question

CharlesGerardLeMetayer-0725 avatar image
0 Votes"
CharlesGerardLeMetayer-0725 asked ·

Exchange 2010 to 2016 Migration - Autodiscover issue after mailbox move (401 and/or 302)

Hello,

I've got following issue after moving some mailboxes from 2010 to 2016 (CU17, Windows Server 2016).

Does someone already faced this and find a way to avoid this?

Step : migrate users from one 2010 database to a 2016 database.

Result : some users (a few) have 401 denied or 302 redirect answer from autodiscover. I'm not able to explain why (I've not noticed anything in the log).

Workaround I've found :

Databases are in a DAG.

Any ideas?


Thanks in advance for your help!

Sincerely,

Charles

office-exchange-server-administrationoffice-exchange-server-itprooffice-exchange-server-ha
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

charles-gerardlemetayer avatar image
0 Votes"
charles-gerardlemetayer answered ·

Hello @KaelYao-MSFT,

In fact, after going on reddit and some other forum, looks like a known issue during migration.

In the beginning, I thought resetting autodiscover IIS pool was enough. In fact, you have to reset autodiscover AND RPC pool too.

Then, impacted clients were able to retrieve correct configuration.

Thank you for your time.

Charles.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KaelYao-MSFT avatar image
0 Votes"
KaelYao-MSFT answered ·

Hi,Charles.
503 solved after moving again mailbox from one Exchange 2016 database to another
Do you mean that users also have the 503 error when open their mailboxes via Outlook? Please provide more detailed information, such as a screenshot if possible. (Notice: Please hide your personal information in the screenshot for security)

The problem may probably result from the Outlook Client continues to try to connect to the autodiscover service on Exchange 2010 server after migrated to Exchange 2016.
You need to change the DNS record of autodiscover service from Exchange 2010 to Exchange 2016.
And for domain-connected users, you also need to configure the scp record to point to Exchange 2016 server.

Below is the test in my lab.
It’s a co-existence environment of Exchange 2010 and Exchange 2016.
The “teste14” mailbox is created on Exchange 2010 and migrated to Exchange 2016.
When running a Test E-mail Configuration, we can see that Outlook first tries to connect to the autodiscover service on Exchange 2010 and failed.
21134-01.png


Then I run the following command on Exchange 2010 Server to set the scp record to point to Exchange 2016 server.

 Set-ClientAccessServer –Identity <Exchange 2010 Server name> -AutodiscoverServiceInternalUri https://<FQDN of Exchange 2016 Server>/autodiscover/autodiscover.xml

21148-02.png

Run the test again and it connects to Exchange 2016 directly.
21070-03.png


If the response is helpful, please click "Accept Answer" and upvote it.



01.png (28.0 KiB)
02.png (18.6 KiB)
03.png (19.3 KiB)
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CharlesGerardLeMetayer-0725 avatar image
0 Votes"
CharlesGerardLeMetayer-0725 answered ·

Hello,

Sorry, I think I didn't put enough information.


On exchange 2010, i've the following :

  • NLB for CAS array behind following DNS record : casarray.domain.tld

Outlook Anywhere
- Internal: - SSL : True
- External: webmail.domain.tld - SSL : False
Outlook Web App
- Internal: https://webmail.domain.tld/owa
- External: https://webmail.domain.tld/owa
Exchange Control Panel
- Internal: https://webmail.domain.tld/ecp
- External: https://webmail.domain.tld/ecp
Offline Address Book
- Internal: https://webmail.domain.tld/OAB
- External: https://webmail.domain.tld/OAB
Exchange Web Services
- Internal: https://webmail.domain.tld/ews/exchange.asmx
- External: https://webmail.domain.tld/ews/exchange.asmx
MAPI
- Internal:
- External:
ActiveSync
- Internal: https://webmail.domain.tld/Microsoft-Server-ActiveSync
- External: https://webmail.domain.tld/Microsoft-Server-ActiveSync
Autodiscover
- Internal SCP: https://webmail.domain.tld/Autodiscover/Autodiscover.xml

On 2016, I've following configuration :
Outlook Anywhere
- Internal: webmail.domain.tld - SSL : True
- External: webmail.domain.tld - SSL : True
Outlook Web App
- Internal: https://webmail.domain.tld/owa
- External: https://webmail.domain.tld/owa
Exchange Control Panel
- Internal: https://webmail.domain.tld/ecp
- External: https://webmail.domain.tld/ecp
Offline Address Book
- Internal: https://webmail.domain.tld/OAB
- External: https://webmail.domain.tld/OAB
Exchange Web Services
- Internal: https://webmail.domain.tld/EWS/Exchange.asmx
- External: https://webmail.domain.tld/EWS/Exchange.asmx
MAPI
- Internal: https://webmail.domain.tld/mapi
- External: https://webmail.domain.tld/mapi
ActiveSync
- Internal: https://webmail.domain.tld/Microsoft-Server-ActiveSync
- External: https://webmail.domain.tld/Microsoft-Server-ActiveSync
Autodiscover
- Internal SCP: https://webmail.domain.tld/Autodiscover/Autodiscover.xml

DNS for webmail.domain.tld is pointing to 2016 virtual IP (which is a Netscaler Server).
Only 2016 servers are presents in Netscaler.

I've listed SCP records in AD, all are pointing to webmail.
All 2016 databases have the new offline adress book.






21456-exemple-2.png



exemple-2.png (80.8 KiB)
· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Thank you for providing detailed information.
From the screenshot, it seems Outlook still connects to the NLB server which are set for Exchange 2010 CAS.
Could you also post the results of Test e-mail autoconfiguration?


If the response is helpful, please click "Accept Answer" and upvote it.


0 Votes 0 ·