Exchange 2007 connection via ODME failed with '400 Bad request' and '403 forbidden' error messages.
On Demand Migration for Email (ODME): 188.8.131.52
Browser: Internet Explorer 11 - English.
Migrating from: Exchange 2007 08.02.0176.002 (SP2) Online.
Migrating to: Office 365.
Internet Security and Acceleration Server (ISA) was setup between Exchange Server and the Internet, but not configured.
IIS logs didn't show any errors.
All the rights as stated in manual have been setup (Enabling Application Impersonation Rights – Page 18) and no auto-discover was setup, as well as Forms authentication was being used.
ODME logs showed the following error messages:
Error creating source session. The request failed. The remote server returned an error: (403) Forbidden.(The remote server returned an error: (403) Forbidden.)
The '400 Bad request' error message was resolved using this KBA:
If you change the Server URL, please re-enter the Admin User Name and Password before clicking Validate Servers.
Is the email address you are using an alias? In which case your migration plan shouldn’t contain alias name(s) and will need to specify the full email address of each mailbox to be migrated in the migration plan.
So you can either use the “Auto-discover” option in the source part of ODME (recommended).
Deselect “Auto-discover” and enter the full HTTPS URL for OWA in manually.
Deselect “Auto-discover” and enter the full HTTP URL for OWA in manually e.g. http://mail.domain.com/EWS/Exchange.asmx
The "The request failed. The remote server returned an error: (403) Forbidden" error message can be caused one or more or the following scenarios:
-ISA has not been setup to allow communication/data to pass through in both directions i.e. being blocked by ISA.
-Proxy Server incorrectly configured.
-Windows Firewall enabled and recommend to disable it.
In this instance the '403 forbidden' error message was caused by the ISA not being setup and published for the Exchange Web Services (EWS) path for the user account (part of Outlook Anywhere publishing).
The ISA was also not setup to allow EWS bi-directional traffic on the ISA Server too.
Further information is in the ODME 1.8 Users Guide in Chapter 2 – Page 19 - Specifying Administrator Credentials section on the following link:
It is recommended that you use auto-discovery to obtain the server URL. During a migration, this option uses the specified UPN and password to retrieve the server URL that hosts EWS for the given mailbox. You can also enter the server URL manually.
NOTE: Your Exchange 2007/2010 server must be configured to support auto-discovery before you can use it to obtain the server URL. Click here for more information on the auto-discover service in Exchange 2007. Click here for information on Exchange 2010.
If entering the server URL manually, enter the name of your Exchange 2007/2010 server in SSL format (e.g., exchange.example.com). If your server does not support SSL, enter the fully qualified URL for Exchange Web Services (e.g., http://exchange.example.com/EWS/Exchange.asmx).
NOTE: If your server does not support SSL, all mailbox data will be transmitted non-encrypted. Use SSL connections if possible to secure your data. ODME supports self-signed SSL certificates. For information on generating a properly formatted self-signed SSL certificate, see Using Self-Signed SSL Certificates on page 36.