We are trying to migrate the users from Exchange 2003 to Exchange 2010. To do this migrating the traffic go thorugh palo alto but when i start the migration i receive this error "MapiExceptionNetworkError: Unable to make connection to the server. (hr=0x80004005, ec=2423)" in the server. It sound like there is a communication pborblem between server but i go to the Palo Alto and i dont see any traffic between these IPS (firewall is nos seeing the traffic in monitor log). Doing a tracert between server the traffic go through the PA.
Why i cant see anything in the firewall????
Thanks a lot
The "Monitor Traffic" log only shows traffic that has been allowed or denied by a security policy. By default traffic within a zone is allowed, but not monitored unless you create a rule to monitor this traffic. Traffic between zones is blocked by default, but will not display that the traffic is denied. So if you are expecting to see traffic in the "Monitor Traffic" log, make sure that you have a security policy that is processing the traffic. Then it will show up.
If you already have the rules in place, and are still not seeing traffic. It is probably because your MAPI traffic is not making it to the firewall, or that your security rule isn't specifying that type of traffic, but is allowing the tracert through. If you don't have the rule, and cannot create it to test. Then I would setup a packet capture. You can see dropped packets from there to see if your firewall is dropping the MAPI traffic, or if the traffic is making it to the firewall at all.
If MAPI is not making it to the firewall, consider the following. Typically, Exchange will have multiple networks, especially if setup as a DAG. Each network is assigned for certain purposes. You need to make sure that the network or NIC that MAPI traffic is connected end to end. When you run your tracert, it may be flowing across the primary NIC and routing as expected. However, when you start your migration, it may be using another NIC for MAPI traffic. That NIC may not be connected, or routing accordingly. On a windows environment you can use "route print" from command prompt to see the route tables. You will need to log into the Exchange Management console to verify the Network settings for MAPI traffic.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!