Remote MRS Proxy Connection Forbidden

DustinB3403

OK, so Exchange Server 2010, hybrid setup with Microsoft syncing our user credentials.

Made some changes last week (MSP did in fact) to address the issue before where outlook failed to connect. We removed the hybrid authentication, and now have a single sign on page. Also our MSP enabled SSL authentication for our network.

But now...... $^&* we can't migrate our mailboxes to Exchange Online.

For the migration function, the settings are configured for smtp.ourdomain.com.

• Attempting to access smtp.ourdomain.com from inside the organization or outside results in forbidden.

• Attempting to access smtp.ourdomain.com/owa also fails with a forbidden error.

• Accessing https://smtp.ourdomain.com works - to the default IIS webpage.

• Accessing https://smtp.ourdomain.com/owa brings us to the OWA login prompt.

Microsoft has said we need a new migration endpoint which should point to https://smtp.ourdomain.com

This however also fails, using all combinations of my credentials (not the credentials used originally).

What else needs to be investigated? Autodiscover fails for our domain as well.

Test Details
[Start Over][Run Test Again]
[Expand All][][] 
	Attempting the Autodiscover and Exchange ActiveSync test (if requested).
	Autodiscover was successfully tested for Exchange ActiveSync.
		Additional Details
	Elapsed Time: 18976 ms.

		Test Steps
		Attempting each method of contacting the Autodiscover service.
	The Autodiscover service was tested successfully.
		Additional Details
	Elapsed Time: 18976 ms.

		Test Steps
		Attempting to test potential Autodiscover URL https://ourdomain.com:443/Autodiscover/Autodiscover.xml

	Testing of this potential Autodiscover URL failed.
		Additional Details
	Elapsed Time: 1489 ms.

		Test Steps
		Attempting to resolve the host name ourdomain.com in DNS.
	The host name resolved successfully.
		Additional Details

	Testing TCP port 443 on host ourdomain.com to ensure it's listening and open.
	The port was opened successfully.
		Additional Details

	Testing the SSL certificate to make sure it's valid.
	The SSL certificate failed one or more certificate validation checks.
		Additional Details
	Elapsed Time: 883 ms.

		Test Steps
		The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server ourdomain.com on port 443.
	The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
		Additional Details

	Validating the certificate name.
	Certificate name validation failed.
	   Tell me more about this issue and how to resolve it 

		Additional Details
	Host name ourdomain.com doesn't match any name found on the server certificate CN=*.gridserver.com, OU=Domain Control Validated.
Elapsed Time: 0 ms.





	Attempting to test potential Autodiscover URL https://autodiscover.ourdomain.com:443/Autodiscover/Autodiscover.xml

	Testing of this potential Autodiscover URL failed.
		Additional Details
	Elapsed Time: 15559 ms.

		Test Steps
		Attempting to resolve the host name autodiscover.ourdomain.com in DNS.
	The host name resolved successfully.
		Additional Details

	Testing TCP port 443 on host autodiscover.ourdomain.com to ensure it's listening and open.
	The specified port is either blocked, not listening, or not producing the expected response.
	   Tell me more about this issue and how to resolve it 

		Additional Details



	Attempting to contact the Autodiscover service using the HTTP redirect method.
	The Autodiscover service was successfully contacted using the HTTP redirect method.
		Additional Details
	Elapsed Time: 1927 ms.

		Test Steps
		Attempting to resolve the host name autodiscover.ourdomain.com in DNS.
	The host name resolved successfully.
		Additional Details

	Testing TCP port 80 on host autodiscover.ourdomain.com to ensure it's listening and open.
	The port was opened successfully.
		Additional Details

	The Microsoft Connectivity Analyzer is checking the host autodiscover.ourdomain.com for an HTTP redirect to the Autodiscover service.
	The redirect (HTTP 301/302) response was received successfully.
		Additional Details

	Attempting to test potential Autodiscover URL https://autodiscover-s.outlook.com/Autodiscover/Autodiscover.xml

	Testing of the Autodiscover URL was successful.
		Additional Details

		Test Steps

At this point, I'm at a loss, and just ticked off in general. As there is always the kickback of "ohh seem to be Microsoft". I'm more than willing to throw Microsoft under a bus, except every issue here has been the initial configuration with this system that has lead to these issues.

Looking for pointers on what to investigate to get this going.

DustinB3403

This is what current happens when we attempt to migrate. The smtp address points to our local server.

DustinB3403

So I guess the question really are:

Is the issue with Microsoft?

Is the issue with our firewall?

Is the issue with our Exchange Server?

DustinB3403

Is this purely a failed certificate issue? I mean that would make sense, but I've not done a lot with Exchange (and O365) besides dick-around with the settings as this organization has some major config issues.