverpro.net:995:SSL,pop.exchangeserverpro.net:110:TLS
WARNING: Changes to POP3 settings will only take effect after all Microsoft Exchange POP3 services are restarted on
server EX2013SRV1.

[PS] C:\>Set-PopSettings -Server ex2013srv2 -X509CertificateName pop.exchangeserverpro.net -InternalConnectionSetting pop.exchangeserverpro.net:995:SSL,pop.exchangeserverpro.net:110:TLS -ExternalConnectionSettings pop.exchangeserverpro.net:995:SSL,pop.exchangeserverpro.net:110:TLS
WARNING: Changes to POP3 settings will only take effect after all Microsoft Exchange POP3 services are restarted on
server EX2013SRV2.

Restart the POP services for the servers.

[PS] C:\>Invoke-Command -ComputerName ex2013srv1,ex2013srv2 {Restart-Service MSExchangePOP3}

The same basic process applies to IMAP as well.

[PS] C:\>Set-ImapSettings -Server ex2013srv1 -X509CertificateName imap.exchangeserverpro.net -InternalConnectionSetting imap.exchangeserverpro.net:993:SSL,imap.exchangeserverpro.net:143:TLS -ExternalConnectionSettings imap.exchangeserverpro.net:993:SSL,imap.exchangeserverpro.net:143:TLS
WARNING: Changes to IMAP4 settings will only take effect after all Microsoft Exchange IMAP4 services are restarted on
server EX2013SRV1.

[PS] C:\>Set-ImapSettings -Server ex2013srv2 -X509CertificateName imap.exchangeserverpro.net -InternalConnectionSetting imap.exchangeserverpro.net:993:SSL,imap.exchangeserverpro.net:143:TLS -ExternalConnectionSettings imap.exchangeserverpro.net:993:SSL,imap.exchangeserverpro.net:143:TLS
WARNING: Changes to IMAP4 settings will only take effect after all Microsoft Exchange IMAP4 services are restarted on
server EX2013SRV2.

[PS] C:\>Invoke-Command -ComputerName ex2013srv1,ex2013srv2 {Restart-Service MSExchangeIMAP4}

Testing the Client Access Server Configuration

Ideally we would test the new configuration before pointing any production users at it. However, to test in this case we would need to change the DNS records for our Client Access namespaces (autodiscover.exchangeserverpro.net and mail.exchangeserverpro.net) to resolve to the IP address of the Exchange 2013 servers. Since that would potentially have a negative impact on end users, instead we can use a hosts file to point a test PC at the new servers.

First, create a new user and mailbox on an Exchange 2013 database. This is performed using the Exchange Admin Center.

exchange-2013-test-user

Next, modify the hosts file on a test PC. The file is located in C:WindowsSystem32driversetc, and will require admin/elevated rights to modify.

exchange-2013-test-user-hosts-file

Note: Without a load balancer in place you may need to repeat your tests multiple times for each Exchange 2013 server IP. Later when the production cut over takes place you can use DNS round robin instead.

From the test PC logged in as the Exchange 2013 test user you should be able to launch Outlook and have the profile automatically configured to open the mailbox. While you’re logged in to the mailbox you may also like to do some send/receive tests between the Exchange 2013 test mailbox and some Exchange 2010 test mailboxes to verify that mail flow is working between the servers.

In the next part of this series we’ll look at configuring the Exchange 2013 Mailbox server role.

For more information see the Exchange Server 2010 to 2013 Migration Guide.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. vikas Bhadauria

    Hi Paur,

    Thanks for great helping articles all the time.

    we need one help we are in process of migrating users from EX2k7 to EX2K13 everything seems to be working fine except IMAP and POP.

    we have exchange server roles installed on different host not multi role servers. when we are trying to set imap setting and change internal and external URLs its showing error ” The ExternalConnectionSettings property is read-only when the Mailbox role: Mailbox service server role is installed.”

