MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

Exchange 2010/2007 to 2013 Migration and Co-existence Guide

We dont have a lot of guides out there helping with a step by step guide for the migration and co-existence of Exchange 2010/2007 to Exchange 2013So, here you go !!!

Update:

if you are planning to employ a third party product for migration – look no further. CodeTwo is a mature and reliable product for full blown Exchange migraiton from

Exchange 2003/2007/2010 – cross forest or cross domain migration:

Take a look here: 

CodeTwo Exchange migration for Exchange 2003 to 2010/2013: Operational review: http://msexchangeguru.com/2013/11/24/codetwo-exchange-migration/

Download here: 

Download Codetwo for free: http://www.codetwo.com/exchange-migration/

Before you proceed with the actual migration steps, these articles may be of interest to you:

Exchange 2013 CAS Role Demystified: http://msexchangeguru.com/2013/05/22/exchange-2013-cas/
Exchange 2013 High Availability demystified: http://msexchangeguru.com/2013/05/23/e2013-ha-demystified/
Load Balancing Exchange Server 2013 – Good to know stuff: http://msexchangeguru.com/2013/06/05/load-balancing/
Public Folders Migration from Exchange 2007/2010 to Exchange 2013: http://msexchangeguru.com/2013/04/18/exchange2013-public-folders/
Upgrade from Exchange 2013 CU1 or RTM to CU2: http://msexchangeguru.com/2013/07/10/install-e2013-cu2/
Monitoring and troubleshooting Exchange using powershell: http://msexchangeguru.com/2013/07/23/monitoring-powershell/

Preparing Exchange 2010/2007

  1. Install the hotfix 2550886 for DAG failover improvements on Exchange 2010/2007 DAG servers.

    http://support.microsoft.com/?kbid=2550886

  2. Login to the Exchange 2010/2007 server with Schema Admins, enterprise admins, domain admins and organization management group member id as SP 3 will extend the schema.
  3. Install Exchange 2010/2007 SP3 on all the exchange 2010/2007 servers in CAS then HT then mailbox role order if they are not on the same server

    SP3 can be downloaded from the below link:

    http://www.microsoft.com/en-us/download/details.aspx?id=36768

  4. Check the below link for SP3 installation steps

    http://msexchangeguru.com/2013/04/03/exchange-2010/2007-sp3/

 

Installing Exchange 2013

  1. I would suggest going for Windows 2012 for Exchange 2013 but you can use windows 2008 R2 SP1 as well.
  2. Install the windows 2012 server or Windows 2008 R2 SP1 on a new server and join the domain. It can be virtual or physical. Now Microsoft support virtualized mailbox role.
  3. Run the windows update and install all the recommended updates.
  4. You might like to configure windows NLB if you don’t have NLB hardware. Check the below blog on it. (optional)  http://msexchangeguru.com/2013/08/14/windowsnlb/
  5. For Active Directory preparation check the “step 3 preparing active directory” at the blog mentioned below:       http://msexchangeguru.com/2013/04/29/install-e2013/
  6. Install the following prerequisites for Exchange 2013

For Windows 2012:

  1. Open Windows PowerShell.
  2. Run the following command to install the required Windows components.

    Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

  3. Restart the server.
  4. http://www.microsoft.com/en-us/download/details.aspx?id=34992

  5. http://www.microsoft.com/en-us/download/details.aspx?id=17062

  6. http://www.microsoft.com/en-us/download/details.aspx?id=26604

For Windows 2008:

  1. Open Windows PowerShell.
  2. Run the following command to load the Server Manager module.

    Import-Module ServerManager

  3. Run the following command to install the required Windows components.

        Add-WindowsFeature Desktop-Experience, NET-Framework, NET-HTTP-Activation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Web-Server, WAS-Process-Model, Web-Asp-Net, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI

  4. Restart the server
  5. http://msdn.microsoft.com/en-us/library/5a4x27ek(VS.110).aspx

  6. http://www.microsoft.com/en-us/download/details.aspx?id=34595

  7. Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit

    http://www.microsoft.com/en-us/download/details.aspx?id=34992

  8. http://www.microsoft.com/en-us/download/details.aspx?id=17062

  9. http://www.microsoft.com/en-us/download/details.aspx?id=26604

  10. http://support.microsoft.com/?kbid=974405&wa=wsignin1.0

  11. http://support.microsoft.com/?kbid=2619234

  12. http://support.microsoft.com/?kbid=2533623

   6. Restart the server

   7. Exchange 2013 Installation – Please follow the below link for the Exchange 2013 installation: http://msexchangeguru.com/2013/04/29/install-e2013/or Exchange 2013 SP1installation: http://msexchangeguru.com/2014/03/02/e2013sp1-installationupgrade/

Imp: You can directly install Exchange 2013 CU1 as well. If you directly install CU1 then you can skip step 12 – Testing mailbox move without CU1. If you are installing CU2 make sure you are installing CU2 V2.

If you are doing new installation then you can directly install Exchange 2013 CU1 which itself is a full setup. You can follow same schema update and AD preparation steps.

After Exchange 2013 installation the biggest challenge will be how to login to the EAC, there is no mailbox on Exchange 2013.

If you are trying to access EAC for the first time and your mailbox is on Exchange 2010, you need to use the URL in the format:

https://Exchange2013ServerName/ecp?ExchClientVer=15

This is because in a co-existence scenario, your mailbox is still housed on the Exchange 2010 mailbox server, the browser will default to the Exchange Server 2010 ECP. Now if you want to access the Exchange 2010 ECP and your mailbox resides on an Exchange 2013 mailbox server, use the following URL:

https://Exchange2010ServerName/ecp?ExchClientVer=14.

Take a look at:

Working with EAC or Exchange administration center in Exchange 2013 – Part1: http://msexchangeguru.com/2013/01/16/eac-exchange-2013/

So you need to create a mailbox to administer Exchange 2013. We will follow the below steps:

    1. Create a mailbox in Exchange 2013 mailbox database.
    2. “New-Mailbox –name 2013Admin –userPrincipalName 2013Admin@domain.com –Database “2013 DBName””
    3. Run Get-mailboxdatabase to check the database name

      4. Give the permission to the mailbox to Administrate EAC.

               Add the following group membership:

                 Domain Admins

                 Schema Admins

                 Enterprise Admins

                 Organization Management

Test mailbox migration without CU1 for Exchange 2013

  1. Now, you should be able to login to EAC by going to the url https://localhost/ECP. If you will test the mailbox migration from Exchange 2010/2007 to Exchange 2013 before CU1 for Exchange 2013, it will be working but full co-existence will not work so it is a necessity to install CU1. As an example my Servers are mentioned below:


     

     

  2. EAC will show Databases from both the servers


 

  • Now I am migrating the mailbox being Exchange 2010/2007 on SP3 and Exchange 2013 without CU1.

 

Created new mailbox in Exchange 2010/2007, you can see 2013 database is not showing here


 

  • Database before move

 


 

  • I have moved the mailbox from Exchange 2013 EAC to Exchange 2013 database. Now click on migration to check the status

 


 

  • Now Refresh and you will see completed depends on the size of mailbox.

 


 

  • Check the Database name has changed

 

 

Continue the Exchange 2013 CU1 installation

       5. If you have not install CU1 version of exchange 2013 then this is the time to install Exchange 2013 Cumulative update 1 so that we avoid any co-existence issue. If you are doing new installation then you can directly install Exchange 2013 CU1 which itself is a full setup. You can follow same schema update and AD preparation steps mentioned in the Exchange 2013 installation article

Update 4/7/2014: Now – We can go for SP1 – http://msexchangeguru.com/2014/03/02/e2013sp1-installationupgrade/

       6. Download the Exchange 2013 from the below link which is an Exchange 2013 setup with Cumulative update

http://www.microsoft.com/en-us/download/details.aspx?id=38176

       7. Install the Exchange 2013 CU 1 with the help of below link:

http://msexchangeguru.com/2013/04/15/e2013-cu1-2/

 

Configuring Exchange 2013 and network

  1. Transport Configuration
  2. Send connector

         1. Exchange 2013 reads exchange 2010/2007 send connector information. Click on the pencil icon to check and add exchange 2013 in the same send connector.

         2. Click on scoping and + icon to add the server

         

         3. Select the server and add, then click on and save. Send connector configuration completed.

         

     3. Receive Connector

        1. Add a receive connector as per the current connector configuration.

        2. Select the 2013 server, oh what we have 5 connectors for what. Let me explain here.

         3. You can see all 5 together here as I have CAS and Mailbox on same server. First 3 are for the CAS connector and remain 2 are for mailbox role.

         4. I would link to explain the transport pipe line here which consists of the following services:

             Front End Transport service - This service runs on all Client Access servers and acts as a stateless proxy for all inbound and outbound external SMTP traffic for the Exchange 2013 organization.  The Front End Transport service doesn’t inspect message content, only communicates with the Transport service on a Mailbox server, and doesn’t queue any messages locally.

             Transport service - This service runs on all Mailbox servers and is virtually identical to the Hub Transport server role in previous versions of Exchange. The Transport service handles all SMTP mail flow for the organization, performs message categorization, and performs message content inspection. Unlike previous versions of Exchange, the Transport service never communicates directly with mailbox databases. That task is now handled by the Mailbox Transport service. The Transport service routes messages between the Mailbox Transport service, the Transport service, and the Front End Transport service.

            Mailbox Transport service – This service runs on all Mailbox servers and consists of two separate services: the Mailbox Transport Submission service and Mailbox Transport Delivery service. The Mailbox Transport Delivery service receives SMTP messages from the Transport service on the local Mailbox server or on other Mailbox servers, and connects to the local mailbox database using an Exchange remote procedure call (RPC) to deliver the message. The Mailbox Transport Submission service connects to the local mailbox database using RPC to retrieve messages, and submits the messages over SMTP to the Transport service on the local Mailbox server, or on other Mailbox servers. The Mailbox Transport Submission service has access to the same routing topology information as the Transport service. Like the Front End Transport service, the Mailbox Transport service also doesn’t queue any messages locally.

(from TechNet)

5. Here are the details about the receive connectors

         When you install a Mailbox server running the Transport service, two Receive connectors are created. No additional Receive connectors are needed for typical operation, and in most cases the default  Receive connectors don’t require a configuration change. These connectors are the following:

          Default <server name>   Accepts connections from Mailbox servers running the Transport service and from Edge servers.

          Client Proxy <server name>   Accepts connections from front-end servers. Typically, messages are sent to a front-end server over SMTP.

          During installation, three Receive connectors are created on the Front End transport, or Client Access server. The default Front End Receive connector is configured to accept SMTP communications from all IP address ranges. Additionally, there is a Receive connector that can act as an outbound proxy for messages sent to the front-end server from Mailbox servers. Finally, there is a secure Receive connector configured to accept messages encrypted with Transport Layer Security (TLS). These connectors are the following:

          Default FrontEnd <server name>   Accepts connections from SMTP senders over port 25. This is the common messaging entry point into your organization.

          Outbound Proxy Frontend <server name>   Accepts messages from a Send Connector on a back-end server, with front-end proxy enabled.

         By default we don’t route the outgoing email to CAS. If we have some mailgaurd or compliance requirement on a separate CAS server then we can use it. If we have CAS and mailbox role on the  same server then we don’t need to configure this connector. We can simply disable it.

             

      Client Frontend <server name>   Accepts secure connections, with Transport Layer Security (TLS) applied.

  6. So we have to configure “Default Frontend Servername” connector which is accepting the emails on port 25. Yes this is very important when you have both role on one server then Frontend will be 25 and backend will be 2525

         

         7. You might need to check email address policies, this might needs to re-apply. If we have more than 3000 mailboxes then it is suggest applying from EMS.

         To understand the mailflow we can read the below article: http://msexchangeguru.com/2012/08/09/e2013-mailflow/

 

Exchange 2013 Certificates

Create a new Exchange certificate on Exchange 2013: http://msexchangeguru.com/2013/01/18/e2013-certificate/

Certificates and CAS: Now this is the time when we need to focus on CAS certificate and ensure the CAS 2013 is reachable from internet. We have 2 options:

Use current certificate

For Export and import of the cert Please check here – http://msexchangeguru.com/2013/06/29/import-cert-e2013/

  1. Export the cert from Exchange 2010
  2. Import the cert to Exchange 2013
  3. Configure the external url. This is very simple in exchange 2013. You don’t need to go to every virtual directory property.
  4. Select the wrench mentioned below windows

 

                        

                          5. Then this wizard will open, select the exchange 2013 server and give the external url and save it.


                        6. CAS Authentication will be “Use form-based authentication” on both Exchange 2013 and Exchange 2010/2007.


                       
                              Now you will see every directory got the same External url.
                       8. Switch namespace to Exchange 2013 CAS or Exchange 2013 CAS pool load balancer. This can be simply done by changing SNAT internal IP from Exchange 2010/2007 to Exchange 2013. Also Point the internal mail and autodiscover IP to Exchange 2013 CAS server/load balancer.

                       9. Time to test OWA connectivity from internet. At this time I am able to access owa for the users in both Exchange 2013 and 2010. I am also able to send and receive then emails.

 

Database availability Group

We would like to configure a DAG for high availability with multiple databases. So we have 2 options.

1. DAG with IP. Check the below link to create a DAG with IP

http://msexchangeguru.com/2013/01/17/e2013-dag/

 

2. DAG without IP – This needs Exchange 2013 SP1 on Windows 2012 R2

Check the below link to create IP less DAG

http://msexchangeguru.com/2014/03/21/e2013sp1-ip-less-dag/

 

Move Arbitration and Discovery Search mailboxes

Follow the below steps to move all arbitration and discovery search mailboxes to final 2013 database.

Open EMS with run as administrator and run the following cmds

Get‐Mailbox –Arbitration | New‐MoveRequest –TargetDatabase TargetDBName

Get-Mailbox “*Discovery*” | New‐MoveRequest  –TargetDatabase TargetDBName

 

Unified Messaging: Upgrade Exchange 2010 UM to Exchange 2013 UM

This is the optional step only for unified messaging configured organizations.

Please follow the below link to upgrade exchange 2010 UM to Exchange 2013 UM

http://technet.microsoft.com/en-us/library/dn169226(v=exchg.150).aspx

 

Configure Enabled Outlook Anywhere

For Exchange 2007
Set-OutlookAnywhere -Identity “2010 CasServerNameRpc (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName webmail.law.ua.edu -IISAuthenticationMethods {NTLM,Basic}

For Exchange 2010
Set-OutlookAnywhere -Identity “2010 CasServerNameRpc (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName webmail.domainname -IISAuthenticationMethods NTLM, Basic

 

Configure OAB

Run the below command to configure OAB for all databases

Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Default Offline Address List (Ex2013)”

Default Offline Address List (Ex2013) can be replaced by your custom named OAB.

Enabling and Configuring Outlook Anywhere

For Exchange 2007
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 8*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable-OutlookAnywhere -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Exchange2013HostName -IISAuthenticationMethods NTLM, Basic

For Exchange 2010
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable-OutlookAnywhere -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Exchange2013HostName -IISAuthenticationMethods NTLM, Basic

 

SCP – Service Connection Point Configuration:

Run the below command to configure SCP on Exchange Management Shell of 2007/2010/2013 separately:

get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.domainname/autodiscover/autodiscover.xml

SCP might be already configured on 2007/2010 server so you can also check it and use the same -AutoDiscoverServiceInternalUri. Run the below cmd to get current SCP on 2013 Shell
get-ClientAccessServer | fl name,AutoDiscoverServiceInternalUri

 

RemoteDomain:

Run the below cmd in EMS to allow auto forwarding, oof, auto reply and disable the possibility of winmail.dat from domino server.

Set-remoteDomain -AutoReplyEnabled $True -AutoForwardEnabled $True -TNEFEnabled $False -AllowedOOFType External 

Pop/IMAP: 

If you have pop3/imap4 users then you might like to configure 2013 for some addition configuration.

1. Configure the Basic authentication on EAC for CAS 2013

2. Start the services and change them to automatic.

 

Email address policy:

You might need this step if you organization was initially created on Exchange 2003.

1. Create a new email address policy if there is only one “Default Policy”.

2. Change the attributes of existing email address policy by running the below cmd
Get-emailaddresspolicy | Set-EmailAddressPolicy -RecipientFilter “Alias -ne $null” -IncludedRecipients AllRecipients

3. If you see the below error for the default policy then Remove “Default Policy” which was created in 2003 and will be in ready only mode in Exchange 2013.

emailaddresspolicy error

 

Clean up health mailboxes:

When you remove default mailbox database, it does not remove health mailboxes which we can check by running the cmd and below warning will come. Health mailboxes are for the health service and they are specific for every database so we don’t need to move them rather we need to remove them.

                         Get-mailbox –monitoring

Mailboxes/HealthMailbox94863fe5394447619ec45c4e6b2dd971 has been corrupted, and it’s in an inconsistent state.

The following validation errors happened: WARNING: Database is mandatory on UserMailbox.

 

To fix this we need to delete user account in dsa.msc at yourdomain/Microsoft Exchange System Objects/Monitoring Mailboxes

 

Important: At the point configure your outlook for Exchange 2007/2010 mailbox and 2013 mailbox. If both are working from Internet then move to the next step.

 

CutOver

Now it is the time to do cut over means point the connections to Exchange 2013. It can be done in few simple steps.

1. Create or change DNS pointers to Exchange 2013.

autodiscover.domain.com will be pointing to the CAS 2010 or Load balancer of CAS 2010. So change the IP from  Exchange  2010 to 2013. In case of new installation or exchange 2007 environment we need to create new host record in DNS. This will be done on both internal and external

mail.domain.com Change the IP from Exchange 2010/2007 to Exchange 2013 CAS servers or Load balancer.

Legacy.domain.com this host record is only required in case of exchange 2007 co-existence. This will point to Exchange 2007 CAS servers or lad balancer.

2. Point your Spam Guard to forward all the emails to exchange 2013 to receive incoming mail via Exchange 2013.

3. Configure Spam Guard to accept emails from all Exchange 2013 Mailbox servers.

4. Configure all other application to send email to the Exchange 2013 Mailbox Servers

 

Exchange 2013 Mailbox Migration

So what are we waiting for… Let us begin the mailbox migration.

  1. Now you can run the following cmdlet to move bulk or single mailbox

Get-Mailbox –Database “Exchange 2010/2007/2007 Database” –OrganizationUnit “DN of the OU” | New-Move Request –TargetDatabase “Exchange 2013 Database”

    2. You can monitor the migration by running the following cmdlet or going to the migration tab in EAC:

       Get-MoveRequest


    3. Once completed it will show the below window


For Cross forest mailbox migration check this link: http://msexchangeguru.com/2013/11/02/e2013crossforestmigration/

Public Folder Migration

  1. Once we complete all mailbox migration then we can start the Public Folders migration.

    For Public Folder migration use the below Link:

    http://msexchangeguru.com/2013/04/18/exchange2013-public-folders/

  2. Test everything working and shutdown Exchange 2010/2007 server for 1 production week and observe if no issue reported then go ahead with the Exchange 2010/2007 removal process.

 

Known Issues:

Active Sync Config without Domain Name: http://msexchangeguru.com/2013/08/06/e2013mobiledomain/

OWA redirection broken page and SSL: http://www.expta.com/2013/05/owa-2013-cu1-redirection-is-broken-for.html

If you have pop/imap user go for CU2: http://msexchangeguru.com/2013/08/04/e2013popimapauth/

Mailflow misconfiguration: http://msexchangeguru.com/2013/08/03/e2013-2010mailflowissue/

Certifacate and cryptographic provider Issue: http://msitpros.com/?p=1770

 

Legacy Removal

  1. Now we are in a position to remove exchange 2010. We can follow the below link for the exchange 2010/2007 removal.

    http://msexchangeguru.com/2013/09/01/e20102007decomposte2013mig/

Hit us with questions

Prabhat Nigam | MVP Exchange

Team @MSExchangeGuru

Keywords: Exchange 2010 to exchange 2013 migration, how to migrate to Exchange 2013

556 Responses to “Exchange 2010/2007 to 2013 Migration and Co-existence Guide”

  1. Milind Naphade Says:

    Good Consolidation of tasks. Neat!

  2. Joze Martinzez Says:

    Good one.
    1 thing that i wanted to add is, as you have highlighted, its not true that you need a mailbox in 2013 after you introduce the box.
    ECP is tied to the Administrator account, you can open ECP using account that was used to install 2013 by going to the URL “https://localhost/ecp/?ExchClientVer=15″ and it should get you there instead of defaulting to 2007/2010 ECP.

