Forum Discussion
Exchange 2019 Question about certificate on mobile phones
when I run the testconnectivity from Microsoft, everything completes successfully but when it scans for @domain.com it returns the address I have in my public DNS that is incorrect (it is returning the root public IP <--This is the original address the phone receives) but then it continues and searches for autodiscover and mail @ domain.com and it resolves to the correct IPS but the phones never get the prefix, they only get the domain.com and not mail.domain.com
A little more info (I should have mentioned this earlier)
I have 2 exchange servers (was migrating an older 2013 to a new 2019)
The old exchange server didn't / doesn't have any issues. In my firewall, if I point my mail to go to the old server the phones work properly, the autodiscover populates and everything completes correctly. If I point my firewall to the new server (2019) the mail is still able to flow BUT it never populates the mail.domain.com on the phones. Additionally, since this server has been in place the local Outlook clients keep getting a popup when they open outlook saying the certificate doesn't make the GoDaddy certificate because it is looking for localexchangehostname.domain.com
I am asking myself what the actual issue is. Why does the old server work correctly and when I point the mail to route to the new server I have all these certificate errors?
Both servers have the new re-keyed Godaddy certificate in the IIS bindings in all the same places. The new server only has the new godaddy certificate in it but not the old certificate from the old server. The old server however still has the old certificate present under certificates which still has SMTP / POP / IMAP as services installed but not IIS.
I also tried to export the exchange certificate from the old server and import it to the new server with the same roles installed and still no success
audi911 have you tried the active sync default domain setting under IIS?
compare this with existing ex2013, check if that has it
iis-default site-microsoftserver-activesync
features-authentication
basic auth -edit
default domain
realm
if these are blank, copy from ex2013 and reset iis
- You were right this is what I had to do although not configured in my old EX server but i had to go to IIS and expand default website and then select Microsoft Exchange Active Sync and select Authentication
Under Basic Authentication I had to select EDIT and then put a \ under default domain and mydomain.local under realm
I've never seen this I don't understand why it has done this I have done so many migrations of Exchange to newer versions this is the first time I've ever seen this.
If someone can chime in as to why it would help me understand more.
Thanks