    Please help as when we are trying to configure outlook with IMAP its getting error “Log on to incoming mail server failed (IMAP). The connection to server was interrupted.

    Regards
    Vikas Bhadauria

  2. Reda

    Hi Paul,

    Below my Server Configuration

    # Outlook Anywhere Configuration

    InternalHostname : mail.domain.com
    InternalClientAuthenticationMethod : Ntlm
    InternalClientsRequireSsl : True
    ExternalHostname : webmail.domain.com
    ExternalClientAuthenticationMethod : Basic
    ExternalClientsRequireSsl : True
    IISAuthenticationMethods : {Basic, Ntlm}
    SSLOffloading : False

    # AutoDiscover Configuration

    Identity : E15Node1
    AutoDiscoverServiceInternalUri : https://mail.domain.com/Autodiscover/Autodiscover.xml

    # WebServices Configuration

    InternalUrl : https://mail.domain.com/EWS/Exchange.asmx
    ExternalUrl : https://webmail.domain.com/EWS/Exchange.asmx
    CertificateAuthentication :
    InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
    ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
    LiveIdNegotiateAuthentication :
    WSSecurityAuthentication : True
    LiveIdBasicAuthentication : False
    BasicAuthentication : True
    DigestAuthentication : False
    WindowsAuthentication : True
    OAuthAuthentication : True
    AdfsAuthentication : False

    I am in Coexistance phase, and when I applying instruction guide page 37, Launching Outlook 2013 Prompting password appear each time
    Is there a mismatch Configuration ?

    Many Thank’s Paul.

    1. Paul Cunningham

      That often means one of the URLs or namespaces being used is not included on the SSL certificate on the server.

      1. Reda BOUTBICHA

        Hi Paul,
        I have a WildCard Certificate
        When I recycle AppPool of Autodiscover & OAB & RpcProxy the prompt for Credential disappear
        I hope that the problem will not happen again
        Many Thank’s Paul

        1. Reda BOUTBICHA

          With Wildcard, Did I should apply the following two commands, or it is optional:

          Set-OutlookProvider EXPR -CertPrincipalName ” msstd : * demain.com . ”

          Set-OutlookProvider EXCH -CertPrincipalName msstd ” msstd : * demain.com . “

          1. Paul Cunningham

            As far as I’ve seen, wildcards will generally work just fine without doing those steps.

  3. Derrick

    I have changed the Autodiscover SCP URL on EX2010 to match that of EX2013. Both are now the same.

    I am just wondering if the provisioned Outlook clients will detect this change and update their server name automatically or will I need to do this manually.

    Currently they are still using the old URL. Does the CAS Array URL need to be changed also to have the Outlook clients on EX2010 update their server URL?

    1. Paul Cunningham

      The Autodiscover SCP URL is only for the Autodiscover service that clients connect to and query so they can discover the settings they should be using for things like Outlook Anywhere, Exchange Web Services, ActiveSync, the Offline Address Book and so on.

      As a HTTPS service, as long as the Autodiscover SCP URL you’ve configured is included on the SSL certificate on any Client Access server that the Autodiscover SCP URL resolves to in DNS then there should be no problems or surprises.

      The CAS Array name is not changed at any point during the migration.

  4. Derrick

    Thanks for all your help. So how would you suggest I resolve this issue at this time?

    Should I just migrate all the mailboxes to EX2013 and uninsatll the CAS role on EX2010? That would leave only one Autodiscover SCP correct?

      1. Derrick

        Will do, thanks a lot for all you help. You migration series along with your other posts are all very helpful.

    1. Paul Cunningham

      If the servers are in the same site, and they have different Autodiscover SCPs, then that is not the ideal situation and is probably the cause of your problem.

      Both 2010 and 2013 servers in the same site should have the same Autodiscover SCP configured. You can still manage where that resolves to with DNS and hosts files.