  3. Prabhat Nigam Says:

    @Milind – Thank you.
    @Joze – Thank you for the comment but this article is based on tested lab and I have added this step basically because I faced this issue and other can avoid facing this issue. I tested this on RTM. I would highly recommend you test in your lab.

  4. NeWay Technologies – Weekly Newsletter #42 – May 9, 2013 | NeWay Says:

    […] Exchange 2010/2007 to 2013 Migration and Co-existence Guide – […]

  5. Steve Tacey Says:

    Hello,

    Off topic question: If you have both exchange 2013 and 2010, is it possible to route the 2010 outbound mail through the 2013 hub transport so you don’t have both systems sending to the internet? If so, how would you configure that?

    The reason I ask is this is a larger site and may take a couple weeks to migrate everyone!

    Thanks for any input…

    Steve

  6. Prabhat Nigam Says:

    @Steve
    Just remove exchange 2010 server from 2013 send connector –> Source Servers. See the screen

  7. Joze Martinez Says:

    Steve, author misunderstood your question I m assuming or saying from what he sees in lab.

    Answer: create another send connector from 2010 and set the smarthost to 2013 ip instead of DNS routing, if you want inbound to take same route, change your Firewall NAT to 2013.

    Author: when you implement 2013 server in existing 2010, your existing transport settings will get copied (you can check the version number in EAC for each connector) but there won’t be any in 2013 unless you create.Also, there won’t be any 2010 servers as source if they are in different site unless you force them to be in there since when you try adding a different site Hub server, it will clearly give a warning message that the server is in different AD site.this is technet

  8. Prabhat Nigam Says:

    @Steve – My reply is correct and ignore Joze. Please follow and you will see the result. This is a tested solution with Exchange 2013 CU1.

    @Joze
    First of all Thank you reading my post and replies.
    You seriously need to improve on your skill. This is the second time you are posting incorrect stuff on my blog. I have approved this time to give you correct advice but next time I will take disciplinary action.

    I would request you to read the question properly then view the answer correctly, then test the solution before commenting on blog.

    First:
    The question was never came for 2 AD site, and if there are 2 AD sites then it is always better to send emails to internet from your own site. But Exchange to Exchange mail flow does not require send connector.
    Second:
    If you see, I have written about the screenshot. You could have scroll the articles and see the screen.
    Third:
    Technet can be incorrect so testing is better. Send me the the technet link at prabhat@msexchangeguru.com. I will ask Product Group to correct it.
    Forth:
    Start joining some trainings for you like this – http://www.meetup.com/NJ-Unified-Communication-User-Group/events/110105332/?a=md1_grp&rv=md1&_af_eid=110105332&_af=event

  9. Steve Tacey Says:

    Thank you Prabhat, that worked as stated…

  10. James Says:

    My organization is going to and office 365 hybrid solution in the near future so i set this up on our test domain for the future migration. I worked through the process and am having a problem sending from 2010 Exchange to 2013 Exchange. i have the send and receive connectors set up exactly like the examples above and still nothing. Mail will travel from 13 to 10 but not the other way. Any suggestions?

  11. Prabhat Nigam Says:

    @James – In which queue do you see the email? I have there is no firewall issue. Just see if you can telnet 2013server on port 25 from 2010 Server.

  12. Exchange 2013 – A step toward high availability & moving Public Folders to Sharepoint « MSExchangeGuru.com Says:

    […] Exchange 2013 mailbox migration – http://msexchangeguru.com/2013/05/10/exchange2013-migration/ […]

  13. Ryan Says:

    Hello,

    Thank you for the write up

    I am kind of stuck at the certificate section. How do I export the 2007 cert to 2013 for OWA?

    Use current certificate
    1.Export the cert from Exchange 2010
    2.Import the cert to Exchange 2013

  14. Prabhat Nigam Says:

    @Ryan
    This is very simple
    To export the certificate from Exchange 2007 follow the below steps
    1. Open EMC
    2. Go to Server Configuration
    3. Select the server which has working certificate
    4. In the right lower pane you will see the certificate.
    5. Right click the certificate and select export
    6. Browse a location, select pfx format and give password to the export file and click save.

    Now copy the certificate to Exchange 2013

    To Import a certificate in Exchange 2013 follow the below steps
    1. Open EAC
    2. Go to Server –> Certificates
    3. Select your Exchange 2013 server
    4. Click on … and select import Exchange certificate
    5. Give the location and password of the certificate. Then complete the steps.
    6. You would need to reset IIS to make a proper use of this certificate.
    7. One certificate is install you can assign the services except smtp(SMTP use self sign cert)

  15. Doug I Says:

    Really great article. I have 1 sticking point on my end.

    1. Can I run both the 2007 and 2013 Exchange Servers simultaneously? I have migrated 1 test user to the Exchange 2013 server from 2007. I can receive emails to this mailbox. However, when I send I get the following error:

    Your message did not reach some or all of the intended recipients.

    Subject: test email
    Sent: 6/17/2013 3:01 PM

    The following recipient(s) cannot be reached:

    xxxx xxxx on 6/19/2013 3:05 PM
    Diagnostic code = MaximumTimeExpired; Reason code = TransferFailed; Status code = 447

    I have configured the send connector and added the Exchange 2013 server. Any ideas?

  16. Prabhat Nigam Says:

    @Doug

    You don’t need the send connector internally.
    So I would recommend you to do a telnet from 2013 to 2007 on port 25 and try to deliver an email using telnet. Cmds are below:

    On 2013 open Command with Run as admin
    Type the below cmds. Backspace can’t be used.

    telnet 2007serverIP 25
    ehlo
    mail from: senderemailid
    rcpt to: reciepientemailid
    data
    type some data.
    .

  17. Doug I Says:

    Thanks Prabhat.

    I ran the telnet commands and I was able to send an email from my 2013 test user to my inbox that is on the 2007 server. The only thing was the body was blank even afer I added the data.

    Also I tried sending an email again from my Outlook 2010 client for the 2013 test user to my 2007 user and it still did not arrive in my Inbox.

  18. Prabhat Nigam Says:

    @Doug

    Would you be able to share your topology? I doubt any firewall like cisco has some filtering on.

    Also check if turning off Windows firewall helps here.

  19. Doug I Says:

    Prabhat, I sent a reply email with my topology/system information.

  20. Doug I Says:

    I have extracted the following message from the numerous send attempts that are failing: Remote Server at srv-exchange.afsb.local (x.x.x.x) returned ‘451 4.4.0 Primary target IP address responded with: “451 5.7.3 Cannot achieve Exchange Server authentication.” Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

  21. Prabhat Nigam Says:

    @Doug
    I would recommend you to check the receive connector configuration on 2007
    Kindly uncheck “Exchange Server authentication” and check “Windows Integrated authentication”.

  22. candt Says:

    I was able to access the ECP fine until I imported our ssl cert, I’m no longer able to access the ECP panel. I get “There is a problem with this website’s security certificate”.
    I did a test migration of a mailbox from the Exchange 2007 server to Exchange 2013 without any issues.
    The URL has also changed from “localserver/ecp” name to “localservername/owa”.
    Should I delete the other default self-signed certs that is there? Are these causing this problem?

    thanks

  23. Prabhat Nigam Says:

    @Candt

    Self signed certs are required for smtp and backend mailbox role server
    The newly imported cert: Is it a 3rd party cert?
    Check the Cert status and also if you have assigned service.

  24. candt Says:

    The imported cert is from a 3rd party – godaddy.
    The services (IIS, SMTP, POP, IMAP) have been assigned. So it looks like it may be related to smtp & backend self-signed certs.
    How do I reset those certs ? Do I have to remove and re-add any virtual directories ?
    Would these be the items that need to be reset ?
    1.Microsoft Exchange Server Auth Certificate
    2 WMSvc-

    Thanks for your quick response.

  25. Prabhat Nigam Says:

    No, it should not be related to SMTP or self signed cert.
    Don’t do any thing with default certs.
    Could you check on the webpage which cert is loading.
    We also need to do iisreset?

  26. candt Says:

    When i view the certs under “Trusted Root” it shows the certs from the local sever itself – one for and another for
    I’m thinking this should be using the godaddy certs instead.

    The webpage loads this “https://server_name/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fgsrtor-ex1%2fecp%2f”
    Then the following is displayed instead of the ECP login page:

    There is a problem with this website’s security certificate.

    The security certificate presented by this website was issued for a different website’s address.

    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

    We recommend that you close this webpage and do not continue to this website

  27. Doug I Says:

    Prabhat, your last response to my question was: would recommend you to check the receive connector configuration on 2007
    Kindly uncheck “Exchange Server authentication” and check “Windows Integrated authentication”.

    These settings were already checked and unchecked. Any other thoughts?

  28. candt Says:

    Just so that I don’t leave anything out…I do have a co-existence scenario – exchange 2007 & Exchange 2013 CU1

  29. candt Says:

    Update:
    So I did a “get-ecpvirtualdirectory | fl name, internalurl, externalurl” withoiut the quotes of course, and I used the internalURL in the browser but I modified the end of it with
    “/?ExchClientVer=14″ and I got back the EAC login screen after about 2mins. I did this before without success, now I’m back in. It’s weird.
    I googled and found a reference to the /?ExchClientVer=14 in a mixed environment.

  30. Prabhat Nigam Says:

    @Candt
    Please check this KB and let me know if this was any help – http://support.microsoft.com/kb/931850

    @Doug
    I would like to know how many receive connectors you have in your exchange 2007. I would not might logging in and reviewing your environment. Please also check if any issue with the permissions. This is what I have in my 2010 box.
    Permission Groups: Exchange users, Exchange Servers, Legacy Exchange Servers.
    Authentication: TLS, Basic, offer basic after tls, Exchange Server, Integrated windows.

  31. Doug I Says:

    Prabhat, I think you have my email address. I would not mind at all having you remote into my environment and checking some things. I am at a major sticking point and would appreciate your assistance. Let me know when you might have some free time. Thanks!

  32. Prabhat Nigam Says:

    @Ryan
    This blog is ready for you – http://msexchangeguru.com/2013/06/29/import-cert-e2013/

  33. Justin Says:

    After installation of 2013, will 2007 CAS/OWA still service clients until DNS is changed? or will installation break 2007 and all requests will be forced to go through 2013?

  34. Prabhat Nigam Says:

    Yes, 2007 owa still serve until you change the DNS.

  35. Manoj Says:

    Awesome article Prabhat. Keep up the great work.

  36. Steve Tillman Says:

    In a Ex2010/2013 coexistence scenario, and you configure TMG to route inbound and outbound SMTP traffic, how does the Ex2013 mailbox server route emails to mailboxes that are still on Ex2010 mailboxes?

  37. SteveTill Says:

    If you configure TMG to route inbound and outbound SMTP traffic, how does the Ex2013 mailbox server route emails to mailboxes that are still on Ex2010 mailboxes?

  38. Prabhat Nigam Says:

    @Steve
    2010 to 2013 mails will be routed without any extra configuration. This will look same as 2010.

  39. SteveTill Says:

    Thanks for the quick response Prabhat. I appreciate it. I have another question relating to configuring a TMG with a EX2013 CAS server. Is there a way to configure a 2013 CAS to server to route all outbound SMTP Traffic to a smart host?

  40. Prabhat Nigam Says:

    @Steve

    Yes, use the send connector.

  41. MG Says:

    Hi!
    Great article!
    Have mixed 2008 and 2012 servers running Exchange 2010 and 2013. CU1 is installed. Problem med ecp and owa when trying to logon.Understand the errortext and a few post in different forum that the certifikate is wrong. Some post suggesting to change from V3 to V2… can anyone point me to the right direction how to do this?

    Following is a short errortext:

    [Ecp] An internal server error occurred. The unhandled exception was: System.Security.Cryptography.CryptographicException: Invalid provider type specified.

    at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
    at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
    at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
    at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
    at Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication)
    at Microsoft.Exchange.HttpProxy.FbaModule.OnBeginRequestInternal(HttpApplication httpApplication)
    at Microsoft.Exchange.HttpProxy.ProxyModule.c__DisplayClassa.b__9()
    at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)

  42. Prabhat Nigam Says:

    @MG
    Check the following links. It seems there is some issue with x509 format of certificate
    http://social.technet.microsoft.com/Forums/exchange/en-US/a9efd351-032d-47d1-8b68-2ad00f11bcc8/unable-to-access-ecpowa
    http://rockyprogress.wordpress.com/2011/12/01/lync-server-2010-exchange-server-2010-um-integration-certificate-issue/

  43. bill Says:

    Anxious to see the final leg – sunsetting the old Exchange server. Any idea when it will be available? Thanks very much for this.

  44. Prabhat Nigam Says:

    @Bill
    Please don’t get Anxious, even if you run your 2013 with 2010, There is no issue.
    I will try to publish removing old Exchange 2010 ASAP. Please expect at least a week.

  45. Justin Says:

    I’m having some issue getting co-existence between 2007 and 2013 working correctly. I believe the problem may relate to the fact that the namespace for 2007 is mail.DNS-NAME.com. However the 2007 server hostname is mail as well. So when I change the A record for the 2007 box from mail.DNS-NAME.com to legacy.DNS-NAME.com, I loose the ability to mange the 2007 environment from EMC. I have changed all of the virtual directories on the 2007 box and restarted IIS but that does not appear to make any differences.

    Thoughts?

  46. Lawrence Says:

    I have set up Exchange 2007 and Exchange 2013 co-exist environment. User with Exchange 2013 mailbox was NOT able to receive mail from internal and external. From Queue Viewer in the Toolbox of the Exchange Management Console (in Exchange 2007), I saw the error (There is currently no route to the mailbox database). I was able to telnet between the two servers.
    From reply #16, there is NO need for Send Connector for internal. Not sure what I am missing; your help will be greatly appreciated.

  47. Prabhat Nigam Says:

    @Justin – you can try localhost/EAC

    @Lawrence – you don’t need a send connector but check the receive connector if you need to allow Exchange IP for relay

  48. Frank Garufi Jr. Says:

    Hi Prabhat…

    I want to thank you for this migration guide! It came in VERY handy! :)

    At the end of the article, you say the “link is coming” for decommissioning Exchange 2010 after successfully migrating everything to Exchange 2013. Has that article been written? Can you provide the link to it?

  49. Prabhat Nigam Says:

    @Frank
    sorry about it. I am still working on it.
    I will update this blog as soon as I am done. Please revisit this page after a week or so.

  50. SteveTill Says:

    Q: If I have Exchange 2010 in my environment, will introducing an Exchange 2013 mailbox and an Exchange 2013 CAS server interrupts connectivity to 2010 mailboxes or interrupt mail flow? I’m trying to create a plan for migrating to Exchange 2013 and I’m trying to limit the amount of downtime for my users.

  51. SteveTill Says:

    Q: Is the Client Front-End Receive connector on the Exchange 2013 CAS Server used to connect Outlook clients?

  52. SteveTill Says:

    Q: In a 2010/2013 Coexistence situation, how do 2013 Mailbox servers and 2010 CAS/Hub Transport send mail internal to each other? Do we need to create a send connectors on both that point to each other?

  53. SteveTill Says:

    Q: In a 2010/2013 Coexistence situation, how do 2010 mailboxes send mail externally without an Edge? Would I need to create a send connector on my 2010 maibox server that points to a 2013 MB server which then sends it to the Outbound proxy receive connector on the 2013 CAS server?

  54. SteveTill Says:

    Q: Do you see any benefit in sending external SMTP traffic from an Exchange 2013 CAS array to a Forefront TMG server and then out to the Internet?

  55. Prabhat Nigam Says:

    @Steve
    1. No downtown to current 2010 if you introduce 2013.
    2. Yes Client Front-End Receive connector.
    3. No send connector required to send emails between 2010 and 2013. This works same as 2010
    4. No need to do any config on 2010 Hub transport. Just create a send connector on 2013 to send emails out.
    5. No benefit. Reducing the hop will be faster but make sure you have SPF record for the public sending IP

  56. SteveTill Says:

    Prabat,

    Thank you for quick reply to my questions. What is a SPF record?

  57. SteveTill Says:

    Q: One I change the Autodiscover from my Exchange 2010 CAS to my Exchange 2013 CAS, what is the process that happens to Outlook clients during this time? Are they disconnected temporarily until their DNS refreshes on their local machines?

  58. SteveTill Says:

    Sorry to spell your name wrong Prabhat. My apologies.

  59. SteveTill Says:

    Q: Do you have any walk-throughs on migrating Unified Messaging from Exch 2010 to Exch 2013?

  60. Prabhat Nigam Says:

    @Steve
    1.
    SPF is the sender ID spam filter record which most of the orgs check.
    Check more about SPF here- http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

    2.
    Yes, we might see some disconnect on the client side but if your users are in the cache mode then you might not see. It is recommended to migration them in the night or Lunch time.

    3.
    I am sorry about UM. UM is a separate domain all together.

  61. SteveTill Says:

    Q: Using the Exchange 2013 calculator, its saying I require 24GB of RAM for my mailbox servers no matter what I input for the values. Have you run into this? If so, is there a better way to size the requirements?

  62. sajid Says:

    hey,
    can we use exchange 2010 certificate on exchange 2013 or we need new certificate on 2013 and then we have to import it on 2010 like we are doing it for legacy name space?
    Regards
    sajid

  63. Prabhat Nigam Says:

    @Steve
    Exchange 2013 calculator shows correct. I would recommend to follow it.
    You need to fill the correct value and it will should what do you require to run your Exchange with full load.
    If you still thinks it is incorrect then write a comment below Ross’s blog.

  64. Prabhat Nigam Says:

    @Sajid
    We can use same certificate unless you add new namespace. See the certificate section in this article

  65. sajid Says:

    hey,
    do we need to change virtual directories on 2010 internal or external ?
    Regards
    sajid

  66. Prabhat Nigam Says:

    You might like to test without changing anything

  67. ajeb Says:

    Hey,
    do we need to move OAB to exchange 2013?
    do we need any command so that address list get updated in 2013 or it will work fine without any command ?
    what bout the Transport rules do we need to update it ?
    thanks in advance..
    Regards

  68. ajeb Says:

    hey,
    1 if exchange 2013 mailbox server will send e-mail externally and internally , then in our reverse proxy TMG etc we will mention mailbox server ip address for outside right ?
    2 while receiving mail what we will do same we will create d-NAT rule to mailbox ?
    3 and if we want to proxy via Cas then we will put CAS server ip not the mailbox in TMG etc right ?
    4 while receiving mail what we will do same we will create d-NAT rule to CAS or Mailbox server ?
    Regards

  69. Prabhat Nigam Says:

    Yes, we need to move OAB to 2013 you would need to ensure OAB configured to 2013 OAB in Database Properties. Also might need to add 2013 server in the OAB distribution list.
    Transport rules are saved in the Active Directory so you don’t need to update it.

  70. Prabhat Nigam Says:

    @Ajeb -Here are your answers
    1. You can route through both CAS and MBX.
    2. mailbox or CAS
    3. Yes.
    4. whichever you wish to route the emails. I would prefer CAS as this will give me extra layer of protection.

  71. ajeb Says:

    if outlook anywhere is the only method to connect to exchange 2013 server do we need to enable it internally and externally ?

  72. prabhat Nigam Says:

    Yes, both.

  73. ajeb Says:

    internally its enable by default ?

  74. John Says:

    This is an excellent guide. I am curious about two things. We are a small shop of less than 15 people. We are moving from Exchange 2010 to Exchange 2013 Standard. We only have one server to do to the upgrade and I know and understand that and in place upgrade is IMPOSSIBLE. However, what I want to know is:

    1.) If I borrowed a sever and run the upgrade on it what is the minimum hardware I would need to do this?
    Keep in mind I don’t want to leave the upgrade on this server.
    2.) If I can do number 1 then how do I get the upgrade back to my orginial server that meets and exceeds the hardware minimums.

    Thanks!!

  75. brian Says:

    Prabhat,
    I’ve introduced exchange 2013 into Exchange 2010 environment
    I’ve moved 1 mailbox successfully from 2010 to 2013 database.
    When I try to connect to that one mailbox using Outlook 2010 I get error message “Cannot open your default e-mail folders. You must connect to Microsoft Exchange with the current profile before you can synchronize your folders with your Outlook data file (.ost).
    Any ideas?
    Thanks!
    brian

  76. Matthew O Says:

    Thanks for this great article, I am about to do Exchange migration from SBS2008 (Exchange 2007) to Server 2012 with Exchange 2013 CU2. I have patched Exchange 2007 to SP3 and then applied RU10, but when I do the readiness check on the new Exchange 2013 install it reports the following warning:
    Warning:
    Setup will prepare the organization for Exchange 2013 by using ‘Setup /PrepareAD’. No Exchange 2010 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2010 servers.
    For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE14ServerWarning.aspx

    Now I do not want to proceed with install unless I am certain this message is benign, however reading the linked article mentions that setup didnt find any 2007/2010 Exchange servers in the organisation, and after the schema is updated you wont be able to run in migration mode… (whcih I obviously need to be able to do to move mailboxes off the old server).

