Check boxes. My enemy of the last two weeks.
The first one, kept me working at a problem for the span of a solid day, and a significant amount of grief for what should have been an almost flawless migration from Exchange 2003 to Exchange 2010.
So why was a check box so painful? When it's not DOCUMENTED anywhere. I had read about 30 different walkthroughs, and 5 very good troubleshooting articles from technet and other sources, that all mentioned the same process, and things to look for. None of them mentioned the problem I was experiencing, and stating everything I did was correct, and should work flawlessly.
What was the problem I encountered? Exchange 2010 to Legacy authentication Proxying. How did this break things? Well it meant that all my users on the old system, had to change their phone configurations. Yes, my current company is small and the users are easy to manage, but this is enterprise grade software. Why the heck was this even happening? The answer? Once you hit the HTTPS of the new OWA/EWS/Active sync, it then use straight up HTTP to pass the information to the old exchange 2003 sub system. This being said, I couldn't find any of this useful information until about half a week later when migrating our CRM mail system to the new Exchange server.
All of the walkthroughs spoke of removing the "Force SSL" on the Active-Sync folder in IIS by unchecking the check mark under security settings. Now, they don't say anywhere else, but when troubleshooting the CRM Mail change (which now syncs with the webmail/EWS interface), I found a nice little tidbit stating the same I had already read a million times (The Remove Force SSL), but to ALSO remove it from the /Exchange folder. Well ROCK my WORLD! It worked for CRM!
Now, at this point, my brain starts to stir, and it dawns on me, this is why my authentication wasn't working, it was forcing SSL. So, I create an e-mail on the old server, and I setup the account on my phone. I point it to the new front end, put the password, and faster than I could hit enter, BING! So I send an e-mail from my mail client, Instantly shows up on phone (this was seriously laggy, at BEST, when I had it before). So I further test, by sending an e-mail. Low and behold, it sent! Yeah, an entire weekend of changing user phones over to legacy.company.com.... Could have been avoided by a check mark. Seriously.
Getting passed this, I now move on to migrating user mailboxes. This, goes fairly well. Till I got to my Manager/VP of IT Services. I move him, and overnight he says nothing sync'ed with his phone. Remove profile, read it (worked for all to date). Research leads to me seeing he doesn't have permissions to create his mailbox on the new server. Double U Tee Eff? He's setup as the only other Domain admin. How is this possible! So, after reviewing his permissions, I see that his AD Security settings no longer have a check mark under "inherit permissions"... So I check it, apply. As I did that, he yells over to me "Hey! It's working! I don't care what you did, make sure it doesn't happen again". Oh joy.
Mothers, Fathers, please have your kids check their verify check boxes. It's embarrassing when they trump you.
Regards,
Adam Melong