      1. Derrick

        I see, yes they are both in the same site currently. My issue is all the mailboxes are currently setup with the CAS Array hostname in Outlook. I believe if I change the EX2010 CAS Array hostname to match EX2013 I will need to manually update all the mailboxes.

        Is that correct?

        Is there any other way I can do this in the mean time while I complete the migration?

        1. Paul Cunningham

          The CAS Array hostname is not changed at any point in the migration.

  5. Derrick

    I have been following your guide for migrating EX2010 to EX2013. All is going well up to now.

    I have migrated a mailbox over to the EX2013 Server and adjusted the hosts file to allow for DNS to resolve to the EX2013 IP. When I start Outlook on the client machine it is still using the hostname of the EX2010 CAS Array.

    The problem with this is I am moving away from the EX2010 private hostnames and will use Split DNS for EX2013.

    Any ideas?

    1. Paul Cunningham

      So you’ve added the Exchange 2013 Outlook Anywhere name to the hosts file on the PC. And that name is different to the Exchange 2010 CAS Array name?

      When you say the client is still using the Exchange 2010 CAS Array, where do you mean? In the Outlook profile settings (the “server name”), or in the connection status, or somewhere else?

      Does the same problem occur for a brand new mailbox user created on the Exchange 2013 server?

      1. Derrick

        Yes, I have added the Outlook Anywhere URL to the hosts file (mail.domain.com). This hostname (mail.domain.local) is different than the EX2010 CAS Array hostname (outlook.domain.local).

        For the new EX2013 deployment I used a public SSL certificate with mail.domain.com and autodiscover.domain.com. WHat I am seeing with the mailbox I moved over is a SSL Certificate warnibg with the hostname of the EX2010 CAS Array (outlook.domain.local).

        Upon further investigation the EX2013 mailbox database seems to still be using the EX2010 CAS Array hostname. I have not been able to change this to a hostname that is present in the certificate. Not sure if its possible since EX2013 does not use CAS Arrays anymore.

        [PS] C:Exchange2013>Get-MailboxDatabase | select name,rpcclientaccessserver | ft -auto
        Name RpcClientAccessServer
        —- ———————
        Mailbox Database outlook.domain.local

        1. Paul Cunningham

          RPCClientAccessServer attribute on Exchange 2013 databases is irrelevant. It exists, but isn’t used.

          Where is the Autodiscover SCP pointing?

  6. Edwin

    I’ve got a question about OWA proxying. I setup 2 Exchange 2013 servers next to our Exchange 2010 servers, The idea is that we will move from 2010 to 2013 when all the users are on 2013 the namespace will be pointed to 2013 and 2010 will be removed. For this to work i need to have users with a mailbox on 2013 servers to access their mailbox trough 2010 OWA. Now i get a page saying that i need to access OWA through the following url “https://servername.domain.lan/owa” and that i should bookmark it. How do i set this up in order to keep using the Exchange 2010 CAS servers and 2010 OWA to formward proxy the users to 2013 OWA?

    Out of the box the other way around does work, logging in on the 2013 OWA page with a user that has it’s mailbox on 2010 does get proxied to the 2010 OWA.

    1. Paul Cunningham

      The 2010 CAS will not proxy to 2013 CAS no matter what you try to do.

      Configuring the correct namespaces on the 2013 CAS (they should be the same as the 2010 CAS in the same site) and then cutting over the namespaces by changing the DNS records will mean clients connect to Exchange 2013 CAS, log in, and are proxied (or redirected in the case of OWA) to 2010 as necessary.

  7. BrandonRAdmin

    Hello Paul,

    Question for ya. I have a DAG with 2 old members, and two I just added. The person who set this up set the CAS array ip address to be that of the DAG. There is no hardware load balancer for CAS in the envronment, so whichever server has the PAM/CAS Array ip address handles all of the client connections. In wanting to decommission the old 2 servers, I moved the PAM to the new server, thus moving the DAG and CAS array ip address to the new server. Thus this did not require any firewall/dns changes. Everything worked except for ActiveSync. When I did this ActiveSync stopped working completely for all mobile devices.