    Am I supposed to click past this warning and install the new Exchange server, or is this a symptom of a more serious problem (I am suspecting the SP3 or RU10 patches didnt apply properly or the old server needs a reboot?).

    This is a clients production environment and would be very difficult to test in a lab envrionment (physical server, out of town – remote access only).

    Any help would be appreciated!

  77. Prabhat Nigam Says:

    @Mathew
    Ignore the warning and continue. It is just saying you will not be able to any more exchange 2007/2010.

  78. Prabhat Nigam Says:

    @Brian
    Remove the cache mode and try!

  79. Prabhat Nigam Says:

    @John
    For Hardware requirement check this link – http://technet.microsoft.com/en-us/library/aa996719(v=exchg.150).aspx
    x64 bit processor, 8GB Memory, 60GB HDD.

    Once you move your mailboxes to temporary Server, Decomission 2010, then install 2013 on this server and move mailboxes.
    Once mailboxes are moved decommission 2013 Temporary server.

  80. Matthew O Says:

    Thanks Prabhat, I have finished the install, mail flow is still working on the old server, and I can see both listed in the EAC, so it seems I am good to go. Time to work through the rest of this guide… Thanks again.

  81. Frank Garufi Jr. Says:

    Hi Prabhat…

    Is removing Exchange 2010 anything more than just uninstalling Exchange 2010 from the server? Is there anything else I need to be aware of or worry about?

  82. Prabhat Nigam Says:

    @Frank
    I would say! don’t be in rush. I am working on Publishing Exchange 2010 removal blog. It will be published sooner.
    You may also like to check other blogs.

  83. Frank Garufi Jr. Says:

    LOL!! Thanks Prabhat :) Looking forward to it :)

  84. Paul Says:

    Hi,

    I am running Exchange 2010/2013 coexist with CU2 on the 2013 Servers. I have NAT rules to the Exchange 2013 CAS Server for webmail, and outlook anywhere. However, how would you recommend setting up the NAT rules to the new Exchange 2013 CAS server for testing without having to create new domain names. For instance, if a Exchange 2010 mailbox user goes to webmail.company.com he gets the OWA 2010 screen, if a 2013 user tries to sign in he gets the 2013 OWA screen.

    I know I can create two host A records in DNS to have both the 2010 box and the 2013 box point to webmail but I am not sure what the best practice is.

  85. Prabhat Nigam Says:

    @Paul
    Just point your internal IP of the 1=1 nat to 2013 CAS. It should redirect to 2010 if they are in the same exchange org.
    All users will see 2013 owa login screen but it will redirect once they login.

  86. SteveTill Says:

    Hi,

    I installed Ex13CU2 and found out it was a standard edition. Do I need to install Ex13 Enterprise edition 1st and then upgrade to CU2 to make it Enterprise?

  87. SteveTill Says:

    I meant to say, do I install Ex13 Enterprise Edition RTM and then upgrade to CU2 for it be Enterprise? Or is there a Enterprise Edition of the CU2?

  88. Prabhat Nigam Says:

    @Steve

    It depends on the Product key now. There is no difference in the software. Try to provide Enterprise key.
    Read the 2nd para in the below link
    http://technet.microsoft.com/en-us/library/bb232170(v=exchg.150).aspx

  89. SteveTill Says:

    Thanks again for your help Prabhat.

  90. Ho Lee Says:

    I finally found out why my Exchange 2013 mailboxes cannot exchange email with Exchange 2007/2010 mailboxes in the same AD site and in the same Exchange Organization.

    Once I remove or disable the “Anonymous Relay” custom receive connector (the receive connector that can relay SMTP from trusted IP sources) from both Exchange 2013 and 2007/2010, the mailboxes on both side can communicate. It appears that the Anonymous Relay connector using TCP 25 confuses the internal mail exchanges between 2007/2010 and 2013 mailboxes.

    Once I enable the “Anonymous Relay” again, internal mail stops flowing again.

  91. sajid Says:

    1 can we enable circular logging on exchange while moving mailboxes from 2007/2010 exchange server to 2013 ?
    2 will it help to reduce logging during migration on 2013 ?
    3 is migration generate too much logs on target server ?

  92. Prabhat Nigam Says:

    @Ho

    You don’t need Anonymous relay when you exchange in the same org. Something else might be incorrect.

    @Sajid
    1. Yes, we can enable circular logging during move
    2. Yes, it will
    3. It will generation logs which is depending on the amount of data.

  93. Doug I Says:

    A little stumped here. I have Exchange 2013 installed and it is co-existing with my Exchange 2007 server. I have everything completed except for configuring owa for the Exchange 2013 server. I have migrated several mailboxes successfully and configured the send and receive connectors to successfully send and receive mail on the 2013 server.

    1. How would I configure the owa virtual directory for the external url on the Exchange 2013 server? I have made it the same as the 2007 server because of our MX record but when I try to login using the owa to the mailbox on the 2013 server it comes back to a screen where I cannot login then. Do I need to do some sort of redirect?

    Any ideas?

  94. Prabhat Nigam Says:

    @Doug
    Check the steps after Cert import. It is mentioned to configure the External URL

  95. Jochen Says:

    As a lot of others, I
    – followed your guide with a lot of pleasure !
    – do have problems

    I have an fully updated 2007 (all roles in one) and a fresh CU2 2013 (CA and MB on one server) running.

    After initial install :
    – login ECP & OWA : OK
    – creation extra mailboxdatabase on 2013 : OK
    – export and import cert 2007 -> 2013) : OK
    – create test-user on 2007 and move mailbox to newly created mailbox on 2013 : OK

    – send mail from 2007 to 2013 : NOT ok
    – send mail from 2013 to 2007 : NOT ok (stays in drafts)

    – telnet from 2013 to 2007 and send test mail : OK
    – telnet from 2007 to 2013 : NOT ok (don’t get an answer)

    What have I not done ?
    – change DNS : I’m afraid of losing mail (I thnk : I first want to see mail from and to the 2013 before I switch DNS)
    From what I found : not changing DNS could result in mail stuck in Drafts on 2013

    THX in advance !

  96. Doug I Says:

    I can connect to the exchange 2013 server using the web access. However when I try to connect using my Outlook 2010 client it replies back with an error: Outlook cannot logon. Verify you are connected to the network and are using the proper server and mailbox name. the connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.

  97. Prabhat Nigam Says:

    @Doug

    check if outlook is in online mode. Seems outlook configuration issue. Remove outlook from cache mode for the configuration. you can move it back to cache mode later.

    @Jochen

    Could you turn off the firewall and test again

  98. Doug I Says:

    Outlook is not cached and is online. It started happening with new mailbox moves to the Exchange 2013 server. I have been reading some article that it might be an autodiscover certificate issue but I have other mailboxes connecting fine through Outlook.

  99. Prabhat Nigam Says:

    @Doug
    If this is just one user then I would suggest you to compare some common properties like Country between working and non working user.

  100. Prabhat Nigam Says:

    @Doug
    Let me know if below articles can be any help.
    http://support.microsoft.com/kb/2735060
    http://support.microsoft.com/kb/2264398

  101. Doug I Says:

    Checked both articles and unfortunately not helping. It is an issue adding any new migrated Exchange 2013 accounts to use Outlook. Getting the same error.

  102. Prabhat Nigam Says:

    What is the authentication configured in outlook.
    Did you trying stopping encryption on both the server and client?

  103. Jochen Says:

    Firewall is off :-(

    Telnet does connect, but no answer from smtp

  104. Prabhat Nigam Says:

    - send mail from 2007 to 2013 : NOT ok
    Telnet to mailbox role server if you are not doing.

    – send mail from 2013 to 2007 : NOT ok (stays in drafts)
    Check if Transport or mail submission service is stopped

    – telnet from 2013 to 2007 and send test mail : OK
    – telnet from 2007 to 2013 : NOT ok (don’t get an answer)
    Seems transport service not running.

  105. Jochen Says:

    For a start : the fact the 2013 is running on it’s hostname (server.domein.local) and not recognised by the wildcard-SSL-cert has nothing to do with it ?

    All MS.EXCH-services are running on 2013 and on 2007

    Telnet from 2007 to 2013 does not work
    Telnet from 2013 to 2013 does work, he answers with his internalURL
    Telnet from 2013 to 2007 does work, 2007 answers correctly

    I created a second user on the 2013.
    User1 & User2 can login to OWA
    Mail from User1 to User2 : Mails stays in Drafts :-(

  106. Prabhat Nigam Says:

    Did you remove and default receive connector?
    Are all receive connector enable?

  107. Jochen Says:

    I did not remove any receive connector, I even did not touched them.
    The only thing I tried was changing the DNS-settings (because of the mails getting stuck in Drafts)

    They are all enabled.

    Any specific authentication-mode that has to be enabled ?

  108. Prabhat Nigam Says:

    By default it should be working. Could you share a remote session. Send me an email.

  109. Jochen Says:

    Mail sent to guru@

  110. SteveTill Says:

    In preparation for Exchange 2013, do we need to change any settings for Outlook 2010? How does the client know to use RPC over HTTPS instead of RPC?

  111. Prabhat Nigam Says:

    @Steve:
    Autodiscover should take care of it

  112. Ratish Nair Says:

    @Steve – Exchange 2013 Autodiscover will return 2 new ExHTTP nodes which will let Outlook know that its an Exchange 2013 mailbox and instructing ONLY to connect using HTTP(internal)/HTTPS(external).
    Again, this is possible if Outlook got Nov 2012 updates and later.

    Take a look at Greg Taylor’s TechED presentation from 15th minute to know EXACT details…
    http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/OUC-B313#fbid=KGhuKQslbjD

    Hope that helps…

    Thank you,
    Ratish Nair
    Microsoft MVP | Exchange Server

  113. SteveTill Says:

    Thank you Prabhat and Ratish!

  114. SteveTill Says:

    I know the autodiscover service tells the client where to connect to. Does it also instruct the client which protocol to use such as RPC or RPC over HTTPS? If so, where in the process does it tell the client how to connect to the mailbox? For example, if I move my mailbox from 2010 to 2013, how would autodiscover tell the client how to connect to the mailbox if the client is always internal?

  115. Ratish Nair Says:

    @Steve – and thats exactly what we discussed in my last comment…
    The new Autodiscover.xml file returned by an Exchange 2013 CAS server will have information for Outlook that’s its an “Exchange 2013″ mailbox its trying to connect to and “only” use HTTP/HTTPS to connect…

    This is possible by the 2 new ExHTTP nodes returned…

    And if you move your mailbox and post move when Outlook connects to Exchange 2013 – this new AutoDis.xml will return and the process is no different…

    hope that helps…

  116. SteveTill Says:

    Is there a speed issue regarding Outlook client connectivity in Exchange 2013? I know in Exchange 2013 RPC/MAPI is no longer used to connect to the CAS server. Do you notice slowness when a mailbox has been migrated to 2013 and an Outlook client is connected via RPC over HTTPS?

  117. SteveTill Says:

    Ratish,

    Thanks for clarifying Autodiscover on Ex13. I appreciate it.

  118. Prabhat Nigam Says:

    I don’t see any speed issue. Make sure your DNS is resolving correct servers.

  119. SteveTill Says:

    Question:

    Do you know how I can resolve a login issue with ECP? I have a Exchange 2010 SP3 environment, installed the EX13MB role first and then installed a EX13CAS server. If I try to login to ECP on the cas server with an account that has a mailbox on EX13, it gives me the following error:

    Server Error in ‘/ecp’ Application.
    ——————————————————————————–

    Invalid provider type specified.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.Security.Cryptography.CryptographicException: Invalid provider type specified.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [CryptographicException: Invalid provider type specified.
    ]
    System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) +5598202
    System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) +138
    System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() +221
    System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() +516
    Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication) +1222
    Microsoft.Exchange.HttpProxy.FbaModule.OnBeginRequestInternal(HttpApplication httpApplication) +254
    Microsoft.Exchange.HttpProxy.c__DisplayClass8.b__7() +1539
    Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate) +40
    Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate methodDelegate) +408
    System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165

  120. Prabhat Nigam Says:

    Please check if all exchange and IIS services are running by running the cmd mentioned below:
    test-servicehealth

  121. SteveTill Says:

    They all say true for required services running.

  122. Doug I Says:

    Prabhat, thanks for all of your assistance to this point. I only have one issue left. It is with owa.

    I have configured Exchange 2013 internal and external owa url’s. The internal url works and I get the Outlook Web Access login for 2013. However when I try to go to the external url offsite it gives me the 2007 login page.
    I have removed all links to owa from Exchange 2007.

    Any ideas?

  123. Prabhat Says:

    Did you change your public host record to point to 2013 or change your pointer on nlb

  124. Doug I Says:

    I changed my internal dns to reflect the change.

  125. Prabhat Nigam Says:

    If you have not changed the external DNS yet then you can test by adding External IP and URL in the host file.

  126. Doug I Says:

    Prabhat,
    I would assume on my local machine I am using.

  127. Prabhat Nigam Says:

    sure.

  128. Doug I Says:

    What is odd is that I just used the same external url as the 2007 server. I just removed it from the 2007 server and added to the external url box on the 2013 server.

    Is there a way to email you offline?

  129. Prabhat Says:

    Mail me at prabhat@msexchangeguru.com

  130. SteveTill Says:

    On my EX13 cas server, I keep getting these errors:

    [Owa] An internal server error occurred. The unhandled exception was: System.Security.Cryptography.CryptographicException: Invalid provider type specified.

    at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
    at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
    at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
    at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
    at Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication)
    at Microsoft.Exchange.HttpProxy.FbaModule.OnBeginRequestInternal(HttpApplication httpApplication)
    at Microsoft.Exchange.HttpProxy.ProxyModule.c__DisplayClass8.b__7()
    at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)

    I can’t log into ECP or OWA.

  131. John Says:

    Are we able to run everything on a single server in Exchange 2013 like we were able to in 2010?

  132. Ratish Nair Says:

    Yes, sure thing !

  133. SteveTill Says:

    Question:

    When I log into ECP with a user prescribed in your directions, the ecp page is blank. How can I resolve this?

  134. Prabhat Nigam Says:

    @Steve
    Did you add this user to organization mgmt and domain admins Groups.

  135. SteveTill Says:

    Prabhat,

    I added the account to Domain Admins, Enterprise Admins, Org Mgmt and Schema Admins.

  136. Prabhat Nigam Says:

    Then AD replication might be delaying. Please replica DCs from site and services and test again.

  137. SteveTill Says:

    Forced replication and I get the same blank screen after logging into ECP.

  138. SteveTill Says:

    After uninstalling the only Exchange 2013 CAS server in the environment and reinstalling, I can’t access the EMS on the CAS server and can’t access ECP still. From the Exchange 2013 MB server I enabled the default cert it created for IIS on the CAS Server, restarted, but still got the errors below:

    EMS Error:

    New-PSSession : [CASSERVER] Processing data from remote server CASSERVER failed with the
    following error message: The WinRM Shell client cannot process the request. The shell handle passed to the WSMan Shell
    function is not valid. The shell handle is valid only when WSManCreateShell function completes successfully. Change
    the request including a valid shell handle and try again. For more information, see the about_Remote_Troubleshooting
    Help topic.
    At line:1 char:1
    + New-PSSession -ConnectionURI “$connectionUri” -ConfigurationName Microsoft.Excha …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
    gTransportException
    + FullyQualifiedErrorId : -2144108212,PSSessionOpenFailed

    ECP Error:

    Server Error in ‘/ecp’ Application.
    ——————————————————————————–

    Invalid provider type specified.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.Security.Cryptography.CryptographicException: Invalid provider type specified.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [CryptographicException: Invalid provider type specified.
    ]
    System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) +5598202
    System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) +138
    System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() +221
    System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() +516
    Microsoft.Exchange.HttpProxy.FbaModule.ParseCadataCookies(HttpApplication httpApplication) +1222
    Microsoft.Exchange.HttpProxy.FbaModule.OnBeginRequestInternal(HttpApplication httpApplication) +254
    Microsoft.Exchange.HttpProxy.c__DisplayClass8.b__7() +1539
    Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate) +40
    Microsoft.Exchange.HttpProxy.Diagnostics.SendWatsonReportOnUnhandledException(MethodDelegate methodDelegate) +408
    System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165

  139. SteveTill Says:

    Fixed my issue…. Credit to http://msitpros.com/?p=1770

    I installed a Win 2003 Based cert on both the CAS and Mailbox server. Ensured the Microsoft RSA SChannel Cryptographic Provider was selected for encryption and then enabled the cert for IIS for the CAS Server and all Exchange services for the mailbox server and it worked. I spent a lot of time on trying to resolve this issue. This is a major flaw in the release of this build.

  140. mg Says:

    Hi Steve!
    Have the same problem with the certifacate and cryptographic provider. Tried to follow the guide but I´m a Little bit lost. How do you create the certifate (assume in CA). Can you narrow it down please?

    Best and thanks in advance

  141. SteveTill Says:

    The first thing you have to do is create the Windows 2003 certificate template in you CA. After that, you will need to create a request based on that template.

  142. SteveTill Says:

    @mg, let me know if you are still having issues.

  143. Lawrence Says:

    Hi,

    I completed the Exchange 2013 migration from Exchange 2003 (using Exchange 2007 as intermediate step). I was able to remove CAS and HT roles but failed to remove the Mailbox role using the Add/Remove Program feature in Windows Server 2008 SP2. And the message from the Readiness Check was something like ‘Exchange Server ABC was not found. Please make sure you have typed it correctly.’
    I would like to know how I can check whether this Exchange 2007 has been removed from the Exchange 2007/2013 coexist environment.

  144. Lawrence Says:

    Hi,
    I completed the Exchange 2013 migration from Exchange 2003 (using Exchange 2007 as intermediate step). I was able to remove CAS and HT roles but failed to remove the Mailbox role using the Add/Remove Program feature in Windows Server 2008 SP2. And the message from the Readiness Check was something like ‘Exchange Server ABC was not found. Please make sure you have typed it correctly.’
    I would like to know how I can check whether this Exchange 2007 has been removed from the Exchange 2007/2013 coexist environment.

  145. Jochen Says:

    My solution :
    1. I removed Exchange 2013.
    2. Searched in ADSIEdit (on the Exch2013) for rogue server/databases AND mailboxes (deleted all system-mailboxes)
    3. Re-installed Exch2013 (with prepareAD,…)

    Now everything works !!!!

    Still ToDo :
    DNS-changes (Exch2007 -> legacy.domain // Exch2013 -> mail.domain)
    Figure out how archiving works
    Move mailboxes

  146. Prabhat Nigam Says:

    @Lawrence
    Try the cmd on 2013 server
    get-mailboxserver

  147. Lawrence Says:

    @Prabhat
    From the Get-MailboxServer cmd result, I only saw the Exchange 2013 listed. (FYI. The Exchange 2007 server is already shut down when I ran the cmd) By seeing Exchange 2013 only, does it indicate the Exchange 2007 has been removed? On the Windows Server 2008 machine, I still see Exchange 2007 in the Add/Remove Program and Feature. Is there a way to clean it up? Also, would you comment on this procedure such that others can avoid the same issue? Would I have the same issue if I removed Mailbox Role first, then CAS and then HT?
    Thanks

  148. Prabhat Nigam Says:

    @Jochen
    Great to here that you have resolved the issue. I was suspecting something blocking the port. Below link might have helped if you could have done telnet on port 25 successfully.

    http://msexchangeguru.com/2013/08/03/e2013-2010mailflowissue/

    @Steve
    Great to here you got a fix. By the way I had pointed earlier that this is cert issue.

