2007 to 2010 - all working apart from ActiveSync

[Stevehewitt]

Hi Guys,

Exchange 2007, all roles on a single server and a 3rd party product for the SMTP gateway (MailMarshal) that's setup as a SmartHost in Exchange.

Just built a 2010 box on SP2. Moved a test user across and all mail delivery works fine. All good.

However we have a number of Windows Phone devices that connect via ActiveSync.

activesync.domain.com points to the firewall which NAT's to the 2007 CAS IP. The activesync.domain.com address is specified in the ExternalURL of the ActiveSync config within Exchange.

Works fine on 2007, always has.


However our test user who is on EX2010 is registering with Exchange via ActiveSync, however just sits "syncing" in Outlook on the mobile device. In the IIS logs on the 2007 server I am seeing:

2013-01-18 12:24:35 172.16.8.161 OPTIONS /Microsoft-Server-ActiveSync/default.eas User=test.user&DeviceId=DEBC97F049768F243D0541EF7A260A6E&DeviceType=WindowsPhone&Log=RdirTo:https%3a%2f%2factivesync.domain.com%2fMicrosoft-Server-ActiveSync_Error:MisconfiguredDevice_ 443 domain.local\test.user 213.xxx.169.xx MSFT-WP/7.10.8858 451 0 0 265


The Error:MisconfiguredDevice_443 seems to be a rather good starting point but I'm not getting anywhere in researching it.

I would have thought that the Exchange 2007 box gets the ActiveSync request, realises that the MB is on the 2010 box and redirects or proxies to the 2010 DB server. However I can't find any entries for ActiveSync in the IIS logs on the 2010 server....

Any suggestions?!

Steve.

"They have the internet on computers now!" - Homer Simpson

 

[Stevehewitt]

Seems that you can't proxy with Ex2007 to a 2010 environment. Need to have a 2010 CAS internet facing box with valid SSL cert on it, DNS name etc. Put nothing into the ExternalURL field and ensure WinAuth is enabled on the ActiveSync virtual directory - voila.

Steve.

"They have the internet on computers now!" - Homer Simpson

 

[fuego007]

The proper solution is to point your external DNS entry for CAS (OWA, etc.) to the 2010 CAS, then let 2010 CAS redirect connections for users still on 2007 to the 2007 CAS. All that is required to make the redirection work is a DNS entry A record for 'legacy' with the IP address(es) of your 2007 CAS. Just make sure both 2010 and 2007 CAS are set to use Forms based authentication for OWA (and ECP on 2010). If you have an ISA server between the 2007 CAS and the internet, this won't work (ISA does not support Ex 2010).

When all else fails, read the book!

 

[Shad007]

Fuego, can you explain what you mean by ISA not supporting EX2010? I currently run an internal Ex2010 server (all roles) on the local network with a listener and SSL cert sitting on ISA2006 handling OWA and all activesync forwarding without any issues?

 

[ShackDaddy]

Yes, ISA 2006 is supported with Exchange 2010, but I think Fuego is specifically talking about the legacy forwarding functionality that redirects to the Exchange 2007 CAS server if the mailbox is not on Exchange 2010. That works with ISA too, but the Exchange task wizard in ISA won't properly configure things--you have to set up the listener config manually and also have two separate namespaces.

http://blogs.technet.com/b/exchange/archive/2009/12/17/3409102.aspx

Dave Shackelford
ThirdTier.net
TrainSignal.com