    Right now I am leaning towards an issue with SSL. Although it is the same actual certificate installed on all 4 servers, because the mailboxes on the phones were setup with the old server, I am assuming that by moving it to the new server, because the physical server was different, this would require us to remove and re-setup all of the mailboxes on all of the mobile devices.

    Am I correct in my assumption? Anyway to get around having to re-setup all of the mailboxes on all of the mobile devices?

    Thanks,

    1. Paul Cunningham

      The CAS array should not be pointing at the DAG IP and that is not a supported configuration. I can’t help you with any issues that arise from trying to maintain that config. Instead you should set up the CAS namespace/array/IP correctly.

  8. Erik Nettekoven

    Hi Paul,

    Some notes/suggestions from the field:
    Maybe it is an idea to include the correct authentication provider order in your guide. To prevent that users get credential popups in Outlook and/or Lync the provider order for the vDirs “EWS”, “Autodiscover” and “RPC” need to be NTLM,Negotiate, the default is Negotiate,NTLM.

    Furthermore this provider order will be reset when you apply a CU to your Exchange 2013 server, very annoying!

    Regards,

    Erik

  9. Luke C.

    This issue was solved for my scenario by using the registry edit provided in Microsoft Article KB319206. http://support.microsoft.com/en-us/kb/319206.

    Adding the Closest GC entry fixed my issue with not being able to connect outlook when a user is created on or migrated to Exchange 2013 from Exchange 2010.

    Any suggestions as to why this Closest GC edit is needed only for the 2013 server??

  10. Mike

    Hi Paul, like always great article.
    Whats your take on the authentication methods – keep the defaults after the installation or change it do something particular?

    I configured OWA and ECP like this:
    Set-ecpVirtualDirectory -Identity “MXS01ecp (Default Web Site)” -BasicAuthentication $true -FormsAuthentication $false -ExternalAuthenticationMethods ‘Ntlm’, ‘WindowsIntegrated’

    this caused problems with using some services inside ECP – getting blank pages.

    Now I use the defaults:
    InternalAuthenticationMethods : {Basic, Fba}
    BasicAuthentication : True
    WindowsAuthentication : False
    DigestAuthentication : False
    FormsAuthentication : True
    LiveIdAuthentication : False
    AdfsAuthentication : False
    OAuthAuthentication : False
    ExternalAuthenticationMethods : {Fba}

    any suggestions?

    Thanks!

  11. Luke C.

    Thanks Paul,

    I set the order to have NTLM first for Windows Auth, but it did not help.

    Here are the Authentication types that are enabled for EWS.

    EWSDefault Web Site – Anonymous Auth = Enabled
    EWSDefault Web Site – Windows Auth = Enabled
    EWSExchange Back End – Anonymous Auth = Enabled
    EWSExchange Back End – Windows Auth = Enabled

    Regards,

  12. Luke C.

    Correct. Outlook setup still fails for Ex2013 mailboxes. I’m thinking authentication issue somewhere, maybe.

    1. Paul Cunningham

      Check the provider order for Windows Auth on the /EWS virtual directory (in IIS admin console).

      If NTLM is not first try moving it to first place.

  13. Erik

    But this:
    “– GetLastError=0;httpStatus=200.
    – Autodiscover URL redirected to https://autodiscover.domain.com:443/autodiscover/username..domain.com/autodiscover.xml Succeeded”

    is actually not an error. httpStatus=200 means OK/Succeeded. But I guess you are still not able to setup an outlook profile for an Exchange 2013 mailbox?

  14. Luke C.

    Yes. Same issue.