  149. mg Says:

    @stevetill:
    Hi! Thanks for your support. Done a windows 2003 server duplicate certificate of webserver certificate. Also done a certificate request in IIS and ends up with a textfile. Steps here from??? TIA

  150. laimis Says:

    Hi, I recently installed EX2013 CU2 in EX2007 environment. All installation tasks went well, I’m able to connect to EAC with domain admin credentials and do things. I can see all Ex2007 mailboxes in EAC and one native EX2013 test user mailbox in Ex2007. but I cannot connect to EX2013 owa neither with test user (natively created on ex2013) nor with one migrated user nor with any EX2007 user. When trying to connect it says: “:-( something went wrong. A mailbox couldn’t be found for NT AUTHORITY\SYSTEM. If the problem continues, contact your helpdesk.”
    I cant connect to test mailbox using outlook either. In outlook setup it finds and underlines server and user correctly but when opening outlook it says something like: “cannot open default mail folders…” and closes. I stuck with it for two weeks now, reading on internet and trying various things with no luck. any help would be very appreciated. used outlook 2007 and 2013.
    Also in EAC under Servers/Databases I cannot see EX2007 database if that helps

  151. Prabhat Nigam Says:

    @laimis
    1. Add your Exchange 2013 Admin id – Org mgmt and domain admins
    2. Make sure you have SCP configured. I have updated it little later.
    3. You might like to enable outlook anywhere as stated in the guide.
    4. Point you namespace pointed to the exchange 2013 CAS server.

    You can also check the Exchange 2013 Deployment assistant to verify if you have missed any thing.
    http://technet.microsoft.com/en-US/exdeploy2013

  152. SteveTill Says:

    Getting this error on our Exchange 2010 CAS server…

    (Process w3wp.exe, PID 2060) “RBAC authorization returns Access Denied for user my.org/IT/Exch13CASServer

    Not sure what I need to do to resolved this.

  153. SteveTill Says:

    Also can’t run EMS on that same Ex13CAS server. I get this error:

    New-PSSession -ConnectionURI “$connectionUri” -ConfigurationName Microsoft.Excha …
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRe
    gTransportException
    + FullyQualifiedErrorId : -2144108173,PSSessionOpenFailed

    ****
    Every time I attempt to open EMS, I get this in the event viewer:

    The WSMan IIS module failed to read configuration. The error received was -2144108477: %%-2144108477
    The configuration XML is not valid. The XML element: “Plugin” is expected but not found..

    User Action
    Make sure both the schema and validation files are present and valid.

  154. Prabhat Nigam Says:

    @Steve
    Do you see all the Exchange services running?
    If yes, try using run as administrator for EMS.

    You can also check the blog here if this helps: http://blogs.technet.com/b/exchange/archive/2010/02/04/3409289.aspx

  155. SteveTill Says:

    Tried it.. still not working. Will try again tomorrow.

  156. Frank Garufi Jr. Says:

    Hi Prabhat Nigam…

    I hope I’m not being a bother but I was just checking on the legacy Exchange 2010 removal process. I really need to get this old Exchange server out of the loop. Any help is greatly appreciated :)

  157. SteveTill Says:

    @Prabhat:
    All Exchange services are running. I’m an administrator and its still not working.

  158. ana Says:

    I recently installed exchnage sevrer 2013 CU2 on Exchange 2007 environment.
    everything is fine except outlook connection between new mailboxes on exchnage server 2013 and the moved mailbox from 2007 into 2013 database.
    I followed all the instructions indicated in the comments and details , but nothing help solving the problem till this moment.
    the messageas following:
    the name (ex2013 server name)cannot be resolved.the connection to microsoft exchnage server unavailable. outlook must be online or connected to complete this action
    any help apprtiated

  159. Prabhat Nigam Says:

    @Frank
    I am trying to publish this before the end of this week. Meanwhile you can check the below links
    http://technet.microsoft.com/en-us/library/ee332361(EXCHG.141).aspx
    http://technet.microsoft.com/en-us/library/bb123893(EXCHG.80).aspx

    @Steve
    Was it working any day? If yes then what did you change?

    @Ana
    Did you configure Autodiscover and DNS name to point to the exchange server?

  160. ana Says:

    yes configure new A record for ex2013
    and CNAME record that point to ex2013

  161. Prabhat Nigam Says:

    Ana
    Did you configure Autodiscover?

  162. ana Says:

    yes create autodiscover alias (cname) record that point to ex2013

  163. Prabhat Nigam Says:

    @Ana – Did you configure the SCP
    ————————————————————————————————-
    SCP – Service Connection Point Configuration:

    Run the below command to configure SCP on Exchange Management Shell of 2007/2010/2013 separately:

    get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.domainname/autodiscover/autodiscover.xml

    SCP might be already configured on 2007/2010 server so you can also check it and use the same –
    AutoDiscoverServiceInternalUri.

    Run the below cmd to get current SCP on 2013 Shell
    get-ClientAccessServer | fl name,AutoDiscoverServiceInternalUri
    —————————————————————————————————-

  164. ana Says:

    I tried to run the command of set scp
    but return this error

    get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.x.com/autodiscover/autodiscover.xml

    You can’t make this change because ‘CN=ex07,CN=Servers,CN=Exchange Administrative Group
    (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft
    Exchange,CN=Services,CN=Configuration,DC=x,DC=com’ is read-only to the current version of Exchange.
    + CategoryInfo : InvalidOperation: (:) [Set-ClientAccessServer], CannotModifyCrossVersionObjectException
    + FullyQualifiedErrorId : 4E7396E4,Microsoft.Exchange.Management.SystemConfigurationTasks.SetClientAccessServer
    + PSComputerName : ex13.x.com

  165. Prabhat Nigam Says:

    @Ana
    How many servers you have? it looks like you 2013 server got it updated. Test now should be working.

    If it is still not working then test here
    https://testconnectivity.microsoft.com/

  166. ana Says:

    as I said before, I had now two exchnage servers (ex2007, ex2013)
    I will test and send you affedback.
    thanks

  167. Prabhat Nigam Says:

    Ana
    I might have over looked.
    How was the test?

  168. ana Says:

    Suddenly I had new problem, EAC for ex2013 keep asking for user nad password.
    and once stop asking, redirect to owa for ex2007 page, and aslo not opened
    owa not work suddenly also.
    I think there is a problem with IIS or virtual directories

    I reaaly need your help

  169. ana Says:

    I’m stuck now with corrupted IIS virtual directories
    trying to remove the current and recreate IIS virtual directories (ecp and OWA)but nothing work now.

  170. Prabhat Nigam Says:

    Ana
    Do you see all Exchange services running?

  171. ana Says:

    yes on both server the legacy 2007 and the 2013 all exchnage servoces running

  172. Prabhat Nigam Says:

    What was the last change you did before getting this issue?

  173. ana Says:

    the legacy exchnage 2007 need restart. so just restart it.
    then the owa and ecp virtual directories in IIS that is running on exchnage server 2013 corrupted.

  174. Prabhat Nigam Says:

    No, there is no logic, 2007 restart will not corrupt anything before the box. There was something else. Did you check the event viewer.

  175. ana Says:

    yes and nothing related

  176. ana Says:

    could you please help me with the corruption occured for virtual directories on IIS on ex2013
    any suggestion may help

  177. Prabhat Nigam Says:

    Ana
    I have emailed you. Lets take it offline

  178. Berniece Winslow Says:

    Magnificent goods from you, man. I’ve understand your stuff previous to and you’re just too magnificent.
    I actually like what you have acquired here, certainly like what you are
    saying and the way in which you say it. You make it enjoyable and you still take care of to
    keep it wise. I can not wait to read far more from you.
    This is actually a wonderful site.

  179. SteveTill Says:

    Current situation: Enabling a cert from our internal CA.

    When I try to enable a certificate from CA for exchange on a 2013 CAS server, it says “A special RPC error occurs on server 2013MailboxServer2. We already have an existing 2013 mailbox server already running. I’m not sure why its checking to see if the same cert is on the 2013MailboxServer2. Additionally, I have existing 2013 cas server.

  180. SteveTill Says:

    The WSMan was module was in the Powershell site. Removed the WSMan and it Powershell worked.

  181. SteveTill Says:

    Replying back to question from 179…..

    This is kind of strange… when I opened EMS it said it opened directly from the 2013CAS2 server. However, when I ran get-exchangecertificate, the default server was my 2013 Mailbox server. I had to specify what server to get the certs from. Tested it on another 2013 CAS server and I got the same results. I assumed when you ran EMS locally the default query would be local. Seems like this is not the case.

  182. Prabhat Nigam Says:

    @steve
    You might like to install the cert on all servers.

  183. laimis Says:

    Hi again, I followed everything you suggested but still cant open owa on ex2013 server. your suggestions were:
    1. Add your Exchange 2013 Admin id – Org mgmt and domain admins (DONE)
    2. Make sure you have SCP configured. I have updated it little later.(Both EX2007 and EX2013 point to the same address: autodiscover.domain.com)
    3. You might like to enable outlook anywhere as stated in the guide.(ENABLED)
    4. Point you namespace pointed to the exchange 2013 CAS server.(MAIL.DOMAIN.COM points to EX2013)
    after reading your guide again, it seems that I cant do one thing: NEW-EDGESUBSCRIPTION as my edge and hub roles are on the same box, after I run new-edgesubscription it asks for the site name telling that it needed inside organization. I read alot how to solve this but only suggestions I found is that I need to remove server from domain which is not possible in my case. Any suggestions how to establish link between EX2007 and EX2013?

  184. laimis Says:

    Also when in EAC I tried to look at ORGANIZATION/APPS I got error: “The specified mailbox “MyDomain/Domain Controllers/EX2013Box” doesn’t exist. Could it be related for me not being able to access owa?

  185. Sundar Says:

    I’m creating a fresh Lab setup for testing.Created ADDS & Exchange 2010 sp3.Then installed Exchange 2013 .Installation goes fine and succeded .then i tried accessing Admin portal using the https://Exchange2013ServerName/ecp?ExchClientVer=15 similar URL it works fine.Sfter that i tried creating a new administartor mailbox then the whole setup gone.Now i cannot connect even through exchange powershell it’s redirecting to exchange 2010.I can see a error in powershell stating W3svc isn’t running.Unable to start that service.Also unable to start windows process activation service.Tried reinstalling Webservices(IIS) the whole roles and features But failed.Stucked off tried many possibilities to start these services but fails.
    Errors : Windows Process activation service(WAS) is stopping

  186. Prabhat Nigam Says:

    @laimis
    It is not possible to deploy EDGE and Hub on the same server.
    Edge server should be standalone

    In my lab I can see Org/Apps opening. I am not sure about your issue

    Do you have all the services running?

  187. Prabhat Nigam Says:

    @Sundar
    Fix the below issue and I hope you other issue will be fixed by this.
    Errors : Windows Process activation service(WAS) is stopping

  188. laimis Says:

    services that are set to AUTOMATIC and not runing are dotnet framework 64 and 86 plus exchange health manager. if I try to start them manually they start and stop. When I open SERVERS in EAC I can see EX2007 (Client access, mailbox, Hub transport), on EX2013 (client access and mailbox).

  189. Prabhat Says:

    Please start exchange health manager.
    Check the event viewer for the cause of service stopping
    Also check if any windows update due.

  190. laimis Says:

    Installed updates, restarted and all services started. still no OWA. when I try to login I get: “A mailbox couldn’t be found for NT AUTHORITY\SYSTEM. If the problem continues, contact your helpdesk.” same from windows 7 client and from server itself. I guess I’m loosing hope already. also ORGANIZATION/APPS gives the same error

  191. Prabhat Nigam Says:

    Do you have all the services started including Exchange health manager service?

  192. laimis Says:

    Yes, all services set to automatic started including two dot.net services

  193. Sundar Says:

    Windows process activation issue fixed.But i’m not able to open https://Exchange2013ServerName/ecp?ExchClientVer=15 admin console.Checked IIS no setting found seems all deleted.Now i would like to reinstall Exchange 2013.But not able to uninstall .please advise to proceed further

    Error:
    Uninstall can’t continue. Database Mailbox Database 1441845928 : This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, public folder mailboxes or arbitration mailboxes. To get a list of all mailboxes in this database, run the command Get-Mailbox -Database . To get a list of all mailbox plans in this database, run the command Get-MailboxPlan. To get a list of archive mailboxes in this database, run the command Get-Mailbox -Database -Archive. To get a list of all public folder mailboxes in this database, run the command Get-Mailbox -Database -PublicFolder. To get a list of all arbitration mailboxes in this database, run the command Get-Mailbox -Database -Arbitration. To disable a non-arbitration mailbox so that you can delete the mailbox database, run the command Disable-Mailbox . To disable an archive mailbox so you can delete the mailbox database, run the command Disable-Mailbox -Archive. To disable a public folder mailbox so that you can delete the mailbox database, run the command Disable-Mailbox -PublicFolder. Arbitration mailboxes should be moved to another server; to do this, run the command New-MoveRequest . If this is the last server in the organization, run the command Disable-Mailbox -Arbitration -DisableLastArbitrationMailboxAllowed to disable the arbitration mailbox. Mailbox plans should be moved to another server; to do this, run the command Set-MailboxPlan -Database . It was running the command ‘Remove-MailboxDatabase ‘CN=Mailbox Database 1441845928,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Lab,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Lab,DC=com’ -whatif’.
    For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.UnwillingToRemoveMailboxDatabase.aspx

  194. Prabhat Nigam Says:

    @laimis
    try to open https://IP/ecp or owa

    @Sundar
    Great to hear we fixed WPAS
    If you need to uninstall the server then you need to delete the current DB which has -arbitration mailbox and discovery search mailboxes. These are system mailbox.
    I would say try to reinstall Exchange 2013 CU2 and do not uninstall. It should be able to repair.

  195. Sundar Says:

    Is there any procedure or steps to delete the current DB which has -arbitration mailbox and discovery search mailboxes. Even from the powershell i’m not able to connect to Exchange 2013 it’s connecting to Exchange 2010.If you have elaborated steps or links which would help better to proceed further.

  196. Prabhat Nigam Says:

    @Sundar
    Run the setup.exe and continue to repair it.

  197. Sundar Says:

    I didn’t find any repair option if i load setup.exe.Then i tried removing databases through the below link but no luck

    http://msexchangeguru.com/2013/01/02/exchange-2013-error/

    Unable to remove 2013 Exchange databases through the below error.Any suggestion

    [PS] C:\Windows\system32>Disable-Mailbox “SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}” -Arbitration -DisableLast
    ArbitrationMailboxAllowed
    The operation couldn’t be performed because object ‘SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}’ couldn’t be fo
    und on ‘LabDC.Lab.com’.
    + CategoryInfo : NotSpecified: (0:Int32) [Disable-Mailbox], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : E76735B8,Microsoft.Exchange.Management.RecipientTasks.DisableMailbox

  198. laimis Says:

    I can get to ECP without a problem but with OWA there is no change

  199. Sundar Says:

    Almost i’m done i’ve disabled and removed mailbox databases .Then i can started Uninstall but got stucked in mailbox role:client access service uninstallation.it through the below error

    Error:
    The following error was generated when “$error.Clear();
    $CommandAppCmd = join-path $env:SystemRoot System32\inetsrv\appcmd.exe;
    Start-SetupProcess -Name “$CommandAppCmd” -args “uninstall module exppw”;
    ” was run: “Process execution failed with exit code 1168.”.

  200. Prabhat Nigam Says:

    @laimis
    Could you compare the owa and ecp url & authentication?

  201. Prabhat Nigam Says:

    @Sundar
    uninstall IIS and you will be able to uninstall Exchange.

  202. laimis Says:

    For default web site authetnitifaction is: ECP – anonymous and basic, for OWA – basic.
    For Exchange Back End: ECP – anonymous, basic and windows, for OWA – anonymous and windows

  203. Prabhat Nigam Says:

    add FBA
    what about url?

  204. laimis Says:

    how do I compere urls, don’t know where to start :)? Add FBA to default web site? “Chalange Based and login redirect based authentification can not be used simultaniously”

  205. George Says:

    After installing two servers Exchange 2013 CAS/MAILBOX roles in the environment Exch 2010, I can’t access eighter the EMS or ECP on both servers. I’ve got these mistakes:

    EMS Error:

    New-PSSession : [s-mail-nd01] Processing data from remote server s-mail-nd01 failed with the
    following error message: [Server=s-mail-nd01,RequestId=***********,TimeStamp=*****] Access is denied.
    For more information, see the about_Remote_Troubleshooting Help topic.
    At line:1 char:1
    + New-PSSession -ConnectionURI “$connectionUri” -ConfigurationName Microsoft.Excha …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
    gTransportException
    + FullyQualifiedErrorId : -2144108477,PSSessionOpenFailed

    ECP Error:

    403 Access is denied.

    If I exclude server’s name from AD groups: “Exchange Servers” and “Exchange Trusted Subsysem” ECP and EMS begin to start!!! But, if it’s right!!?? What will happen when I begin to organize DAG and migrate mailboxes, without locating the servers in these groups!!!???

  206. sundar Says:

    I tried it but no luck

  207. Ay Says:

    Check the Database name has changed after moving the mailbox.
    Why the mailbox db name has been change after moving?

  208. Prabhat Nigam Says:

    @AY
    It should changed to 2013 DB

  209. Prabhat Nigam Says:

    @laimis and Sundar
    mail me you issue at prabhat@msexchangeguru.com
    We would need to take your remote control to help you as it is becoming complicated and we are not getting proper info and cause this way.

  210. Prabhat Nigam Says:

    @George
    Do let me know if this helps: http://support.microsoft.com/kb/2027062

    Open IIS Manager, and then navigate to Default Web Site.
    Right-click Default Web Site, and then click Edit Bindings.
    If a binding exists for HTTP, clear the host name value.
    If no binding exists for HTTP, create a new binding that has no host name and a value of All Unassigned for the IP address.
    Restart IIS.

  211. “Legacy Exchange Servers Decommission” Post Exchange 2013 Migration « MSExchangeGuru.com Says:

    […] http://msexchangeguru.com/2013/05/10/exchange2013-migration/ […]

  212. laimis Says:

    when I ran get-mailbox -arbitration I only got 3 mailboxes: system, migration and federated email. Is this correct?

  213. Prabhat Nigam Says:

    Dear All,
    we have added decommissioning blog, please feel free to use it and you are most welcome for comments and questions.

    @laimis
    Yes,
    System mailbox will be 1 per DB
    you also need to move discovery for exchange 2010

  214. laimis Says:

    I got EXchange2007 with EX2013. And now I see Discovery search mailbox in EX2007 EMC. Authentication of ECP and OWA are identical. So I guess we’ll have to wait for CU3 :) now :)

  215. Prabhat Nigam Says:

    It should not be in 2007. 2007 does not use it. It might be on 2013 DB.
    Do you have any issue?

  216. laimis Says:

    What I did was trying recreate all system mailboxes on EX2013, after that when I logged on EX2007 EMC it popped up error that discoverysearchmailbox is corrupted. Nothing changed anyway, still cant open OWA on EX2013.

  217. Fred Says:

    Hello Prabhat!

    Thank you, for being the only site online that seems to have information on coexistence.
    I have a strange issue: I’m in Exchange 2007/2013 coexistence. Two ’13 CAS and MB roles each.
    I’ve created a relay (for printers, etc.) receive connector on one ’13 CAS server to replace the relay receive connector on the ’07 HT.
    I then tried to add the ’13 servers to the Internet connector for outbound email, but I can only choose the ’13 MB roles, not the CAS. In addition, if I put the ’13 MB in the Internet connector, I get bounces.
    I’m hopelessly confused and wonder if you can help me. I also hope I explained my situation well enough. If not, please let me know and I’ll restate.

    Thanks in advance.

    Fred Woodbridge

  218. Prabhat Nigam Says:

    Hey Fred,

    You have to create the relay on mbx server and not on CAS.
    In the send connector you can only add Exchange 2013 mailbox servers and not CAS.

    What is the bounce back message, you might need to allow mailbox servers in your outgoing device (firewall/spamgaurd).

    Share the bounce back if it is not the case.

  219. Simon Says:

    Hi Prabhat,

    Great article! Couple of questions:

    1. Does the Autodiscover SCP have to match a certificate entry? If I look at my 2010 Autodiscoverserviceinternaluri, it’s the servername/autodiscover/autodiscover.xml but the servername is on the Cert which I have exported from 2010 and installed onto 2013 – just checking what my 2013 SCP needs to be?

    2. I have been trying to move the Queue db and logs from the default install location but I get Access denied, even though my Account is in Local Admins and Domain Admins – this was trying to modify the EdgeTransport.exe.config file

    Thanks,
    Simon

  220. Prabhat Nigam Says:

    @laimis

    give me your current issue.

  221. Prabhat Nigam Says:

    @Simon
    Thank you. Below is the answer.
    1. SCP has to be autodiscover.domain.com else you need to create a service record in the DNS and you need to change it every time you loose this server. So it not this srv but you need to change the host record in Public DNS as well.

    2. To change the queue db and log path you need to open it in “run as administrator”. This should work. other wise you might need to stop transport service.

  222. Simon Says:

    Hi Prabhat,

    There is no option to open it “as administrator”? I have already tried to modify it with the Transport svc stopped.

