none
Staged Migration from Exchange 2003 to Office 365 - Error with Migration Endpoint RRS feed

  • Question

  • We are in the middle of a staged migration from Exchange 2003 to Office 365.   Everything had been working fine until the Exchange Server (which doubles as a file server for this SMB) was hit with a ransomware attack which required:

    - Remove IIS and then re-install

    - Reinstall Exchange Server 2003 and Exchange SP2

    - Restore the Exchange information store from backups

    - Rebuild the Exchange virtual directories

    OWA is working fine - users who have not migrated to Office 365 can logon fine.  The Microsoft Remote Connectivity Analyzer test for ActiveSync is also working fine and all tests pass.  However, the migration endpoints that were previously working do not work anymore.  We get an error when trying to connect to the server.   I've verified the account that is being used for the migration endpoint is working and the password is correct.   When the migration endpoint tries to connect we do not see ANY error messages in any of the event logs on the Exchange 2003 server.   Any ideas for troubleshooting this?  

    Thanks in advance for any assistance


    Wednesday, May 29, 2019 3:33 PM

All replies

  • SO you didn't have to reinstall the entire OS, i.e. just removing IIS and reinstalling fixed the ransomware issue?

    Search, Recover, Export Mailboxes, Contacts, Calendars, Tasks from ALL versions of Exchange Offline EDB's, On-Premises Exchange Databases & Office 365. Export, Migrate/Recover into On-Premises Exchange Server, Office 365 with Lucid8's DigiScope

    Wednesday, May 29, 2019 6:22 PM
  • Correct.  the ransomware didn't hit system files.  All exchange services are running fine, we can connect to OWA fine, the remote connectivity analyzer works fine and connects to ActiveSync fine.   I just can't get the migration endpoint to connect back to the environment from Office 365.  I did see these entries in the HTTP logs.  The IP address 192.168.1.128 at the end is interesting - that address is NOT assigned to any system on the network.   It almost looks like the connection is being redirected there.  The internal IP of the server is 192.168.1.8.  I've replaced the actual domain name and user logon used for the endpoint test with <NETBIOS DOMAIN> and <USERLOGON>:

    4:59:22 W3SVC1 192.168.1.8 GET /exchweb/img/rename.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0