  15. Luke C.

    I have Autodiscover and Mail pointed to Ex2013 internally now. I flushed DNS on both servers and verified they are correctly resolving Mail and Autodiscover. Navigating to https://autodiscover.domain.com/autodiscover/autodiscover.xml results in a 600 code. Navigating to https://exchange2013.domain.com/autodiscover/autodiscover.xml results in Cannot Display Web Page. Assume you meant https://Exchange2013.domain.local/autodiscover/autodiscover.xml which results in a 600 code.

    I have noticed that there is no OAB entry in the Autodiscover XML code. Not sure if that is relevant or not.

    Regards,

    1. Erik

      Have you tested an Outlook client as well?

  16. Luke C.

    External DNS points to an external IP of my firewall which routes to the 2010 server. Internal DNS is currently pointing Autodiscover to the 2010 server as well. The entry is a Host (A) record. I have a record for Mail internally as well pointing to Ex2010. I have tried changing these to point to the 2013 server in the past and it did not help any then. I do not want to point external DNS over to Ex2013 yet because unfortunately this is my production environment. My test environment worked without issues. I would like to have this Outlook issue resolved before pointing external DNS to the Ex2013 server. I.E. the need for the Host file entries. I’m I correct or am I missing something?

    Regards,

    1. Erik

      You can leave the external DNS A records pointing to 2010 for now, but try to find a test window where you point the internal DNS A records to the exchange 2013. Make sure these changes are replicated and do a flush DNS on all your exchange servers. You have changed some settings (SCP/autodiscoverUri), so it is worth it to test it again.

      To my knowledge/perception autodiscover will not work if DNS is pointing to the incorrect exchange server.

      Another thing you could try is open https://exchange2013.domain.com/autodiscover/autodiscover.XML in an internet browser. If you receive a 600 code, autodiscover is working.

  17. Luke C.

    Thanks Erik,

    I changed the Ex2010 servers AutodiscoverUri to https://autodiscover.domain.com/autodiscover/autodiscover.xml. This also appears to have updated the SCP entry. Unfortunately, It did not help any. Only thing that changed is when I do the Test Email Autoconfiguration the “Attempting URL https://ex2010.domain.local/autodiscover/autodiscover.xml found through SCP” changed to https://autodiscover.domain.com/autodiscover/autodiscover.xml as expected. It still fails and moves on to the Ex2013 SCP entry where it succeeds (same as my original post).

    Regards,

    1. Erik

      Hi Luke (and maybe troy as well),

      You are also talking about a host file. Does that mean you did not configure DNS to have autodiscover.domain.com point to the IP address op the 2013 CAS server?

      Regards,

      Erik

  18. Luke C.

    Ex2010.domain.local is indeed the Exchange 2010 server.

    I have the AutodiscoverServiceInternalUri for the 2013 server pointed to https://autodiscover.domain.com/autodiscover/autodiscover.xml. I have all the VDir’s pointed to https://mail.domain.com/xxx both internally and externally (where xxx is the corresponding data for the VDir). I have my host file setup to point mail.domain.com and autodiscover.domain.com to the internal IP of the Ex2013 server to test. When I open OWA it opens to 2013. I can login with a 2013 account and it opens fine. I can log in with a 2010 account, it proxies and logs in to 2010 OWA fine. If I open Outlook and setup an account that is on 2010 the profile creates just fine and connects like normal. If I open Outlook and setup a profile for a 2013 account it fails at the logon step as described in my post above. I have all the updates applied to my Outlook 2010 as well. I have tried using Outlook 2013 as well.