  223. Prabhat Nigam Says:

    @Simon
    -Okay I will try to post a blog post on how to open files in run as administrator.
    -For the moment search for notepad and right click on it, you should see run as administrator. Once notepad is open browse to EdgeTransport.exe.config file and edit.
    -Transport service option is in the picture then but you would need to restart the service post changing the EdgeTransport.exe.config file.

  224. Simon Says:

    No worries Prabhat, I’ve got it sorted.

    Cheers

  225. laimis Says:

    Hi Prahbat, my current issue is still the same: can’t open OWA in EX2013. Tried everything you suggested plus few other things from different forums. ECP opens fine. Authentication for both ECP and OWA are the same. If I use outlook to configure user for EX2013 it resolves user just fine but when trying to open says “no default folders found etc…”. When trying OWA it says: :-( something went wrong. A mailbox couldn’t be found for NT AUTHORITY\SYSTEM. If the problem continues, contact your helpdesk. I tried creating different DB, no luck. I can see my test user in EX2007 and all other users from 2007 on EX2013. I can migrate them from 2007 to 2013 and vice versa. Can’t use EX2013 and my goal is to migrate everything from 2007 to 2013 and remove 2007. I’m out of ideas.

  226. Prabhat Nigam Says:

    Is it just with migrated mailboxes or new mbx as well?

  227. laimis Says:

    Same for both

  228. Fred Says:

    Yes, that’s what I’m finding, is that I can only choose MB roles in the send connector and I wondered why.

    I did add the two MB servers, but outbound to the Internet bounced (I made sure the smarthost was set to allow both the CAS and MB servers)
    I got the following bounce:

    The following organization rejected your message: ESMTP.

    Diagnostic information for administrators:

    Generating server: ICSSCOMBVP01.[redact]

    fwoodbridge@email.com
    ESMTP #550 Cannot relay. Mailbox not available fwoodbridge@email.com ##

    Original message headers:

    Received: from ICSSCOMBVP01.[redact] ([redact]) by
    ICSSCOMBvp01.[redact] ([redact]) with Microsoft SMTP Server (TLS)
    id 15.0.516.32; Tue, 10 Sep 2013 14:14:39 -0600
    Received: from ICSSCOMBVP01.[redact] ([redact]) by
    ICSSCOMBvp01.[redact] ([redact]) with mapi id
    15.00.0516.029; Tue, 10 Sep 2013 14:14:21 -0600
    From: Frederic Woodbridge
    To: “fwoodbridge@email.com”
    Subject: This is a test of the EMS
    Thread-Topic: This is a test of the EMS
    Thread-Index: Ac6uYkjlXRL+F0r/RIC2hOyKXKfS5A==
    Date: Tue, 10 Sep 2013 20:14:20 +0000
    Message-ID:
    Accept-Language: en-US
    Content-Language: en-US
    X-MS-Has-Attach:
    X-MS-TNEF-Correlator:
    x-originating-ip: [164.165.10.10]
    Content-Type: text/plain; charset=”us-ascii”
    Content-Transfer-Encoding: quoted-printable
    MIME-Version: 1.0

    Thank you for your help!

  229. Prabhat Nigam Says:

    @Fred
    There is nothing to wonder. Transport role moved to MBX role in 2013.

    This NDR does not have any issue. This is saying you not allowed to relay from ICSSCOMBVP01 for the email address / mailbox might not exist. Did you ensure to update recipient filtering for this email id?

  230. Fred Says:

    Prabhat:

    I’m migrating from 2007 to 13 so there are things I’m just getting caught up on.
    The fwoodbridge@email.com address is external to the Exchange organization. It did not even try to send to the smarthost via the send connector. Am I missing something?
    Thanks for your help.

  231. Prabhat Nigam Says:

    @Fred
    -I need more info:
    -Restart transport service after every change in the connector.
    -Send an email to 2013 mbx from 2007 mbx
    -Send an email to External mbx from 2007 mbx.

  232. Simon Says:

    Hi Prabhat,

    So I followed your advice to change my AutoDiscoverServiceInternalUri on 2010 and 2013 to https://autodiscover.domainname/autodiscover/autodiscover.xml but I am unable to connect to Outlook for a 2013 mailbox and it cannot resolve when setting up a new profile to a 2013 mailbox.

    Pls can you help?

  233. Prabhat Nigam Says:

    @simon
    It has to be https://autodiscover.domainname.com/autodiscover/autodiscover.xml

    You should have DNS host record created for autodiscover.domain.com in public and corporate DNS.

  234. Fred Says:

    @Prabhat:

    I’ll get you the email and send you the information ASAP.

    Thanks for being willing to help me. I really appreciate your help.

    Fred

  235. Matt Says:

    Prabhat,
    We want to test a roll forward with Exchange 2013 and Exchange 2007 in a coexhist scenario during a maintenance window. However, we don’t have all outlook clients upgraded to 2007 or later. Are we able to swap the URLs and DNS and have legacy on exchange 2007 and our normal urls on 2013, but then swap back? Is it only making autodiscover.domain.com to point to exchange 2007 when finished?

    I have read a lot about SCP and not getting a clear answer. I did see the warning about do not convert the namespace and I take that to mean converting the name space is to put legacy on 2007 and other urls on 2013. However, when done testing we should be able to swap back to legacy on 2013 and all other urls on 2007 and our outlook 2003 clients will work again. Please advise.

  236. Ratish Nair Says:

    Ill take this one. Lets consider the following scenario:

    1. You have Exchange 2007 installed which also has an SCP record in AD for Outlook clients to Autodiscover settings
    2. You installed Exchange 2013 to the mix which will also configure a “NEW SCP RECORD” in AD
    3. Soon after this, with no changes in Exchange 2013 your Outlook clients may receive “certificate not trusted” pop ups in Outlook. The reason for this is because Outlook is engineered to do look-ups in AD and it found a new SCP record which it will try to connect to. This may resolve to “E2013Servername.domain.com/autodiscover/autodiscover.xml”. The certificate doenst have the E2013 servername added as a SAN hence pop up.
    4. To mitigate this, you need to configure the InternalURL, ExternalURL and AutoDiscoverServiceInternalUri to a valid URL right after you install E2013. A new certificate should be ready with all URL info along with the legacy.domain.com DNS entry pointing to the Exchange 2007 server. Also remember the other URL’s should point to E2013 once you make the change and the old E2K7 can have that certificate too.
    5. Exchange 2013 is well capable of proxying requests for Exchange 2007 – see Greg’s presentation from 15th Minute: http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/OUC-B313#fbid=psJ8Cw6S8X0
    6. If you need to roll back this, revert DNS changes and shutdown E2013 so that the server wont respond on port 443.

    Ratish Nair

  237. Prabhat nigam Says:

    Thank you Ratish for covering

    Matt – all outlook must be upgrades to minimum 2007 sp 3 with latest roll up. There is no work around to make outlook 2003 work.

    Then all pointer to be pointed to exchange 2013.

    When you install new cert in 2007, make sure u remove old cert after backup. Check out the yesterday’s blog on 2007 certificate and co-existence.

    You also need legacy public host record.

    Feel free to shoot me with more concerns

  238. Matt Says:

    Prabhat,
    Yes, I am aware that outlook 2003 does not work in the coexhist scenario. However, I just want to do a test roll forward and wanted to make sure I am able to do that with the ability to go back.
    I have already created a legacy public host record.

    My questions is this.

    During a maintenance window, I would like to set up all my URLs on Exchange 2013 to the proper URLS and change the DNS records to point to Exchange 2013 respectively. I want to add legacy to all my Exchange 2007 URLs and point the legacy DNS records to Exchange 2007 respectively. I then want to do a thorough test for a few hours. I realize outlook 2003 clients will be down during this time.

    After testing, I would like to move all my production URLs back to Exchange 2007 and change the DNS back to Exchange 2007 respectively. I will then put the legacy URLs back on Exchange 2013 and change legacy dns back to exchange 2013 respectively.

    Once I do this, will my outlook 2003 clients work with Exchange 2007 again? I will then work to get all my outlook 2003 clients upgraded and once I complete that, I will feel comfortable to roll forward again and this time keep it permanently.

    Please advise.

  239. Prabhat Nigam Says:

    I dont see any issue in it but my preference would be ungrading 2003 1st then moving to 2013.

  240. Ilia Says:

    I’m migrating from 2010 to 2013
    I have a problem with OWA access to 2010 mailboxes
    During the install I did tested that it works, but I think that after SSL certificate import/export the problem started.
    I can access directly the 2010 and the 2013 OWA and it works fine with correct certificate, but when I access 2013 OWA and enter credentials of 2010 user I get “something went wrong” error.
    I checked the logs of both 2010 and 2013 servers and found nothing special there.
    Any ideas ?

  241. Prabhat Nigam Says:

    @Ilia
    see if you have authentication method configured as below, if not then try it and let me know if this helps:

    On 2013
    InternalAuthenticationMethods: Basic,FBA
    ExternalAuthenticationMethods: FBA

    On 2010
    InternalAuthenticationMethods: Basic,FBA
    ExternalAuthenticationMethods: Basic,FBA

  242. Jochen Andries Says:

    I’m back (after first post #95) !
    The project ‘Exch2013′ was laying around, now there’s time to finish it (finally).

    As post in the “Mail flow is not working”, I still have one (small) problem I would like to resolve before doing the DNS-swap.

    I can mail from the 2007 to the 2007, the 2013 and external.
    I can mail from the 2013 to the 2013 and external.
    I can mail from external to the 2007 and the 2013.
    So I can not mail from the 2013 to the 2007.

    If I set the 2013 ‘as the master’ (= Changing DNS-records and Firewall-rules), I definately want the mail flow from the 2013 to the 2007 because all active mailboxes are still on the 2007 (I tried 2013 with mailboxes from fired people).

    The config:
    2007: mail.domainname.ext (internal & external) and exchangeserver.internaldomainname.local
    2013: mail13.domainname.ext and srv-exch2013.internaldomainname.local
    All clients are connecting to mail.domainname.ext (internally & externally)

    A wildcard-SSL-certificate is installed on both servers, no certificate-errors are shown.

    We have a lot of smartphones/tablets connecting to the mailsystem, SO I cannot have a lot of downtime to test things out :-/

    Thoughts I have:
    What if I change the master mail.domainname.ext to point to the 2013 ? What will happen ? (Because, now there’s no mailflow from 2013 to 2007)

    What I want (everybody here I guess) :
    Mail is coming into the Firewall. Firewall routes the mail to the 2013,
    if the mailbox is on the 2013, mail will be dropped in the 2013-mailbox
    if the mailbox is on the 2007, the 2013 sends the mail to the 2007 and mail is dropped in the 2007-mailbox.

    If Mister-X connects with his tablet (pointing to mail.domainname.ext) and his mailbox is on the 2007, will the 2013 be so clever to show him the right way, going to the 2007 ?

    Uuuurrrrhhhhmmmm : the last (big) step to take, but to afraid I guess…

  243. Simon Says:

    Hi Prabhat, Ratish

    After moving a mailbox to Exchange 2013 from 2010, it is constantly prompted for credentials; I have checked Outlook Anywhere and Auth is set to NTLM on the CAS servers; SSL offloading is not selected.

    Any ideas?

  244. Prabhat Nigam Says:

    @ Simon:
    Could you try Basic authentication?

  245. Prabhat Nigam Says:

    @Jochen

    -I have answered mail flow question on the other blog.

    – For 2007 and 2013 urls
    .Install a new cert on both 2013 and 2007 with 3 urls autodiscover, mail13.domainname.ext, mail.domainname.ext.
    .you need to configure separate url for owa and ews because there directories don’t proxy.
    .So you can change the public dns pointer of mail.domainname.ext to 2013 and configure the same url in 2013 everywhere
    .Make sure you configure autodiscover scp configuration
    .Change the external url owa and ews on 2007 to mail13.domainname.ext and create public host record for this.

    This should work without changing anything on mobile clients and outlook anywhere pop/imap and owa.

  246. Jochen Says:

    Telnet-session completed successfully

    If I log on to the owa of 2013 (from inside the network) and use the credentials of a 2013, I get the 2013-owa.
    If I log on to the owa of 2013 (from inside the network) and use the credentials of a 2007, I get the 2007-owa.

    The cert I have is a *.domainname.ext, so only thing I have to make sure of is that the cert is binded the the service I thought.

    I tried (from inside the network) to install an Outlook-client (to the 2013) => OK (so autodiscovery works and OAB is OK)
    I tried (from inside the network) to install an iPad-client (to the 2013) => OK

  247. Simon Says:

    Prabhat – still the same when I change to Basic Auth, any other suggestions, I’m tearing my hair out!

  248. Jochen Says:

    @Simon,
    I had the same issue in the beginning. By doing the CRTL-OutlookIcon in the clock-tray, I saw that there was something wrong.
    My case had to do with the fact that the new Exchange was using the internal-DNS-name, so not being in the wildcard-SSL-cert.
    Once it was sorted out (changing all InternalUrl to a dns-name in the certificate) Outlook stopped asking for credentials.

  249. Simon Says:

    Hi Jochen – I think I have a different issue – I’m not using a wildcard cert and I’ve triple checked my URLs and they match what’s on my SAN cert

  250. Prabhat Nigam Says:

    @Jochen
    wildcard cert is not recommended. Are you facing any issue now?

    @Simon
    Could the check what is the authentication configured on the outlook client.
    Try different workstation.

  251. SteveTill Says:

    @Simon
    I’m experiencing the same issue.

  252. SteveTill Says:

    I created a mailbox on Ex2013, as well as migrated a user. I can’t access OWA or Outlook with either user. However, users still on Ex2010 can still access Outlook and OWA.

  253. SteveTill Says:

    Question for you…

    Do need a particular set of permissions to access a 2013 mailbox? For example, I’m in a 2010/2013 coexistance scenario and when logging in as Exchange 2013 user, Outlook keeps prompting me to login over and over again. Is there a new group a 2013 user need to be a part of when trying to authenticate? 2010 users can authenticate no problem. Our current autodiscover points to our 2010 Exchange HUB/CAS server.

  254. Prabhat Nigam Says:

    @ Steve
    Did you try https://2013CASip/owa

  255. simon Says:

    @Steve
    It’s the same issue I faced – I changed DNS to ensure autodiscover was pointing at 2013 and it was all sorted

  256. Prabhat Nigam Says:

    @Simon
    It is mentioned in the blog to point autodiscover and CAS to the 2013 CAS server. I understand there is alot of points to take care but you need to follow the steps correctly. Do let me know if I missed or confused you anywhere.

  257. Bill Fitz Says:

    Hello Prabhat,

    First let me say thank you to for the absolute best resource I’ve see on-line for my 2007 to 2013 migration project. I have 2013 CU2 with 2007 SP3 Rollup 11 in coexistence, I cannot drop my 2007 server for a little while yet.

    The problem we have is any user with a 2013 mailbox that sends a message with any sort of attachment gets converted to winmail.dat when sending to 2007 internal users. External/Internet recipients receive the messages and attachments just fine, the problem only exists from 2013 to 2007 transport.

    Can you suggest what can be done to fix this? I’ve scoured the net and found nothing for this specific scenario – everyone is talking about disable TNEF (which we did) but it still occurs.

    Thanks!

    -Bill

  258. Prabhat Nigam Says:

    @Thank you Bill
    Please follow the blog – just posted for you
    http://msexchangeguru.com/2013/10/09/winmail/

  259. Bill Fitz Says:

    Hello Prabhat,

    Thanks very much for the rapid response. I can confirm that we located a similar blog previously and I have double checked we have set those settings to ‘Never Use’ in the Remote Domains, but the problems persists.

    Could there be another solution?

    Thanks,

    Bill

  260. Bill Fitz Says:

    AS an update, after continuing to investigate, I’ve located the messages in question, which are not infected, in the 2007 Exchange server’s Forefront Security Server Administrator under ‘Report’ and ‘Quarantine’. Forefront is detecting winmail.dat as a ‘CorruptedCompressedFile’ for all e-mail from our 2013 Exchange server that has any kind of attachment, in most cases it is the user signature triggering it.

  261. Prabhat Nigam Says:

    @Bill

    I am not sure if you restarted the Hub Transport service on all servers.
    Yes between 2013 to 2007 within the same org is something new.
    Could you run the message tracking and see if it shows where it is changing the file format.
    Another point can be some kind of encryption
    Do we have any firewall or spamgaurd or any other 3rd party when sending email from 2013 to 2007. I am doubting this device or software.

    You can do a test. send an email from 2013 mailbox to 2013 mailbox + 2007 mailbox + Internet. If it is changing for only 2007 mailbox then surely a 3rd party doing some trick.

  262. Bill Fitz Says:

    Hello Prabhat,

    It looks like somehow in all our preparation with patching and updates, we overlooked an update for Forefront that fixes this known issue. I am installing Forefront V10 SP2 and will update if this resolves my problem.

    Thanks!

  263. Bill Fitz Says:

    Hello Prabhat,

    I am pleased to report our issue is resolved. It was in fact the Forefront scanner on the 2007 server as you surmised. You are a scholar and a gentlemen.

    Cheers,

    Bill

  264. laimis Says:

    Hi Prabhat,
    I appreciate all the help from you in previous posts even if it did not solve my issues. I almost put all migration from 2007 to 2013 aside just occasionaly trying different things. So I found some interesting moment in resource booking. Recource (company car) created on EX2007 is shown on EX2013 ECP but when I click on recource I get this:
    Cannot open mailbox /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=TRANS-SRV2/cn=Microsoft System Attendant.
    TRANS-SRV2 is EX2007. Maybe thats related to my initial problem of not being able to open EX2013 OWA at all?

  265. Jeff Says:

    Hi Prabhat,
    Excellent article. I have a couple of questions. I am migrating from Exchange 2007 to 2013. Currently I have 4 servers. 1) Ex2007 Mailbox, 2) Ex2007 Hub/Client 3) Ex2013 Mailbox 4) Ex2013 CAS. I have the certs installed and my next step is to route everything through the Ex2013 CAS (ie point mail and autodiscover url’s to Ex2013 CAS). We are also routing all incoming and outgoing email through a Barracuda spam filter appliance.

    My 2 questions are this:
    1) From what I read in the article, it sounds like I will need to either a) set the spam filter to allow email to come from the Ex2013 mailbox server? or b) configure the send connector to proxy to the CAS server? Is this correct?

    2) We have receive connectors setup to allow relaying from various applications and devices (copy machines…). The applications are setup to use a url, but the devices needed an ip address. Instead of repointing my mail and autodiscover url’s to new ip addresses, I would like to swap the ip addresses of the Ex2007 Hub/Client server with the Ex2013 CAS server. Do you forsee and issues/configuration changes with this?

    Thanks.

  266. Prabhat Nigam Says:

    @ Laimis
    This looks very know error. Did you delete old dbs without moving default mailboxes or first admin group. You will have to recreate it. look for it, it is a known issue.

    No, owa should not be linked to it

    ——————-

    @Jeff
    1. Install both CAS and mbx role on server 4. You need it.

    2. point the spam filter to mailbox server, CAS will not do any routing.

    3. Sender connector should be able to directly send to spam gaurd. You dont need to forward to CAS. CAS option is for the orgs which are using CAS as spam Guard.

    4. you can swap the IP but make sure you DNS is resolving to it. You might need to restart the server.So be careful. No issues in swapping the IPs. Exchange does not care but you need to configure receive connector which is using port 2525 for mailbox in a cas + mbx roles installed server so you might prefer CAS receive connector which is using port 25.

    Hope this helps

  267. Jeff Says:

    Thanks Prabhat for the quick reply. I am a little confused though. Why do I need Mailbox role on my CAS only server? I thought the CAS only server would just proxy back and forth from/to the Mailbox only server. What would be the benefit of adding mailbox to my CAS server vs. Adding CAS to may mailbox server and eliminating the CAS only server? Thanks again.

  268. Sergio Diaz Says:

    Hi Prabhat,

    I have a couple of questions. I am migrating from Exchange 2007 to 2013. Currently I have 2 servers. 1) Ex2007 sp3 Update RU11 Mailbox,Hub, Client 2) Ex2013 Cu2 Mailbox,CAS. I can see two servers 2007 and 2013 in EAC , but only see the database of ex2013, the database of 2007 i can´t see it. I did a test of migration of 5 mailbox and was successful.

    Hope this helps

  269. Prabhat Nigam Says:

    You will not see 2007 databases from 2013 EAC. This is by design.

    Keep it simple manage 2007 from 2007 console or EMS and 2013 EAC or EMS.

  270. Jeff Says:

    Hi Prabhat,
    Can you tell me why I need the mailbox role on my cas only server? and why that is preferable over putting cas on my mailbox only server and eliminating the cas only server?

