So I just Migrated a client from Exchange 2007 to 2013. Migration went well, Exchange 2007 uninstalled successfully but I was getting reports back that about 15 users of 300 were unable to get email on their phones or iPads. Did some major recon on this and after many hours of trying everything this is what I did to fix it.

 

A little background in my environment

– Migrated from Exchange 2007 to 2013

– 2013 Exchange is running SP1 which is installed on Server 2008 R2 Standard SP1 with all updates

– Exchange 2007 was successfully uninstalled

– On Exchange 2013 I have a wildcard certificate

– Only about 15 of 300 users are affected

– Inheritable Permissions is checked on all the users. (Also restored the default permissions)

– Everything else works for these 15 users except Active Sync. (RPC, OWA, Outlook all good)

– If I run iisreset on the exchange 2013 server those users start to work for a short period of time

– Exchange 2013 Event logs don’t show any errors related to any of this

–  Also tried disconnecting and reconnecting the mailboxes with no luck

 

 

The error in TestExchangeConnectivity.com was

An HTTP 500 response was returned from Unknown.
Headers received:
request-id: a0c6710d-1240-459c-a356-30dd4db5c4f1
X-CasErrorCode: DatabaseGuidNotFound
X-FEServer: Exchange2013-Server
Content-Length: 0
Cache-Control: private
Date: Wed, 02 Apr 2014 13:45:11 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET

 

This is what I did to resolve the problem.

  1. In the Advanced Security Settings of the User that is having problems, check to make sure there are no Unknown SID Security Entries. If there are then delete them. I had to delete two Unknown SIDs from the root level of my AD.
  2. Also while in the Advanced Security settings make sure that Include Inheritable Permissions is checked.
  3. Then Synchronize all domain controllers using “repadmin /syncall /e”
  4. Open ADSIEdit in the Default Naming Context
  5. Browse through the directory and locate the user object having problems
  6. Select the CN=ExchangeActiveSyncDevices container located under the troublesome user and delete it.activesync5
  7. The next time a device attempts an ActiveSync connection, the folder will be automatically recreated and the correct permissions applied
  8. Then Synchronize all Domain Controller Again “repadmin /syncall /e”
  9. Log into the Exchange 2013 Server and run “iisreset”
  10. Try your Active Sync Device again

For some accounts you may need to download this EASAdmin tool by MS http://gallery.technet.microsoft.com/office/Tool-to-manage-Exchange-8a458b2a to delete the device partnerships on troubled accounts. Then ReSync AD and reset IIS.

Also add this attribute at the domain level in AD just to make sure.

Also as a good measure I reset the Active Sync Virtual Directory on my exchange 2013 server just to make sure . Hope this helps the rest of you. I’ll update the post if it breaks agaihttp://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/be11fc40-0660-4bcb-88c9-43b89000af03/

OR

If the above solution doesn’t work, your health mailboxes might be jacked up from the migration. Try this

The issue seems to be caused when upgrading from Exchange 2013 RTM to CU1. The HealthMailboxes are meant to be moved in AD in the process, but for some or other reason this doesn’t happen automatically.

1. On the Exchange Server, run Exchange Powershell with admin rights
2. Remove the existing HealthMailboxes (there are typically two – one for your mail store and one for Public Folders, should this be enabled) When I ran the first command I had only two Health Mailboxes showing. Then I ran the second command to remove the health mailboxes.

Get-Mailbox -monitor

Get-Mailbox -monitor | remove-mailbox

3. Run “setup.exe /preparead” (setup.exe is stored in Program Files\Microsoft\Exchange Server\V15\bin”
4. Restart the “Microsoft Exchange Health Manager” service

5. Wait a couple of minutes (Be Patient as sometimes it take a few minutes to recreate the mailboxes) then run the below commad. After the mailboxes were recreated, I went from having 2 to 4

Get-Mailbox -monitor

The HealthMailboxes are then re-created in the right place, and the error messages are no longer generated.

Advertisements