    As always your assistance is greatly appreciated,
    Best Regards,

    1. Erik

      This sounds to me like you have not updated the autodiscoverUri for the exchange 2010 server and/or the SCP is pointing to ex2010.domain.local. Change the SCP to point to autodiscover.domain.com. do the same for the 2010 autodiscoverUri (if applicable)

      Regards,

      Erik

  19. Luke C.

    Correction to my post above…

    Log:
    – Attempting URL https://Ex2010.domain.local/autodiscover/autodiscover.xml found through SCP.
    – Autodiscover to https://Ex2010.domain.local/autodiscover/autodiscover.xml starting
    – GetLastError=0; httpStatus=302.
    – GetLastError=0; httpStatus=401.
    – GetLastError=0; httpStatus=302.
    – Autodiscover to https://Ex2010.domain.local/autodiscover/autodiscover.xml failed (0x800C8204)
    – Autodiscover URL redirected to https://autodiscover.domain.com:443/autodiscover/username..domain.com/autodiscover.xml
    – Autodiscover URL redirected to https://autodiscover.domain.com:443/autodiscover/username..domain.com/autodiscover.xml starting
    – GetLastError=0;httpStatus=200.
    – Autodiscover URL redirected to https://autodiscover.domain.com:443/autodiscover/username..domain.com/autodiscover.xml Succeeded

    1. Paul Cunningham

      If “ex2010.domain.local” is the name of your Exchange 2010 server then I would suggest that the issue is likely that your Autodiscover URI is not correctly pointing to your Exchange 2013 CAS.

  20. Luke C.

    Hello Paul,

    I am having the same issue that Troy Nilsson is having above. Any test mailboxes that are on the Ex2013 server produce the MS Exchange Server is unavailable.

    After I receive the MS Exchange Server is unavailable message I can continue where I am presented the accounts setting screen where it shows:

    Server: GUID@domain.com
    User Name: =SMTP:user@domain.com

    If I change the GUID@domain.com to the FQDN of the Ex2010 server, the server and user name resolve and then I am able to successfully connect Outlook.

    When I do a Test Email AutoConfiguration… on an account that is on the Ex2013 server I get a failed on the Autodiscover found through SCP. It then successfully connects when it uses the Autodiscover from the Ex2013 url.

    Log:
    – Attempting URL https:///autodiscover/autodiscover.xml found through SCP.
    – Autodiscover to https:///autodiscover/autodiscover.xml starting
    – GetLastError=0; httpStatus=302.
    – GetLastError=0; httpStatus=401.
    – GetLastError=0; httpStatus=302.
    – Autodiscover to https:///autodiscover/autodiscover.xml failed (0x800C8204)
    – Autodiscover URL redirected to https://autodiscover.domain.com:443/autodiscover/username..domain.com/autodiscover.xml
    – Autodiscover URL redirected to https://autodiscover.domain.com:443/autodiscover/username..domain.com/autodiscover.xml starting
    – GetLastError=0;httpStatus=200.
    – Autodiscover URL redirected to https://autodiscover.domain.com:443/autodiscover/username..domain.com/autodiscover.xml Succeeded

    I have not pointed my NAT to the Ex2013 server yet. I have the host file modified for testing.

    Any suggestions would be greatly appreciated.

    Best Regards,

    1. Vaseem

      Its late to post reply on issue face by Luke, but in my case similar issue in which Outlook Profile does not get configured and shows =SMTP:user@domain.com.
      I had to set “Default offline address book” to the Exchange 2013 Address Book on the database where users mailbox is.

  21. Luis Henriques

    Hello Paul,

    Great article.

    I have on doubt. I have 1 Exchange 2010 server, and now i’m installing a 2 Exchange 2013 server, both multirole, and located in 2 diferente sites.
    Only one of the sites will be responsible for the external outbound /inbound mail flow.
    Do i have to configure Client Access URLs for both sites?

    Regards,

    Luis

    1. Paul Cunningham

      Yes.

      CAS URLs relate to client access methods such as Outlook, OWA, ActiveSync…

      In/out mail flow is a Transport function, controlled with things like Send Connectors and MX records.

      CAS URLs and mail flow are not directly related to each other.