    Also, In the article you mention that having just a default email address policy that originated in Exchange 2003 could cause a problem. What problems does that cause? and the fix is just to create a new policy with the same settings and delete the old?

    Thanks

  271. Prabhat Nigam Says:

    Hi Jeff,

    1.
    You dont need them together but you need both of them in your environment to let 2013 do anything. CAS 2013 will proxy to Mailbox 2013. Then Mailbox role will take the decision.

    I prefer to keep CAS and MBX together because CAS does not have much hardware requirement so merging it will reduce my cost of one OS and server hardware except memory and processor.

    2.
    Email address policy has changed from 2003 to 2007 (attributes has been added)so you need to run update-emailaddresspolicy cmd with the 2003 policy name when 2003 server is present, If 2003 server has been deleted then you can’t update this policy so the solution is to create new one and delete old one.
    The old policy might not update new mailboxes with the email addresses.

  272. Jeff Says:

    Great, thanks for the clarification :)

  273. Exchange 2013: Cross Forest/ORG Migration from Exchange 2010/2007 « MSExchangeGuru.com Says:

    […] Exchange 2013 Migration Guide – http://msexchangeguru.com/2013/05/10/exchange2013-migration/ […]

  274. Raman Says:

    Hi,
    I installed Exchange 2013 RTM in existing environment with Exchange 2010 Sp3 in our test environment. After installing Exchange 2013 RTM I checked when I access OWA using Internal URl it redirected to Exchange 2010 CAS server’s Internal URL and I was able to access Exchange 2010 mailbox. I upgraded to CU2 and now Exchange 2013 internal URl not re-directing it to Exchange 2010 mailbox anymore. I checked all the settings on virtual directories and made sure that FBA authentication is selected. It is a test environment and I just wanted to test the re-direction in co-existence environment using Internal URL. It should work out of the box but not sure what happened. There was no issue in CU2 instllation.
    Exchange 2013 CAS and mailbox roles are on separate servers. Same with Exchange 2010. There is no certificate 3rd party certificate install on CAS servers since it is a test environment.
    Not sure what else can I check.
    I appreciate if any help I can get.
    Thanks,
    Regards
    Raman

  275. Prabhat Nigam Says:

    Hi Raman,

    Make sure all exchange services are running.
    Configure the urls as mentioned in this blog…
    What is exactly failing redirection, OWA or outlook anywhere?
    Make sure you have configured everything as mentioned here
    External url & internal url of 2010 and 2013 should be same mail.domain.com
    Configure SCP
    configure Outlook anywhere

    Share the error.

  276. Raman Says:

    Hello Prabhat,
    I did make sure that all the virtual directories, especially OWA and ECP have internal and external URL. I put the same internal URL for external URL as well on 2013 and 2010 side. I am only trying at this point is OWA. I did not try outlook anywhere yet. To re-direct it should be simple but it is just not working. I was thinking once 2013 CAS sees that mailbox reside on 2010 it would redirect the request to CAS 2010 but I could not figure out why it is just keep failing. Last night I re-installed CAS 2013 but still same results.

    Thanks,
    Regards
    Raman

  277. Prabhat Nigam Says:

    @Raman
    1. Did you upgrade mailbox 2013 to cu2 as well
    2. Could you share the owa error or warning or message which says this is not redirecting
    3. Are you able to open 2013 mailbox in owa

  278. Raman Says:

    Hello Prabhat,
    Finally it resolved after adding provider Negotiate and NTLM under OWA IIS directory -> Authentication -> Windows Authentication -> Add provider Negotiate and NTLM.
    Thanks,

  279. Prabhat Nigam Says:

    Hi Raman,
    Great to hear. What was it configured earlier?

  280. Raman Says:

    Hi Prabhat,
    Before it was empty there was no provider. But not sure who direct Exchange 2010 OWA was working.
    Now, after the re-direction works and I click on “Options” to go to ECP for other settings. It shows ECP page but does not matter what setting I click it nothing happens, not even “Sign Out” works. I had to click back on browser button and go back to main OWA mail page.
    OWA and ECP virtual directory and authentication are same.
    I will let you know in case I am able to find solution.
    Thanks,

  281. Prabhat Nigam Says:

    Hey Raman,

    Check if this link helps.
    http://msexchangeguru.com/2013/10/30/http-redirect-owa-ecp/

  282. Raman Says:

    Hi Prabhat,

    It seems that this re-direct would re-direct everything.
    In co-existence environment we would like to let Exchange 2013 CAS check if mailbox is on Exchange 2010 or 2013 according to that it would re-direct or just serve the user if mailbox is on Exchange 2013.

    Thanks,

  283. Prabhat Nigam Says:

    No, Redirect will only redirect 2010 mailbox users.

  284. Raman Says:

    I will try it but would not it works without doing this specific configuration for re-direction. I am just wondering.

    Thanks.

  285. Prabhat Nigam Says:

    For me it works every time by just following this blog.

  286. Raman Says:

    Prabhat,
    On second thought in my environment re-direction is working even to ECP but I see the page left pane options but those options does not show any settings.

  287. Prabhat Nigam Says:

    Paste the error here to recommend anything.

  288. Raman Says:

    I see it in IIS
    2013-11-13 22:33:03 “Exch2010CAS” HEAD /ecp – 443 – “Exch2013CAS” HttpProxy.ClientAccessServer2010Ping 302 0 0 0
    2013-11-13 22:33:03 “Exch2010CAS” HEAD /ecp/ – 443 – “Exch2013CAS” HttpProxy.ClientAccessServer2010Ping 404 4 2 0

    Instead of IP addresses I replaced it with server version and role.

    I tried this http://support.microsoft.com/kb/942052 for error 4o4.4 but it seems everything is correct.

    Thanks

  289. Max Says:

    Hi,

    i installed Exchange 2013 in existing environment 2010 (SP3), mailbox, still on exchange 2010, are published through TMG Gateway.
    OWA access work well, but ActiveSync on smartphone doesn’t work.
    In TMG publishing rule i set basic auth, like in activesync virtual directory on Exch 2010 and 2013 too.
    Thanks

  290. Ken Says:

    I have a single exchange 2007 server and am adding a single 2013 server into the same org as part of an upgrade. I followed your blog on installing the 2013 server into the 2007 org and I can send and receive mail using mailboxes on the 2013 server. I currently only have 2 test users on the 2013 server. When I create a profile for a test user using Outlook 2007 I get a pop-up window asking for user credentials. When I look at the connection status in Outlook (Ctrl rt click) I see 4 entries; 2 are established with type=mail; 1 is continuous ‘connecting’ with type=public folders on the 2007 server; 1 is continuous ‘connecting with type=referral. If I enter a password into the pop-up window and hit enter it just continually re-asks for the password. If I just cancel the pop-up credentials box it stays gone and mail works normally, and the 2 connection status entries that are ‘connecting’ go away. Any guidance on where to look to resolve this issue? Thanks

  291. Prabhat Nigam Says:

    @Ken
    Make sure you configure outlook anywhere in exchange 2013 and point your outlook to exchange 2013.
    Apart from this make sure outlook client is as per the minimum required SP and rollup level
    Exchange 2013 CU2 will be better.

    There can be different issues for this issue so let me know how does it go.

  292. Prabhat Nigam Says:

    @Max
    Did you configure activesync same as OWA?
    also see if all users help in place of all authenticated users.
    check the below link if they help
    http://msexchangeguru.com/2011/08/29/tmg-error/
    http://msexchangeguru.com/2012/10/23/e2k7-to-e2010-cas-transition/
    http://msexchangeguru.com/2011/07/06/tmg-e2010/

  293. Ken Says:

    Prabhat

    First, thanks for replying to my problem. My Outlook client is 2007 version SP3 (12.0.6683.5000). I do have the minimum outlook patch November 2012 update (12.0.6665.5000). My Outlook client is pointing to exchange 2013. Outlook anywhere is configured with both the internal and external names set and authentication set to basic. My exchange server is 2013 CU2. I still get the pop-up in Outlook

  294. Ratish Nair Says:

    @Ken – Look at the authentication setting of the RPC Virtual directory on both the Default website and Exchange backend and compare with a working server. It should be unique across all your servers…. Dont change it in IIS, it needs to be changed in Shell.

  295. Ken Says:

    Ratish

    On my new 2013 exchange server the default web site basic authentication is enabled–all others disabled. On the backend server windows authentication is enabled and all others are disabled. (Are these supposed to be different?)

    On my working 2007 exchange server the default web site is the same–basic enabled and all others disabled.

  296. Ratish Nair Says:

    Well default website should have Anonymous and all other disabled

    RPC VDir under default website should have Basic and Windows
    RPC VDir under Exchange Backend website should have Windows Authentication ONLY

  297. Ken Says:

    Ratish

    I wasn’t clear on my earlier post; my default web site authentication is anonymous. default RPC vdir is basic only. I added windows authentication to the RPC Vdir under default and did an IISreset /noforce. When I launch outlook I still get the pop-up credentials window.

  298. Prabhat Nigam Says:

    @Ken
    Do you have any load balancer.
    How did you add the windows authentication? from IIS or exchange shell.

  299. Ken Says:

    I don’t have a load balancer. I added the authentication from IIS

  300. Prabhat Nigam Says:

    I think Ratish said it already, you have to add from exchange management shell.

  301. Ken Says:

    Sorry; can you provide the command for the shell?

  302. Ken Says:

    I ran this command to add windows authentication to the RPC Vdir under default web site:
    Set-OutlookAnywhere -Identity ‘[servername]\rpc (Default Web Site)’ -IISAuthenticationMethods Basic,NTLM
    and I confirmed that the windows authentication is now enabled in IIS. I then tested Outlook again and still get the credentials pop up.
    I don’t know if this is significant but when I look at connection status in Outlook I get 2 established connections to the exchange 2013 server and a 3rd connection trying to establish to the exchange 2007 public folders (with the creds pop up window visible). If I cancel the pop up, the attempt to connect to 2007 public folders goes away and Outlook operates normally (for a while, until the pop up comes back).
    Thanks for your continued help troubleshooting

  303. Prabhat Nigam Says:

    Check if this helps
    set-OutlookAnywhere -Identity “servername\Rpc (Default Web Site)” -ExternalClientAuthenticationMethod Basic -InternalClientAuthenticationMethod NTLM -IISAuthenticationMethods NTLM

  304. Ken Says:

    thank you for the script. I applied it and then ran get-OutlookAnywhere -Server:’servername’ |fl to verify that the internal is set to NTLM, external is basic, and IISauthentication is NTLM. I then launched Outlook and unfortunately I still get the credentials pop up.

  305. Prabhat Nigam Says:

    This is for 2007.
    Set-OutlookAnywhere -Identity “2007servername\Rpc (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName hostnamefqdn -IISAuthenticationMethods NTLM, Basic

    If outlook anywhere has not enabled then you have to replace set with Enable.
    Let me know if this helps.

  306. Ken Says:

    I ran the script for my 2007 exchange server. The only change made was to the IISAuthenticationmethods, which added NTLM to the types. I tested outlook and still get the popup credentials window. I notice that as long as the popup is there the Outlook tray says ‘waiting to update folders’. When I ‘cancel’ the credentials popup it changes to ‘all folders up to date’. Thanks for your continued help.

  307. Ratish Nair Says:

    Whats it trying to connect to? Make sure you dont have any other mailbox or any Sharepoint calender trying to query.
    what happens if you create a new profile on a different or same machine?

  308. Prabhat Nigam Says:

    Ken
    Please do iisreset on both 2013 and 2007. Let me know if anything changes

  309. Ken Says:

    OK, I deleted the existing profile for my test mailbox on exchange 2013 and recreated it. I do not have any other mailboxes in the profile, nor do I have a sharepoint server. I notice that the exchange server name changes from my exchange fqdn to this string: d73cd9ac-6021-48ed-b371-a59d9984284d@bcnaz.net Not sure if that is relevant. Outlook opens normally, but after a few seconds I get the popup credentials. When I check the connection status it has 3 established connections–2 for mail and 1 for directory–on the 2013 server. There are 2 referrals that are in a ‘connecting’ status but I can’t tell what they are trying to connect to. If I cancel the credentials popup the referrals close. After a few seconds I get the popup again, and this time the connection status is trying to connect to the exchange 2007 public folders but it just stays in ‘connecting’ status.

  310. Ratish Nair Says:

    Well… It maybe trying to connect to exchange 2007 Pf’s or it could be E2013.
    Cant really tell till I can take a look… auth popups are so common, it could be lot of things causing it…
    Exchange 2013 uses GUID so that behaviour is normal…

  311. Prabhat Nigam Says:

    Ken – Are you using Public Folders.
    Do you see a correct server in the refferral tab of the Public Folder Database properties.
    Do you see anything failing if you run test-connection

  312. Ken Says:

    Prabhat

    I apologize on not noticing your request at 2:05PM to do an iisreset on both servers; your request and my later reply about deleting profiles passed each other. Anyway, I did another iisreset on both servers and am happy to report that my test clients on exchange 2013 no longer get the popup. I really appreciate your help getting this resolved.

  313. Prabhat Nigam Says:

    Great things.. Happy Thanks Giving..

  314. laimis Says:

    I just installed CU3 but still cant open OWA on EX2013. I get this error:
    X-OWA-Error: Microsoft.Exchange.Clients.Owa2.Server.Core.OwaADUserNotFoundException
    X-OWA-Version: 15.0.775.32
    X-FEServer: TRANS-MAIL
    X-BEServer: TRANS-MAIL
    Date: 11/28/2013 1:22:31 PM
    Any Ideas guys?

  315. Prabhat Nigam Says:

    @laimis
    Try the below cmd and let us know if this helps
    Set-Mailbox username -ApplyMandatoryProperties

  316. laimis Says:

    after completing command Set-Mailbox username -ApplyMandatoryProperties I received:
    The command completed successfully but no settings of domain/Users/testuser’ have been modified.

  317. Prabhat Nigam Says:

    any changes to the issue

  318. laimis Says:

    No. Still the same. EAC works ok, OWA and activesync – no

  319. WM Says:

    Great web site you’ve gotten right here.

  320. Josef Says:

    Hello there! I could have worn I’ve been to this blog before but after browsing through many of the posts I realized it’s new tto me.
    Anyhow, I’m definitely delighted I discovered it and I’ll be book-marking it and checking
    bak often!

  321. laimis Says:

    Hi, because I was not succesfull to connecting to owa at least once, I played with different things and finally messed it up totaly. now I cant connect to ecp either. It happened when I removed one expired certificate and added roles to valid one. I got server error with “wrong provider…” or something like that. I got two questions:
    1. Can EX2013 operate without SSL (I know its not recomended etc…)?
    2. If I want to completely remove EX2013 and just stay with EX2007 can i simply delete arbitration mailboxes or it is different procedure. I got erros now when trying to uninstall saying that “This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, public folder mailboxes or arbitration mailboxes.”. I deleted all test user mailboxes. I decided to give EX2013 one more try with completely reinstalling it but cant uninstall now.

  322. Lazaro Says:

    Wow! After all I got a blog from where I can in fact
    get helpful facts concerning my study and knowledge.

  323. Prabhat Nigam Says:

    @laimis

    It is not that hard to setup SSL. I think I can fix by connecting to your setup. mail me if you like. Your answers are below:

    1. You need SSL
    2. Yes you can delete arbitration and discovery (only with 2007 co-existence) mailboxes then you should be able to delete the databases and uninstall.

  324. laimis Says:

    Thanks for your answer. I will contact you by email but I like to know about your working hours. I am at GMT +2.

  325. Ahmed Says:

    Hi Prabhat. You guys are absolutely fantastic. Successfully deployed Exchange 2013 with Exchange 2010 co existence.

    All the configurations are complete & we are ready for migration. During the testing i noticed an error
    “The Microsoft Exchange Administrator has made a change that requires you quit and restart Outlook” For which the resolution seems like repair the outlook profile or deleting and adding the account. Is there something we need to worry about.
    FOR OA : Authentication for clients is set to basic & for IIS as basic & ntlm, ssl offloading is false on ex2010 CAS servers,
    On Ex2013 servers its set to basic & SSL offloading is checked. Is this correct?

    Our external & internal URLS are mail.domain.com on both ex2010 & ex2013
    Autodiscover is autodiscover.domain.com SCP is set on exchange 2010 & 2013 servers correctly.
    We have added a DNS A record for outlook.domain.com for VIP on Kemp LM just for internal outlook client users, external users connect on mail.domain.com on the same VIP

    Do you guys have any instructions to create CSV for migrating bulk users ?

    Any further advise would be helpful.

  326. Ahmed Says:

    Just to add another question.

    If all hell breaks loose after migration for some reason and we have to shift back to Exchange 2010. Can we move our mailboxes back to exchange 2010 DB’s and how ?

    I tried from EAC by moving a exchange 2013 test mailbox back to exchange 2010 and it would not work.

  327. Exchange 2010/2007 to 2013 Migration and Co-existence Guide « MSExchangeGuru.com | JC's Blog-O-Gibberish Says:

    […] http://msexchangeguru.com/2013/05/10/exchange2013-migration/ […]

  328. Raman Says:

    Hi Ahmed,

    A quick question. I just installed Exchange 2013 co-existence with Exchange 2010. I am planning to change -autodiscoverserviceinternaluri for all CAS servers currently it is FQDN.autodiscover/autodiscover.xml

    My question is if you could please check in your environment and let me know. If you ping autodiscover.company.com on internal network what happens? Does it ping?

    Thanks,

  329. Raman Says:

    Or if anyone else can answer it. I appreciate it.

    A quick question. I just installed Exchange 2013 co-existence with Exchange 2010. I am planning to change -autodiscoverserviceinternaluri for all CAS servers currently it is FQDN.autodiscover/autodiscover.xml

    My question is if you could please check in your environment and let me know. If you ping autodiscover.company.com on internal network what happens? Does it ping?

    Thanks,

  330. Prabhat Nigam Says:

    @Raman
    autodiscover.company.com – you need to create/change the DNS record pointing to the Exchange 2013 CAS server or CAS servers load balanced.

  331. Prabhat Nigam Says:

    @Ahmed

    Answer in Line
    All the configurations are complete & we are ready for migration. During the testing i noticed an error
    “The Microsoft Exchange Administrator has made a change that requires you quit and restart Outlook” For which the resolution seems like repair the outlook profile or deleting and adding the account. Is there something we need to worry about.

    PN: Nothing to worry. Reopen outlook and it should be good.

    FOR OA : Authentication for clients is set to basic & for IIS as basic & ntlm, ssl offloading is false on ex2010 CAS servers, On Ex2013 servers its set to basic & SSL offloading is checked. Is this correct?

    PN: What is the IIS auth on 2013?
    PN: Could you check if unchecking SSL offloading change the behavior.

    If all hell breaks loose after migration for some reason and we have to shift back to Exchange 2010. Can we move our mailboxes back to exchange 2010 DB’s and how ?

    PN: Yes we can revert back. Option number 1 is connecting this mailbox from disconnected mailbox in exchange 2010 but if you got many emails in exchange 2013 mailbox then extract then to pst and then import after switching.
    Option 2 will be cmdlet which will be run on Exchange 2010 shell. My preference in Option 1

  332. Simon Says:

    Hi Prabhat, Raman,

    Wondering if you can can help with this issue (CU3)

    After changing to FBA Auth for ECP/OWA virtual directories, I am unable to login to EAC – no error message just a blank page. If I deliberately mistype the password, then I get “the username or password is incorrect…”

    I have tried recreating the ECP/OWA virtual directories but when I change to FBA, I cannot get into EAC – using https://localhost/ecp/?ExchClientVer=15 gets redirected to https://localhost/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2flocalhost%2fecp%2f%3fExchClientVer%3d15.

  333. Prabhat Nigam Says:

    Hi Simon,

    Please verify the exchange 2013 auth on this blog. This should work..

    http://msexchangeguru.com/2013/12/31/e20132007-urlsauth/

    Below is the configuration my lab
    [PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>Get-OwaVirtualDirectory | fl *auth*

    ClientAuthCleanupLevel : High
    InternalAuthenticationMethods : {Basic, Fba}
    BasicAuthentication : True
    WindowsAuthentication : False
    DigestAuthentication : False
    FormsAuthentication : True
    LiveIdAuthentication : False
    AdfsAuthentication : False
    OAuthAuthentication : False
    ExternalAuthenticationMethods : {Fba}

    Are you trying to access directly or via a firewall like TMG or UAG?

  334. Simon Says:

    Mine are identical, but I am unable to access the EAC, and this is trying directly on the server! No errors that I can see in the App log. My mailbox is on a 2013 server, any suggestions would be much appreciated.

