Ask a question

The Mailbox server role in Exchange Server 2016 is the only mandatory server role, and the consolidation reinforces the recommended practice since Exchange Server 2010 to deploy Exchange as a multi-role server instead of deploying individual roles to separate servers.

This sounds like a DNS issue or wrong routing. If your new server is on mail.domain.com you must make sure that port 443 for the public IP address is routed to the internal IP address of your new server.

You probably need to setup a new profile on those phones.

In addition to the above pls use Microsoft Microsoft Outlook: Organize Your Email & Calendar - Apps on Google Play or ‎Microsoft Outlook on the App Store

Many thanks for your responses, Mariëtte !  Much appreciated.

However, apologies for the blind panic - I had just received a phone call from an irate executive, and couldn't see the wood for the trees.  ;-) 

I had already moved port 443 to the new Exch2016 server and had confirmed it was coming in through the router/firewall.  However, I did find a DNS forwarder and had missed an _ldap entry pointing to the old SBS, on the new ws2016 server that I've now removed.

The Microsoft Remote Connectivity Analyzer check yesterday did reveal two issues:
- Firstly the web-site people have a Let's Encyrpt certificate on the domain name (bloggs.co.uk) that redirects it to a different domain (joebloggs.com), so that lookup stage fails.

- The Analyzer then finds the autodicover record for the real mail-server address: mailgate.bloggs.co.uk.  It correctly validated the new Sectigo UC-certificate, then tried to establish an ActiveSync session, but this failed when testing the OPTIONS command: "An HTTP 403 forbidden response was received. The response appears to have come from IIS7 …".
Searching the 'Net indicated this is a 'known issue' if a user account with administrative rights is used for the RCA check.  Since mine has, I created a new account on an Android tablet in the name of another user and this connected and downloaded that user's mailbox successfully.  I tried today with another user having admin rights, and that also worked on my tablet, but trying to create a new account in my name still doesn't connect - but I only use it for testing, so that is not important.

I now need to see if you have a tutorial for migrating the new DC from ws2016 to ws2019, and then to find the courage for the Exch2016 to Exch2019 migration.

I hope you manage to get some peace over the festive break, Mariëtte.

Scratch that penultimate sentence.  It seems impossible to remotely connect and create a new Outlook 2010 account to a user's mailbox.  Will need to fix this before anything else can happen.

Is the old Exchange still around? If that is he cause and everything has been migrated uninstall old Exchange! Pfff, I have never felt as tired as I do now to be honest after all the food and drinks :)

Sorry, missed your reply.

No, the SBS-2011 VM is dead.  Exch2010 (SBS2011) was uninstalled, SBS demoted, removed from the domain, and deleted off the host server.

Clutching at straws?  Maybe this: The only issue that I really had during the sbs2011 to ws2016 and Exch2016 migration was with Part 13 (Configure Split DNS for Exch2016) under your "Migrate Exch2010 (from SBS2011) to new Exch2016 on ws2016" guide.  When I tried to add the new DNS zone for 'mailgate.domain.co.uk', it complained that this already zone existed.

If 'mailgate.domain.co.uk' already existed then this raises the question if the old SBS also used the same URL? Or was it remote.domain.com?

It was also "mailgate.domain.co.uk" <- obviously a made up name, but that's the format that it had.  The new Sectigo UC certificate was requested under the old SBS, and then imported into Exch2016.  It has three entries 'mailgate.domain.co.uk', 'domain.co.uk' and 'autodiscover.domain.co.uk'.

Can you check if you have a Host A record for 'autodiscover.domain.com'? If so, delete it and create a CName record for that and check this for an example 

• https://mxtoolbox.com/SuperTool.aspx?action=srv:_autodiscover._tcp.numinous-travel.com
• https://mxtoolbox.com/SuperTool.aspx?action=cname:autodiscover.numinous-travel.com (will be active in one hour from now)
• https://mxtoolbox.com/SuperTool.aspx?action=mx:numinous-travel.com

Thanks. I'm not sure if the attached outputs from mxtoolbox helps.

Note 1: I do not have access to the DNS records.

Note 2: The second mail-server 'mx01.hallwatts.co.uk' doesn't exist as such.  I is rerouted by the firewall to the same internal server as the new Exch2016.

Note 3: I haven't yet found the setting to change the SMTP banner - currently it will be the old SBS name "HW02.hwuk.local"

It looks like https://mailgate.hallwatts.co.uk/owa resolves to your new Exchange Server 2016 so that is OK. If you still have problems with phones try to create a new profile and use Microsoft Outlook from the Play Store or from Apple store.

That SMTP banner issue can be changed on the Connectors in EAC

Sorry for the delayed response, but many thanks for your help.  I has to stop working on Exchange and get the domain controller moved to ws2019.

The Android Outlook had identical issues connecting to the mailboxes, but I had no way to test via Apple devices.

However, I believe I've now found the cause of the inability to remotely connect to mailboxes using Outlook 2010.  … fingers crossed …Fortunately, I've now successfully created and connected to various user account mailboxes from my remote laptop, and will talk to the guys over the next days to check that they also can.