Remote MRS Proxy Connection Forbidden



  • OK, so Exchange Server 2010, hybrid setup with Microsoft syncing our user credentials.

    Made some changes last week (MSP did in fact) to address the issue before where outlook failed to connect. We removed the hybrid authentication, and now have a single sign on page. Also our MSP enabled SSL authentication for our network.

    But now...... $^&* we can't migrate our mailboxes to Exchange Online.

    For the migration function, the settings are configured for smtp.ourdomain.com.

    Microsoft has said we need a new migration endpoint which should point to https://smtp.ourdomain.com

    This however also fails, using all combinations of my credentials (not the credentials used originally).

    What else needs to be investigated? Autodiscover fails for our domain as well.

    Test Details
    [Start Over][Run Test Again]
    [Expand All][][] 
    	Attempting the Autodiscover and Exchange ActiveSync test (if requested).
    	Autodiscover was successfully tested for Exchange ActiveSync.
    		Additional Details
    	Elapsed Time: 18976 ms.
    
    		Test Steps
    		Attempting each method of contacting the Autodiscover service.
    	The Autodiscover service was tested successfully.
    		Additional Details
    	Elapsed Time: 18976 ms.
    
    		Test Steps
    		Attempting to test potential Autodiscover URL https://ourdomain.com:443/Autodiscover/Autodiscover.xml
    
    	Testing of this potential Autodiscover URL failed.
    		Additional Details
    	Elapsed Time: 1489 ms.
    
    		Test Steps
    		Attempting to resolve the host name ourdomain.com in DNS.
    	The host name resolved successfully.
    		Additional Details
    
    	Testing TCP port 443 on host ourdomain.com to ensure it's listening and open.
    	The port was opened successfully.
    		Additional Details
    
    	Testing the SSL certificate to make sure it's valid.
    	The SSL certificate failed one or more certificate validation checks.
    		Additional Details
    	Elapsed Time: 883 ms.
    
    		Test Steps
    		The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server ourdomain.com on port 443.
    	The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
    		Additional Details
    
    	Validating the certificate name.
    	Certificate name validation failed.
    	   Tell me more about this issue and how to resolve it 
    
    		Additional Details
    	Host name ourdomain.com doesn't match any name found on the server certificate CN=*.gridserver.com, OU=Domain Control Validated.
    Elapsed Time: 0 ms.
    
    
    
    
    
    	Attempting to test potential Autodiscover URL https://autodiscover.ourdomain.com:443/Autodiscover/Autodiscover.xml
    
    	Testing of this potential Autodiscover URL failed.
    		Additional Details
    	Elapsed Time: 15559 ms.
    
    		Test Steps
    		Attempting to resolve the host name autodiscover.ourdomain.com in DNS.
    	The host name resolved successfully.
    		Additional Details
    
    	Testing TCP port 443 on host autodiscover.ourdomain.com to ensure it's listening and open.
    	The specified port is either blocked, not listening, or not producing the expected response.
    	   Tell me more about this issue and how to resolve it 
    
    		Additional Details
    
    
    
    	Attempting to contact the Autodiscover service using the HTTP redirect method.
    	The Autodiscover service was successfully contacted using the HTTP redirect method.
    		Additional Details
    	Elapsed Time: 1927 ms.
    
    		Test Steps
    		Attempting to resolve the host name autodiscover.ourdomain.com in DNS.
    	The host name resolved successfully.
    		Additional Details
    
    	Testing TCP port 80 on host autodiscover.ourdomain.com to ensure it's listening and open.
    	The port was opened successfully.
    		Additional Details
    
    	The Microsoft Connectivity Analyzer is checking the host autodiscover.ourdomain.com for an HTTP redirect to the Autodiscover service.
    	The redirect (HTTP 301/302) response was received successfully.
    		Additional Details
    
    	Attempting to test potential Autodiscover URL https://autodiscover-s.outlook.com/Autodiscover/Autodiscover.xml
    
    	Testing of the Autodiscover URL was successful.
    		Additional Details
    
    		Test Steps
    

    At this point, I'm at a loss, and just ticked off in general. As there is always the kickback of "ohh seem to be Microsoft". I'm more than willing to throw Microsoft under a bus, except every issue here has been the initial configuration with this system that has lead to these issues.

    Looking for pointers on what to investigate to get this going.



  • This is what current happens when we attempt to migrate. The smtp address points to our local server.

    0_1484848882129_chrome_2017-01-19_13-00-38.png



  • So I guess the question really are:

    Is the issue with Microsoft?

    Is the issue with our firewall?

    Is the issue with our Exchange Server?



  • Is this purely a failed certificate issue? I mean that would make sense, but I've not done a lot with Exchange (and O365) besides dick-around with the settings as this organization has some major config issues.