  335. Prabhat Nigam Says:

    How about the urls?
    Also check this one- http://msexchangeguru.com/2014/01/21/e2013-ecp-moduleissue/

  336. Simon Says:

    I don’t get any error when trying to open ECP or OWA, the screen flickers but nothing; and nothing in the App log either. I can correct it by setting it back to Integrated Auth, but as soon as I change it to FBA, I can no longer access ECP or OWA. Checked IIS, and all looks in order. All I can come up with is to reinstall CAS or call MS?

  337. Prabhat Nigam Says:

    @Simon
    Could you share the Windows server, Exchange server CU level and internet explorer version.

  338. Simon Says:

    Windows 2012 Standard, Exchange 2013 CU3 and IE 10

  339. Snap Says:

    Hello, I am having the same issue. I get the A mailbox couldn’t be found for NT AUTHORITY\SYSTEM. If the problem continues, contact your helpdesk. Also my powershell is giving me an access denied. When I first installed Exchange it worked. I am in a 2007 2013 coexistance. Please help.

  340. Prabhat Nigam Says:

    Hi Snap,

    Could you explain the issue in Detail.

  341. Raman Says:

    Hello Prabhat,

    We are in co-existence with Exchange 2010 SP3 and Exchange 2013 CU3.

    Outlook Anywhere and Autodiscover pointed towards Exchange 2013 CAS servers. Everything works fine irrespective where is mailbox is located Exchange 2010 or 2013.

    When I tried to access auto-mapped mailbox from Exchange 2010 as primary mailbox accessing auto-mapped Exchange 2013 mailbox “Cannot expand the folder. The set of folders cannot be opened. Microsoft Exchange is not available. Either there are network problems or the Exchange server is down for maintenance”.

    Exchange 2013 OutlookAnywhere “Externalclientauthenticationmethod” is Basic and “Internalclientauthencitcationmethod” is NTLM. Everything is setup as per the Tech-net recommendations.

    Checked both these articles but still it is not working:

    http://support.microsoft.com/kb/2839517
    http://support.microsoft.com/kb/2834139
    Please let me know if there are any other ideas.
    Thanks,

  342. Prabhat Nigam Says:

    @Raman
    I would recommend migrating all mailboxes together.

    Try if “Externalclientauthenticationmethod” = NTLM helps.

    Please also share 2010 Auth. URL of both systems 2013 and 2010.

  343. Snap Says:

    I have Exchange 2007 and just installed Exchange 2013 on Server 2012 R2 (I know it is not supported yet but it was working great until last weekend). I can get into ECP and the email is flowing from Outlook. I just can’t get into OWA or Powershell. I get an access denied from powershell. Also, was is weird is the timestamp on Powershell is 6 hours ahead as well as the timestamp in the error on Owa.

    Microsoft.Exchange.Clients.Owa2.Server.Core.OwaADUserNotFoundException
    Time is 6 hours ahead.

    I have reset all the virtual directories, done all the bindings stuff. I have tried almost everything from other blogs and forums. I just can’t figure it out. I really appreciate your help. Snap

  344. Prabhat Says:

    Hi Snap,

    Please install exchange 2013 on windows 2012 non R2 or wait for exchange 2013 SP1.

    Is ur AD also on 2012 r2?

  345. Snap Says:

    Ok, I will wait for SP1. No the AD is on 2008 with a level of 2003.

  346. Raman Says:

    Hello Prabhat,

    Thanks for your quick response.
    It is strange it works in our Test environment with “ExternalClientauthentication” =Basic on Exchange 2013.
    Everything is same in test and production but not working in production.
    I remember it was not working in test as well but I do not when and why it started to work. Since, then I have been doing reverse engineering to break Test environment but does not matter what I do it works. This even driving me more crazy.

  347. Raman Says:

    Other than this I would also prefer to move all mailboxes same time but it is not possible with around 6,000 mailboxes. So it needs to make work.
    Thanks Again.

  348. Prabhat Says:

    All mailboxes, I meant all mailboxes of the user so that outlook should not try 2010 for one mailbox and 2013 for other mailbox.

    Let me know the 2010 config
    Also if Ntlm helped.

  349. Raman Says:

    If I remove auto-mapping and just add the Exchange 2013 as additional mailbox it works. So it is something with auto-mapping.

  350. Prabhat Nigam Says:

    you might need to do remaping because of the change in 2013 where it uses the mailbox guid in place of the server name unless they both are into same system.

  351. Raman Says:

    Hi Prabhat,
    How do I re-map if mailboxes are auto-mapped in Outlook? I also tried to remove the full permissions and re-add it again but still auto-mapping does not work if Exchange 2010 primary mailbox is accessing Exchange 2013 auto-mapped mailbox.
    Thanks,

  352. Ziva Says:

    Prabhat,
    Thanks for all your help – hope you add “tips” button somewhere on here.

    However, I am in “process” of migrating from 2010 on cross forest typology. For that I would still like to use my 2010 as a “front end” exchange server. Kill me but I am sill having issues with the relay.
    Can you in short say what I am missing?
    2010 – setup as Accepted Domains – Relay
    2013 – has Accepted DOmains relay as well ( for same domain)
    2013 – has send connector to route to 2010.
    I am able to email outbound , only if I have smtp as * but its using a default connector and I dont want that.

  353. Ziva Says:

    Subscribed to this too.

  354. Prabhat Nigam Says:

    @Ziva
    So basically you wanted to send your domain email from Send connector 1 and rest of the email from Send connector 2(default)….
    On Send connector 1 You should have used smart host pointing to 2010 transport server. If you are using this then in 2010 you need to add this servers IP in the receive connector with anonymous user.
    On Send connector 2 You should let it use DNS to resolve MX. Make sure your 2013 server is able to resolve MX record using local dns in the tcpip properties.

  355. laimis Says:

    I uninstalled EX0213CU3 completely, then installed SP1 but broken SSL/TLS remains. Now it does not even find links to https://MailServer/owa or ecp. How do I issue new certificate for exchange and make it default certificate becaus new-exchange certificate without parameters does not help. I have few of certificates in store now. need to use powershell because cant get into ECP

  356. laimis Says:

    update. somehow I fixed SSL and now I at least get login window for ECP and for OWA, playing with different authentications i can get either loop (login window repeats after I enter credentials) or “bad user name or password”. I’ll try to ask very specificly what auth methods I need:
    For Default Web Site/OWA:
    For Default Web Site/ECP
    For Exchange Back End/OWA
    For Exchange Back End/ECP
    Anythhing else I missed to mention?
    Thanks

    P.S. It is only 5 months trying to start EX2013 so I have like one month of patience left :)

  357. Prabhat Nigam Says:

    @laimis
    See if this helps: http://msexchangeguru.com/2013/12/31/e20132007-urlsauth/

    If not then give me the remote. 5 months is a big time. I have asked you via email. or open a support case with Microsoft.

  358. Prabhat Nigam Says:

    Update on Laimis issue:

    -Server was looking an old upgrade from 2003 to 2007 to 2013, so IIS had all extra directories which were causing problems.

    -we also got the error:
    Could not load file or assembly ‘Microsoft.Exchange.OwaUrlModule, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35′ or one of its dependencies. This assembly is built by a runtime newer than the currently loaded runtime and cannot be loaded.

    -We Removed IIS, then Removed Exchange 2013 then restarted the server.

    -Now we installed IIS, then exchange 2013 SP1 and everything started working good.

  359. Raman Says:

    Hello Prabhat,

    I really appreciate if you able to provide an advise regarding co-existence Exhange 2010 and 2013, Single AD site. OWA/OutlookAnywhere pointed towards Exchange 2013 servers. Mailboxes are still on Exchange 2010 servers.
    Exchange 2013 Virtual Directories Internal URLS and External URLS are same as company.domain.com

    Question is what should be the recommended Exchange 2010 Virtual directories are Internal URLs and External URLs?

    Thanks,
    Raman

  360. Prabhat Nigam Says:

    @Raman
    Same URL as 2013 company.domain.com

  361. Raman Says:

    Prabhat,

    Thanks for your quick response

    So all the virtual directories on 2010 and 2013 should have same External URL.
    But that would not create a loop? And it would work for Outlook Anywhere and if you are connected on LAN keeping in mind Exchange 2010 users.
    Thanks
    Raman

  362. Raman Says:

    I mean to say Outlook anywhere and RPC connections for Exchange 2010 users.
    Exchange 2013 I believe would work fine.
    I am just wondering when Exchange 2013 proxy the connections to back end Exchange 2010 CAS servers that would not create a loop?
    Thanks,

  363. Prabhat Nigam Says:

    Don’t worry. It will not create a loop. 2013 will proxy to 2010.

  364. Raman Says:

    Prabhat,

    What about autodiscoverinternalUri that should also be company.domain.com for all Exchange 2010 and 2013 CAS servers?

    Thanks,
    Raman

  365. Raman Says:

    I mean autodiscover.company.com/autodiscover/autodiscover.xml

  366. Prabhat Nigam Says:

    Same on both 2010 and 2013: https://autodiscover.domain.com/autodiscover/autodiscover.xml

  367. laimis Says:

    Hi Prabhat,
    Thanks for your help on launching EX2013. Now I’m facing another issue: I need to reconfigure TMG2010 for Exchange 2013 and my questions are:
    1. Will EX2013 server redirect mail to EX2007 out of box or some configuration has to be done?
    2. I tried new OWA publishing rule for EX2013 and got in a loop telling that I should use https://mail.company.com/owa.
    Entry for mail.company.com exists in DNS and is pointing to EX2013 server
    When I try internaly to log 2007 user to 2013 OWA it generates an error and does not forward to 2007 OWA, should it be like this?
    When i try mail.company.com/owa internaly it goes for 404 “page not found” error. what should I do there?

  368. Raman Says:

    Hello Prabhat,
    Is there a place on this where we can start a new question?

    By the way following is the question I would like to put for some advise: –

    ===========================
    We are currently running Exchange 2013 SP1 co-existence with Exchange 2010 SP3 Rollup 4.

    Our Outlook Anywhere and OWA are pointed towards Exchange 2013 CAS servers.

    User mailboxes are still on Exchange 2010.

    Outlook Anywhere with Exchange 2010 mailboxes are able to connect via Outlook 2010.

    The only issue is when Outlook Anywhere is being used from Internet or from Internal network and user goes in Outlook 2010 -> File -> Automatic replies get the following error: –

    “Your automatic reply settings cannot be saved. The server might be unavailable, or your automatic reply message might have exceeded the size limit on the server”

    This only occurs if connection goes via Exchange 2013 SP1 CAS server. It was working before and it seems it just broke down since we upgraded to Exchange 2013 SP1. In HTTPProxy EWS logs on Exchange 2013 SP1 CAS server I see this when I re-create the issue on Outlook 2010.

    =================================

    “2014-03-18T12:46:48.135Z,c64653f6-6b52-4657-8b3b-f9f1f5ece965,15,0,847,30,,Ews,messages.domain.com,/EWS/Exchange.asmx,,Negotiate,True,domain.com\id2013,,Sid~S-1-5-21-323741388-3570301916-4168597275-99094,Microsoft Office/14.0 (Windows NT 6.1; Microsoft Outlook 14.0.7113; Pro),10.90.234.35,VPLXCAS01,400,,,POST,Proxy,exch2010casserver.domain.com,14.03.0123.000,IntraForest,WindowsIdentity,,,,5423,,,,2,0,,0,,0,,0,0,0,0,1,0,,,,,,3,0,,2,,4,5,,,CorrelationID=;BeginRequest=2014-03-18T12:46:48.135Z;ProxyState-Run=None;DownLevelTargetHash=4/4/6;ClientAccessServer=exch2010casserver.atkearney.com;ResolveCasLatency=0;ProxyToDownLevel=True;BeginGetRequestStream=2014-03-18T12:46:48.135Z;OnRequestStreamReady=2014-03-18T12:46:48.135Z;ProxyState-Complete=ProxyRequestData;,StreamProxy=StreamProxy-Request-None;HttpException=Cannot find the appropriate SOAP header or body.;”

    =========================

    I have checked and double checked using https://testconnectivity.microsoft.com/ and there are no issues in “EWS”.

    It works fine if user mailbox is on Exchange 2013 Sp1.

    I was wondering if anyone has co-existence of Exchange 2013 SP1 and Exchange 2010 SP3 could you please test Exchange 2010 mailbox via Outlook Anywhere and see if you could re-create this issue. After spending a week on this I wonder if it is some sort of bug in Exchange 2013 SP1.

    Thanks,

  369. Snap Says:

    Hey, I am getting this error “There is a problem with the proxy server’s security Certificate. The name on the Security Certificate is invalid or does not match the name on the target site. Outlook is unable to connect to the proxy server. (error Code 0)

    I have change out the cert multiple times, exported and imported from 2007 to 2013. Both servers have the same cert. I have done all the troubleshooting steps I could find online. The rpc url, purchased a new cert. installed the cert on local machine. I even build the 2007 and 2013 replica in a lab which does not have this problem at all.

    When I am getting this problem is when I create a room calendar in 2013 and try to access it from a mailbox in 2007.

    Anyone have this issue?

  370. Prabhat Nigam Says:

    There is a possibility of design and never works. It should not be Legacy to NEW same thing applies to Modern PF. I will have to check on it.

  371. Silvia Says:

    Very nice article. I absolutely love this site.
    Stick with it!

  372. Ahamed Says:

    Hi Prabhat.

    We have exchange 2010 and exchange 2013 in co-existence. We have run in to a issue.

    Exchange 2010 users cannot access ECP in OWA as it hangs once they click on options
    Exchange 2013 users have no issues accessing the ECP.

    The authentication across all the CAS servers is FBA

    Header in OWA 2010 when we click on options : https://mail.domain.com/ecp/?rfr=owa
    Header in OWA 2013 when we click on options : https://mail.domain.com/ecp/?rfr=owa&owaparam=modurl%3D0&p=account

    Tried connecting to ecp using exchange 2010 CAS server https://casserver1.domain.com/owa and still does not work.

  373. Prabhat Nigam Says:

    @Ahmad

    What is the version of exchange 2013?

    Try this url if this helps: https://Exchange2010ServerName/ecp?ExchClientVer=14

    Also add Basic auth for OWA and see if this helps.

  374. Matthew Says:

    First off…Great Article.
    I am in the process of upgrading from Exchange 2007 to Exchange 2013. I already have both Exchange 2007 and 2013 installed on separate servers. I am kind of stuck with swapping over Outlook Anywhere and the other service URLs.
    My current Exchange 2007 server has a hostname of ex1.domain.com and the same for internal and external DNS. Also, all of the service URLs point to the ex1.domain.com (e.g. https://ex1.domain.com/Autodiscover/Autodiscover.xml). My new Exchange 2013 server is called ex2.domain.com. I know I can swap the external DNS for the Exchange 2013 to ex1.domain.com without an issue but I will not be able to do the internal DNS because the Exchange 2007 hostname is ex1.domain.com.
    What would be your recommendation for changing to the Exchange 2013 server?

  375. Prabhat Nigam Says:

    @Matthew
    Look for the URLs on this blog
    http://msexchangeguru.com/2013/12/31/e20132007-urlsauth/

    AutoDiscoverServiceInternalUri should be this on both server- https://autodiscover.domain.com/Autodiscover/Autodiscover.xml

    Let me know if you still looking for some answers.

  376. Sandeep Says:

    This a great article and thanks for the same, However we are finding difficulties in migrating OAB from 2010 to 2013. Do you have any article regarding the same?

    Thanks in advance

  377. Prabhat Nigam Says:

    Hey Sandeep,

    You can’t move OAB from 2010 to 2013 because exchange 2013 has new OAB which can only be managed by shell

    So go to exchange 2013 shell and type get-offlineaddressbook and you will see it.

    New Oab is part of a arbitration mailbox.

    Check this link
    http://blogs.technet.com/b/exchange/archive/2013/01/14/managing-oab-in-exchange-server-2013.aspx

  378. Ziva Says:

    One problem I am missing is the free/busy between users in 2010 and 2013 exchange, how to go about that?
    I looked into FIM etc but thats for GalSync not free/busy

  379. Prabhat Nigam Says:

    @Ziva

    We add the availability address space. Please look at the step on this technet link
    http://technet.microsoft.com/en-us/library/bb125182.aspx

  380. Sandeep Says:

    Hey Prabhat,

    Thanks for the update and we have turned off the Exch 2010 servers and OAB is working fine internally but we are not able to download OAB from external network. Have i missed anything?
    I have updated the Virtual directories.
    How do I check the functioning of OAB before I remove the old servers from network.

    Thanks in advance

  381. Karthikeyan Balasubramani Says:

    Hi,

    I also facing a similar issue, I am not able access https://CASServer.local/OAB either from internally or externally. Also internally only from outlook 2010 I am able to download OAB and when I try from outlook 2013 it doesn’t work says “Object not found”.

    Do I need to add any DNS entries to access and download OAB externally?

    Regards

  382. Jerold Champagne Says:

    I rarely write comments, however I browsed some of the responses on this page Exchange 2010/2007 to
    2013 Migration and Co-existence Guide

  383. Prabhat Nigam Says:

    Hey Sandeep,

    If OAB is working then it will work externally as well. Just verify the permission on the oab virtual directory.

    By the way, how are you checking RPC over http?

  384. Prabhat Nigam Says:

    @Karthikeyan

    Exchange 2013 uses arbitration mailbox to keep OAB. So go though this blog which will help you understand and maintain the OAB.
    http://blogs.technet.com/b/exchange/archive/2013/01/14/managing-oab-in-exchange-server-2013.aspx

  385. Prabhat Nigam Says:

    Just fixed a simple issue and wanted to share a quick fix. This issue will come to the admins because inheritance gets removed if you are a domain admin and while moving your mailbox exchange will fail and give the below error.

    “Error: MigrationPermanentException: Active Directory property ‎’homeMDB‎’ is not writeable”

    As a quick fix open ADUC, enable advanced features, find your user account, go to the security tab, then advanced and enable inheritance.

  386. Sandeep Says:

    Hi Prabhat,

    When I try to access address book from OWA it works, when I try to download from Outlook I get the error “Object not Found”

  387. Prabhat Nigam Says:

    Hey Sandeep

    Owa uses GAL so its different.

    The below command will configure the OAB for all databases. Have you run it. “Default Offline Address List (Ex2013)” is the name of the OAB created by 2013. Did you configure it? IF yes then verify permissions on OAB virtual directory.

    Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Default Offline Address List (Ex2013)”

  388. Sandeep Says:

    Hi Prabhat,

    As it was a migration from 2010, I migrated the system mailbox from 2010 to 2013. Name of my OAB is Offline Address Book (Ex2012).

    [PS] C:\Windows\system32>Get-OfflineAddressBook
    Creating a new session for implicit remoting of “Get-OfflineAddressBook” command…
    Name Versions AddressLists
    —- ——– ————
    Offline Address Book (Ex2012) {Version4} {\Default Global Address List}

    [PS] C:\Windows\system32>Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Default Offline Address List (Ex
    2013)”
    Couldn’t find offline address book “Default Offline Address List (Ex2013)” . Please make sure you have typed it
    correctly.
    + CategoryInfo : NotSpecified: (:) [], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : A510CFFE
    + PSComputerName : irsauhcas01.irshad.ae
    [PS] C:\Windows\system32>Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Offline Address List (Ex2012)”
    Couldn’t find offline address book “Offline Address List (Ex2012)” . Please make sure you have typed it correctly.
    + CategoryInfo : NotSpecified: (:) [], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : FE6C3AE
    + PSComputerName : cas01.irshad.ae
    [PS] C:\Windows\system32>Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Offline Address Book (Ex2012)”
    [PS] C:\Windows\system32>

  389. Prabhat Nigam Says:

    So how is it going running?
    Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Offline Address Book (Ex2012)”

  390. Edmund Oclemons Says:

    Howdy very nice blog!! Guy .. Excellent .. Amazing ..
    I’ll bookmark your site and take the feeds also? I’m satisfied to seek out so many
    useful info right here in the put up, we’d like work out extra techniques on this regard, thank you for sharing.
    . . . . .

  391. Henri feinberg Says:

    Hi Prabht,
    This is a great Blog, congrats.