    2019-05-29 14:59:22 W3SVC1 192.168.1.8 GET /exchweb/img/sort-d.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:22 W3SVC1 192.168.1.8 GET /exchweb/img/view-nextpage.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:28 W3SVC1 192.168.1.8 GET /exchange/<USERLOGON>/Drafts/ Cmd=new 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 401 2 2148074254
    2019-05-29 14:59:28 W3SVC1 192.168.1.8 GET /exchange/<USERLOGON>/Drafts/ Cmd=new 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 401 1 0
    2019-05-29 14:59:28 W3SVC1 192.168.1.8 GET /exchange/<USERLOGON>/Drafts/ Cmd=new 443 <NETBIOS DOMAIN>\<USERLOGON> 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:28 W3SVC1 192.168.1.8 GET /exchweb/img/save.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:28 W3SVC1 192.168.1.8 GET /exchweb/img/send.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:28 W3SVC1 192.168.1.8 GET /exchweb/6.5.7651.60/controls/dl_composecommon.js - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:28 W3SVC1 192.168.1.8 GET /exchweb/img/attach.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:28 W3SVC1 192.168.1.8 GET /exchweb/img/checkname.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:28 W3SVC1 192.168.1.8 GET /exchweb/img/spacer.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:44 W3SVC1 192.168.1.8 POST /exchange/<USERLOGON>/Drafts - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 401 2 2148074254
    2019-05-29 14:59:44 W3SVC1 192.168.1.8 POST /exchange/<USERLOGON>/Drafts - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 401 1 0
    2019-05-29 14:59:44 W3SVC1 192.168.1.8 POST /exchange/<USERLOGON>/Drafts - 443 <NETBIOS DOMAIN>\<USERLOGON> 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 302 0 0
    2019-05-29 14:59:44 W3SVC1 192.168.1.8 GET /exchange/<USERLOGON>/Inbox/ Cmd=contents&View=Messages&Page=1 443 <NETBIOS DOMAIN>\<USERLOGON> 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:48 W3SVC1 192.168.1.8 GET /exchange/<USERLOGON>/ Cmd=contents&ShowFolders=1 443 <NETBIOS DOMAIN>\<USERLOGON> 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:48 W3SVC1 192.168.1.8 GET /exchweb/img/drafts.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:48 W3SVC1 192.168.1.8 GET /exchweb/img/icon-appt.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:48 W3SVC1 192.168.1.8 GET /exchweb/img/icon-contact.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:48 W3SVC1 192.168.1.8 GET /exchweb/img/icon-journal.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:48 W3SVC1 192.168.1.8 GET /exchweb/img/inbox.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:48 W3SVC1 192.168.1.8 GET /exchweb/img/junkemail.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:48 W3SVC1 192.168.1.8 GET /exchweb/img/notes.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:48 W3SVC1 192.168.1.8 GET /exchweb/img/outbox.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:48 W3SVC1 192.168.1.8 GET /exchweb/img/sent-items.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:48 W3SVC1 192.168.1.8 GET /exchweb/img/icon-task.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:50 W3SVC1 192.168.1.8 GET /exchange/<USERLOGON>/Sent%20Items/ Cmd=contents 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 401 2 2148074254
    2019-05-29 14:59:50 W3SVC1 192.168.1.8 GET /exchange/<USERLOGON>/Sent%20Items/ Cmd=contents 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 401 1 0
    2019-05-29 14:59:50 W3SVC1 192.168.1.8 GET /exchange/<USERLOGON>/Sent%20Items/ Cmd=contents 443 <NETBIOS DOMAIN>\<USERLOGON> 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 14:59:50 W3SVC1 192.168.1.8 GET /exchweb/img/icon-msg-read.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 15:01:02 W3SVC1 192.168.1.8 GET /exchange/<USERLOGON>/ Cmd=logoff 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 401 2 2148074254
    2019-05-29 15:01:02 W3SVC1 192.168.1.8 GET /exchange/<USERLOGON>/ Cmd=logoff 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 401 1 0
    2019-05-29 15:01:02 W3SVC1 192.168.1.8 GET /exchange/<USERLOGON>/ Cmd=logoff 443 <NETBIOS DOMAIN>\<USERLOGON> 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 302 0 0
    2019-05-29 15:01:02 W3SVC1 192.168.1.8 GET /exchweb/bin/USA/logoff.asp - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 15:01:02 W3SVC1 192.168.1.8 GET /exchweb/img/logon_Microsoft.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 15:01:02 W3SVC1 192.168.1.8 GET /exchweb/img/logon_logo.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 15:01:02 W3SVC1 192.168.1.8 GET /exchweb/img/logon_Nav.gif - 443 - 144.121.53.254 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/74.0.3729.169+Safari/537.36 200 0 0
    2019-05-29 15:08:15 W3SVC1 192.168.1.8 RPC_IN_DATA /rpc/rpcproxy.dll fs1.<NETBIOS DOMAIN>.com:6002 443 - 40.97.142.157 MSRPC 501 0 0
    2019-05-29 15:08:15 W3SVC1 192.168.1.8 RPC_OUT_DATA /rpc/rpcproxy.dll fs1.<NETBIOS DOMAIN>.com:6002 443 - 40.97.142.157 MSRPC 501 0 0
    2019-05-29 15:08:19 W3SVC1 192.168.1.8 RPC_IN_DATA /rpc/rpcproxy.dll fs1.<NETBIOS DOMAIN>.com:6002 443 - 40.97.142.157 MSRPC 501 0 0
    2019-05-29 15:08:19 W3SVC1 192.168.1.8 RPC_OUT_DATA /rpc/rpcproxy.dll fs1.<NETBIOS DOMAIN>.com:6002 443 - 40.97.142.157 MSRPC 501 0 0
    2019-05-29 15:08:19 W3SVC1 192.168.1.8 RPC_IN_DATA /rpc/rpcproxy.dll MWHPR14MB1568.namprd14.prod.outlook.com:6002 443 - 40.97.142.157 MSRPC 501 0 0
    2019-05-29 15:08:20 W3SVC1 192.168.1.8 RPC_OUT_DATA /rpc/rpcproxy.dll MWHPR14MB1568.namprd14.prod.outlook.com:6002 443 - 40.97.142.157 MSRPC 501 0 0
    2019-05-29 15:08:23 W3SVC1 192.168.1.8 RPC_IN_DATA /rpc/rpcproxy.dll MWHPR14MB1568.namprd14.prod.outlook.com:6002 443 - 40.97.142.157 MSRPC 501 0 0
    2019-05-29 15:08:23 W3SVC1 192.168.1.8 RPC_OUT_DATA /rpc/rpcproxy.dll MWHPR14MB1568.namprd14.prod.outlook.com:6002 443 - 40.97.142.157 MSRPC 501 0 0
    2019-05-29 15:22:18 W3SVC1 192.168.1.8 OPTIONS / - 80 - 192.168.1.128 DavClnt 403 4 5
    2019-05-29 15:22:36 W3SVC1 192.168.1.8 OPTIONS /Castle - 80 - 192.168.1.128 Microsoft-WebDAV-MiniRedir/10.0.17134 403 4 5
    2019-05-29 15:23:29 W3SVC1 192.168.1.8 OPTIONS /Castle - 80 - 192.168.1.128 Microsoft-WebDAV-MiniRedir/10.0.17134 403 4 5

    Wednesday, May 29, 2019 6:35 PM
  • You can follow this article easily to migrate from Exchange 2003 to Office 365: https://community.spiceworks.com/how_to/120742-staged-migration-from-exchange-2003-to-office365
    Thursday, May 30, 2019 11:24 AM