  22. Erik

    Hi Paul,

    I really appreciate your migration articles, there are clear and easy to follow. It only lacks proper navigation, I have to go back to the index page before I can continue to the next page. So all I am missing are the links on each page 🙂

    Regards,

    Erik

  23. Troy Nilsson

    Excellent article. I have issues with my test users connecting to Outlook. I have followed your guide amongst others. I have an existing 2010 server and have introduced a 2013, installed a 3rd party cert and, I have configured the URLs etc including the Autodiscover. Webmail works, mailing is flowing etc

    On a computer I have added entries to the Host file:

    192.168.X.X mail.domain.com
    192.168.X.X autodiscover.domain.com

    Everything appears to work apart from Outlook. If I create a new user on 2013 server and start Outlook it:

    Establishes network connection – Tick
    Searching for Test.User@domain.com settings – Tick
    Logging on to the mail server: The action cannot be completed. The connection to Microsoft exchange is unavailable. Outlook must be online or connected to complete this action.

    The other test is with a test user on 2010, logged onto the computer started Outlook created profile successfully so it all works, then moved the user to 2013, start up Outlook and it is disconnected. The connection status is still showing the 2010 server name instead of the 2013 server.

    Test AutoConfiguration fails on autodiscover:

    Attempting URL https://autodiscover.domain,com/autodiscover/autodiscover.xml found through SCP
    Autodiscover to https://autodiscover.domain,com/autodiscover/autodiscover.xml starting
    Getlasterror=0; httpStatus=502
    Autodiscover request completed with http status code 502
    Autodiscover to https://autodiscover.domain,com/autodiscover/autodiscover.xml failed (0x80004005)
    Getlasterror-12175; httpStatus=0
    Autodiscover to https://domain.com//autodiscover/autodiscover.xml failed (0x80072EF3)
    ETC ETC ETC

    Note that on the 2013 server autodiscover is configured as:
    https://autodiscover.domain,com/autodiscover/autodiscover.xml

    2010 sever is:
    https://domain.com//autodiscover/autodiscover.xml

    Any ideas on where to start looking for this would be much appreciated.

    Thanks,
    Troy

    1. Erik

      Hi Troy,

      Just to be sure the domain,com (domain comma com) is a typoh, the “,” is not in your real URL, is it?

      Regards,

      Erik

  24. Jibril Mahmud

    Hello Paul,
    we just deployed exchange 2013 in our environment, mails can be send from test mailbox from exchange 2013 to any email address, all the configuration virtual directory from 2010 were transfer to 2013. the problem the 2010 and 2013 do not proxy each other. outlook client cant be configure .
    all the settings are the same as 2010.

  25. Mike Ware

    Hey Guys I installed Exchange 2013 SP1 in an Existing Exchange 2010 (SBS2011) Environment and believed to follow the migration steps but I cannot get the OWA externally to go to the New Exchange 2013, it still goes to Exchange 2010 OWA…can you give me any direction on how to resolve this?

    1. Paul Cunningham

      Have you updated your firewall to NAT the incoming HTTPS connections to the Exchange 2013 server?

  26. Roberto Oviedo

    Hello Paul

    Great article, I follow your blog for some time and it has helped me a lot in my migration projects, I have a question regarding the migration of the CAS servers.

    Currently I have two CAS servers in a CAS Array 2010 and WNLB who do you recommend when it reaches the stage of migration:

    *Add to existing WNLB 2013 CAS servers

    *Create a new WNLB with CAS 2013 and make changes in URLs and databases.

    Thank you.

    Greetings.

    1. Paul Cunningham

      No, don’t add them to the existing WNLB, that will not work.

      I also don’t recommend setting up a new WNLB for Exchange 2013. WNLB is the worst load balancing option available to you, in my opinion. Use a hardware or virtual load balancer appliance, or use DNS round robin.

  27. Lucy Butler

    Hello,
    Thank you very much for the wonderful explanation about how to do the migration to Ex 2013. I am working on this process in my company and I have done everything but I can send emails from our Ex2010 to EX2013 users but not vice versa. Any ideas? Please help.
    Thanks,
    Lucy

Leave a Reply