    I have the exact same issue as Matthew in post # 374 except we are migrating from 2010 to 2013:

    Presently the front end server is the 2010. I have a “test” mailbox moved and tested successfully for mail flow in and out of the 2013 server through the 2010 server.
    However, I want to set the 2013 as the front end server, for that I will export the SAN certificate from 2010 to the 2013 server and do a switch over, dns and mx to point to the 2013 server, so all external requests will hit the 2013 server and if a mailbox reside on the 2010 box, the 2013 will do the Proxying or redirect to the 2010 if required, so far I think all is well per all the MS KBs and the Exchange deployment Assistant tool. But as for devices that are used Internally & Externally such as laptops, iPhones etc. and even internal access through OWA, I think AD will direct requests wrongly strait to the 2010 as it carry the same host name as the 2013 imported certificate (is there any way to fool the AD DNS and redirect to the 2013 Box?).

    To resume, after I have set the 2013 as a front end server I will have the followings:
    External AND internal URI on the 2013
    https://ex1.domain.com  for all services
    https://autodiscover.domain.com  For SCP
    EX1 server internal AD Is the 2010 server as it carry NetBios name: EX1 on the Internal Domain: domain.com, but the 2013 certificate uses the ex1.domain.com name. so users with Exchange 2013 mailboxes will be directed to the 2010 box as per AD DNS resolution and not to the 2013.
    Also the autodicover will point wrongly internally to the 2010 server.
    How to mitigate the situation as renaming an Exchange computer is out of the question.

    Thanks in advance for any Insights.

    Henri.

  392. Prabhat Nigam Says:

    @Henri

    Renaming computer is never recommended so I am with you on it.

    1. Change the host file of the users desktop and deploy it using gpo until you are in a position to remove 2010.
    or
    Buy a new certificate. It is not so costly. Try Godaddy.com

    2. Point your autodiscover to 2013.

  393. Roxanne Levin Says:

    For most up-to-date information you have to pay a quick visit world wide web and on web I
    found this web page as a best site for latest updates.

  394. Steve T Says:

    Prabhat,

    Coexisting with 2010/2013 SP1. Right now external outlook clients using OA (with cache mode enabled) get disconnected and reconnected almost every two minutes. Internally it works great. Online Mode works perfectly as well. Using NTLM for authenticating internally and externally. We have “mail.domain.com” for our internal and external hostnames. Pointing “mail.domain.com” to two 2013 CAS servers behide the load balancer with over ports 80/443. Not sure what could cause cached enabled Outlook users to disconnect and reconnect every two minutes.

  395. Prabhat Nigam Says:

    @Steve
    Try the following:
    Bypass the load balancer and check.
    Are we offloading SSL on Load balancer?
    Verify if any service is restarting.
    Remove one server from LB and check. Do the same for server2.

  396. Steve T Says:

    Good call on the load balancer Prabhat. That was it.

  397. Steve T Says:

    Journal Migration Question:

    I have a two Journal mailboxes (From Exchange 2007 and From Exchange 2010). Would it be possible to manually move the .edb files and mount them on the Exchange 2013 Mailbox server move these extremley large mailboxes? If I did mount these Journal databases, would I be able run e-discovery searches from them in Exchange 2013?

  398. Prabhat Nigam Says:

    Hey Steve,
    Trust me I ask this 1st thing when I spoke to Microsoft guys.
    But unfortunately we can’t mount 2010 or 2007 DBs to 2013 because of the changes in the DB. Which means New 2013 DB has reduced IOPS requirement, more reliable and fast.

  399. Heni Feinberg Says:

    Thanks for the Update Prabhat
    I have question regarding my issue with autodiscover.domain-name.com
    I have purchased a new SAN Certificate for our 2013 Exchange server, so now we have two SAN certificate one for Exch2010 and one for the 2013, both certificates have the autodoscover.domain-name.com on it. The 2010 is the front server right now, we cannot access mailboxes on the 2013 from the Internet, as it is a backend server no public IP pointing to it yet. is there a way to access a 2013 mailbox by passing through the 2010 front end server?.
    Note that I have not started real migration of mailboxes yet as I want to make sure that all is good before I move production mailboxes.

    On the MS deployment assistance they suggest to run these commands, I am not sure what there for and if I can run them before I do a switchover to the 2013 as a frontend?:

    Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $True} | ForEach {Set-OutlookAnywhere “$_\RPC (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Exchange2013HostName -IISAuthenticationMethods NTLM, Basic}

    and this one:

    Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable-OutlookAnywhere -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Exchange2013HostName -IISAuthenticationMethods NTLM, Basic

    Thanks again for help will greatly be appreciated. Henri

    @Henri

    Renaming computer is never recommended so I am with you on it.

    1. Change the host file of the users desktop and deploy it using gpo until you are in a position to remove 2010.
    or
    Buy a new certificate. It is not so costly. Try Godaddy.com

    2. Point your autodiscover to 2013.
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  400. Ratish Nair Says:

    Henri – You can employ 2 separate certificates on Exchange servers. The only requirement is that all URL’s you employ should be added as a SAN name to the UCC certificate AND the URL’s on the Virtual directories on Exchange is set properly. Say you set webservices to the server FQDN whcih isnt a part of the cert – when clients try to connect Outlook will receive a certificate pop up.

    In a typical migration scenario you:

    1. Install Exchange 2013 and create some test mailboxes in it
    2. Test OWA and Outlook connections internally
    3. For OWA/ExchangeActiveSync and Outlook anywhere from External,create a different route to and from the internet and NAT those ip’s directly to Exchange 2013. Then test it.
    4. Doing this will ensure your Exchange 2013 servers are working correctly and then you can start migrating some test mailboxes.
    5. Once you ensure everything is working as expected, simply change the DNS entries to the new server during off business hours.

    Hope that helps.

    Ratish

  401. Steve T Says:

    Prabhat,

    So you’re saying I either have to migrate the 2007 and 2010 journal mailboxes to 2013 or keep 2010 around long enough for the data to age from our retention policies.

    –Steve

  402. Heni Feinberg Says:

    Hi Ratish,

    Thanks for the quick replay and thanks for the input.

    The problem is that the autodiscover.domain.com is on the 2010 server. so when I configure outlook with a mailbox on the 2013 server, Outlook cannot resolve to the 2103 server since the autodiscover point to the 2010 server. So if we want to coexist between 2010-2013 we need autodiscover for both 2010 and 2013?

    Thanks again,

    Heni.

  403. Ratish Nair Says:

    Oh how could I miss that part. You need to create a Host file on the machine you are testing and point autodiscover.domain.com to that public ip/internal ip.

    Use Ping /a to test and make sure your Host file works – you can additionally browse it and confirm it reaches the Exchange 2013 box… hope that helps…

  404. Heni Feinberg Says:

    ok, but say I will need coexistence 2010 to 2013 so Outlook client of the 2010 are ok since autodiscover dns point to the 2010 server so on every client I am migrating I will need to add a host entry pointing autodiscover to the 2013 server?

  405. Steve T Says:

    @Heni,

    Once you test autodiscover is working with your host file, you can then roll out (during an a scheduled outage)the 2013 autodiscover to your organization. the 2013 autodiscover will query AD and find out if they are on a 2010 MB server or a 2013 and proxy the request to the correct server.

  406. Prabhat Nigam Says:

    Yes Steve, unfortunately, keep 2010 DB or Migrate to 2013 is the only options.

    With 2010 and 2013 we have option of suspending the migration at 95% so we might be able to migrate this mailbox in parallel.

  407. Prabhat Nigam Says:

    Thank you Steve for helping Heni.

  408. Prabhat Nigam Says:

    @Heni
    Ratish has tried to cover me as I was busy yesterday. Also Steve has helped. I have just reviewed all our discussions so I would like to conclude our discussion here. Let me know if you have any question.

    1. 2010 cert is using serverfqdn and server name is the url every where.
    Now we got new certificate.
    Install new cert on 2013 and 2010.
    Keep one url on both 2010 and 2013. Something like mail.domain.com or webmail.domain.com or email.domain.com which should be in the new cert.
    Configure 2010 and 2013 urls as per new certificate.

    2. Auto discover.
    Autodiscover.domain.com should be there in the cert. This will connect both 2013 and 2010. As Steve said, autodiscover will find the correct url and connect.

    3. Before cut over testing.
    You need to use hosts file which is at c:\windows\system32\drivers\etc
    2013IP fqdn of the url
    2013IP autodiscover.domain.com

    3a. Your question is how to test from Internet.
    We need internet IP which has 1-1 nat to 2013 CAS IP to test. Else test is from Lan using host file. Host file help in both internet and lan but we need to change to internet IP when we test from internet

    3b. What to test.
    1. Outlook, ecp and owa connectivity & access to mail with send and receive.
    1a. Connection to 2013 mailbox
    1b. Connection to 2010 mailbox using same 2013 IP in the host file for redirection.
    2. Public Folder access which are on 2010

    4. Cut over.
    When you have tested connectivity
    Change the following internet IP natting.
    a. Url and Autodiscover – Internet IP to 2013 CAS IP

    5. Migration
    Post cut over you have to start the migration but test mailbox migration has to be done before cut over.

    6. Commands on MS blog
    Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $True} | ForEach {Set-OutlookAnywhere “$_\RPC (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Exchange2013HostName -IISAuthenticationMethods NTLM, Basic}

    This command is searching version 14 which is exchange 2010. Then server role CAS. Then checking outlook anywhere is true. then configuring authentication to basis, disabling SSLoffloading, configuring url for outlook anywhere and configuring IIS authentication method to basic and ntlm.

    Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable-OutlookAnywhere -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Exchange2013HostName -IISAuthenticationMethods NTLM, Basic

    This command is searching version 14 which is exchange 2010. Then server role CAS. Then checking outlook anywhere is false. Then enabling outlook anywhere and configuring authentication to basis, disabling SSLoffloading, configuring url for outlook anywhere and configuring IIS authentication method to basic and ntlm.

    There is no mapi in 2013 so outlook will connect using outlook anywhere in other words RPC over http. So these commands are configuring 2010 servers for outlook anywhere.

    But if you follow my blog steps then here are the same steps. This has to be done before cut over.

    Enabling and Configuring Outlook Anywhere.

    For Exchange 2007
    Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 8*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable-OutlookAnywhere -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Exchange2013HostName -IISAuthenticationMethods NTLM, Basic

    For Exchange 2010
    Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable-OutlookAnywhere -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Exchange2013HostName -IISAuthenticationMethods NTLM, Basic

  409. Henri Feinberg Says:

    Thanks Prabhat, Steve and Ratish,
    Ok here is the latest:

    Exchange 2010 SP3 coexistence with Exchange 2013 SP1

    Exchange 2010 is front end for now:
    – SAN Certificate with all services pointing to https://mail.domain.com autosiscover.domain.com is also in the certificate.( NOTE: Computer NetBIOS name of the server is MAIL which is no good)

    Exchange 2013 is back end for now:
    – SAN certificate installed with all services pointing to https://webmail.domain.com autodiscover.domain.com is also in the certificate (NOTE: the NetBIOS computer name is exch2013 so no references to any certificate, that is good)
    – Created on AD DNS A record webmail.domain.com
    – Moved a 2010 mailbox the Exchange 2013
    – Tested INTERNALY OWA, ECP, OAB on the 2013 with https://webmai.domain.com/owa or /ecp all is GOOD.
    – user my own Outlook to create a test profile that is on the 2013 server get error during resolution ==> Outlook cannot log on. Verify you are connected to the network…(name resolution to the 2013 is fine.
    – used a band new workstation with Outlook version inferior than mine, No problems at all autosicover did the job outlook could discover the 2013 test mailbox with no problem.

    ONE thing here: when I do test the connections using Outlook I see all HTTPS connections with a STRANGE server name such as: 51ae66d-1d7c-qq12-……@domain.com I suspect it is some kind of exchange 2010-2013 connector ?

    EXPR
    webmail.domain.com
    On
    Ntlm
    https://webmail.domain.com/ews/exchange.asmx
    https://webmail.domain.com/ews/exchange.asmx
    https://webmail.domain.com/ews/exchange.asmx
    https://webmail.domain.com/ecp/

    Now, I did not do any hosts file modifications, by the way on what PC I was suppose to add the autodiscover.domain.com entry? on the client machine? on the 2013 server? what for if all seems to work fine ?

    Next step will be to test OA and OWA from the Internet, for that I will add a NAT to the Internal IP for port 25.

    PLEASE le me know if so far I am on the right track and again I am VERY delightful with your support,

    Henri.

  410. Prabhat Nigam Says:

    1. Change url from mail to webmail on 2010

    Exchange 2010 is front end for now:
    – SAN Certificate with all services pointing to https://mail.domain.com autosiscover.domain.com is also in the certificate.

    2. In 2013 server name will show as guid so no strange. This is by design.

    3. On outlook computer you need to add host file entry for autodiscover to point to 2013 CAS.

  411. Henri Feinberg Says:

    Hi Prabhat,

    1. Change url from mail to webmail on 2010 ==> I have too many of users I will have to do a switch over anyways

    3. On outlook computer you need to add host file entry for autodiscover to point to 2013 CAS. ==>I tried this with no success but like I said before it worked without host modification on a brad new workstation.

    Can you please tell me if what I am intend to is OK for the next step:

    1. Modify all whatever public IP point to the 2010 server to point to the 2013 server so that External / Internal DNS will point to the 2013 server.
    2. Modify autodiscover.domain.com to point to the 2013 server Internal and External
    3. at this point the 2010 Certificate will not be used anymore (is that right?)

    At this point all mail flow internal and external should passé thought the 2013 server, so if a mailbox reside on the 2010 server by help of AD should direct to the proper place.

    4. test test test by moving my own mailbox and see if all ids good
    5. Post it here and let you know the results.
    6. Attack the Public Folders…

    Thanks again,

    Henri.

  412. Prabhat Nigam Says:

    My Reply below:

    1. Change url from mail to webmail on 2010 ==> I have too many of users I will have to do a switch over anyways

    Autodiscover should change it if we reopen the outlook.

    3. On outlook computer you need to add host file entry for autodiscover to point to 2013 CAS. ==>I tried this with no success but like I said before it worked without host modification on a brad new workstation.

    We might need to fix this issue. It can be related to different issues around outlook so test more computers.

    Can you please tell me if what I am intend to is OK for the next step:

    1. Modify all whatever public IP point to the 2010 server to point to the 2013 server so that External / Internal DNS will point to the 2013 server.
    Yes

    2. Modify autodiscover.domain.com to point to the 2013 server Internal and External
    Yes

    3. at this point the 2010 Certificate will not be used anymore (is that right?)
    Yes, Change the certificate when you have change the urls. Make a copy of the old cert

    At this point all mail flow internal and external should passé thought the 2013 server, so if a mailbox reside on the 2010 server by help of AD should direct to the proper place.

    yes

    4. test test test by moving my own mailbox and see if all ids good
    Yes

    5. Post it here and let you know the results.
    Yes

    6. Attack the Public Folders…
    Yes

  413. Heni Feinberg Says:

    Thanks again and I will definitely let you know of the results.
    Henri.

  414. Daniel Says:

    Hi, First off, thank this is a great post.

    Everything seems to going well. I have been competing a lot of testing before I complete the switch. The only issue that I can see at the moment is that Outlook is prompting for a password to download the OAB. I can’t seem to put a nail in what the problem is. Any assistance would be awesome!

  415. Prabhat Nigam Says:

    @Daniel

    Did you set the following? If yes then it is permissions in IIS else configure it.

    Run the below command to configure OAB for all databases:

    Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Default Offline Address List (Ex2013)”

    Default Offline Address List (Ex2013) can be replaced by your custom named OAB.

  416. Daniel Says:

    All Databases on the ex2013 server have been set to this oab(Do ex2010 databases need this set on them as well?), I’m guessing its permissions in IIS.

    ServerName : EX2013
    Identity : Database 1
    OfflineAddressBook : \Default Offline Address Book (Ex2013)

    ServerName : EX2013
    Identity : Database 2
    OfflineAddressBook : \Default Offline Address Book (Ex2013)

    ServerName : EX2013
    Identity : Database 3
    OfflineAddressBook : \Default Offline Address Book (Ex2013)

    It doesn’t seem to matter if the mailbox is on 2013 or 2010, still receiving the same message when going thought the 2013 CAS.

    Thanks in advance.

  417. Prabhat Nigam Says:

    @Daniel
    Check if this helps – http://msexchangeguru.com/2014/05/11/e2010-oab-error-80190194/

  418. Daniel Says:

    Thank Prabhat, But still facing the same issue. I not totally sure if it is the OAB now.

    I just did some quick testing, and changed the outlook profile. Under outlook anywhere settings un-ticked both “on fast network’s use http…” and opened outlook and it works. but once you close and reopen, autodiscover then replaces the tick boxes back, and I am then prompted for the password again.

  419. Prabhat Nigam Says:

    You have to keep them ticked for 2013 mailboxes because there is no mapi protocol in 2013.

  420. Daniel Says:

    Prabhat,

    When I open outlook to connect to a 2013 mailbox I have the following in the connection status. Autodiscover looks good.
    I have 2 established connection for Exchange Mail with proxy server as mail.company.com & server as guid@company.com
    But have the following as connecting(when not doing anything with the password prompt)
    1x Exchange Public Folders with the proxy as mail.company.com & server as 2010Svr.company.local
    2x Exchange Referral with nothing in proxy & server as guid@company.com
    1x Exchange Directory with nothing in either proxy or server

    I have also just noticed that I now cannot connect with outlook to a 2010 mailbox through the 2013cas. OWA works like expected.

    Current setup is as follows
    1x 2010 SP3 RU5 Edge on 2008 R2
    1x 2010 SP3 CAS,MBX,HUB on 2008 R2
    1x 2013 CAS,MBX on 2012 R2
    Windows 8.1 Clients with Office 2013 SP1. I will test later today with outlook 2010 to see if there is any difference.

  421. Steve T Says:

    Question on migrating Ex2010 Unified Messaging to Ex2013:

    Do we need to move all the mailboxes before we migrate Ex2010 to Ex2013? Is it possible to coexist with Ex2010 UM and Ex2013 UM?

  422. Daniel Says:

    Sorry Just re-reading my post should be 1x 2013 SP1

  423. Prabhat Nigam Says:

    @Daniel

    Could you check if you have outlook anywhere configured on 2010 server.

    Did you follow my whole blog or missed any step?

  424. Prabhat Nigam Says:

    @Steve
    We need to upgrade Ex2010 UM and Ex2013 UM before moving user mailboxes. Ex2010 UM and Ex2013 UM coexistence is possible.

    I have updated the below with the follow:
    Unified Messaging: Upgrade Exchange 2010 UM to Exchange 2013 UM

    This is the optional step only for unified messaging configured organizations.

    Please follow the below link to upgrade exchange 2010 UM to Exchange 2013 UM

    http://technet.microsoft.com/en-us/library/dn169226(v=exchg.150).aspx

  425. Jovin Says:

    Hi Prabhat,

    We have are in the co-existence scenario with E2007 and E2013 and it’s time for decommissioning,

    Currently, we are having a lot of devices pointing to E2007 hub either by hostname or IP for smtp relay, how do I move them over to E2013 Mailbox, Should I shutdown hub ,edit the dns entry of hub to point to E2013 mailbox, add network card on E2013 with same ip and copy all the receive/send connectors from hub? Will this do?

    Regards,
    Jovin

  426. Prabhat Nigam Says:

    Hi Jovin,

    Please follow these steps.
    1. Create a new receive connector in 2013
    2. Add the IPs in the receive connector of the 2013 server. 2007 server will have these IP in the receive connector. Also configure same security and authentication as 2007 receive connector.
    3. Then test the working of this relay by using telnet from a test host.
    4. Change the DNS entry from 2007 IP to 2013 IP.

  427. Jovin Says:

    Hi Prabhat, Thanks for the quick response, So my E2013 Mailbox Server will have two dns entries to the same ip:-
    1)E2013Mbx.domain.com ->172.21.206.106(E2013 MBX ip)
    E2007Hub.domain.com->172.21.206.106(E2013 MBX ip)

    Similarly I will have two different IP entries to E2013.domain.com in reverse lookup also.

    2)In my Send connector , I have source server as Exchange 2007 Edge server. I’m planning to re-use the same edge in E2013.I gather that there is no configuration needed on send connector right?Will shutting down E2007 Mbx,Hub cause Edge to not work?

    Sorry to bother you with so many questions,

    3)When I check my ‘Client Settings’ in Databases , there is no entry there for OAB. The drop down has ‘Default offline address book’ and ‘Default offline Address Book(Ex 2012)’ . Which I should be selecting and will it prompt an immeditate download of address book on all clients?

    4)I really don’t know if we are using public folders . There is a entry there but occupies only 2 kb of data. So should we be worried about moving them to E2013?

    Appreciate if you can help me out here.

  428. Prabhat Nigam Says:

    @Jovin

    Please find answers in line

    1)E2013Mbx.domain.com ->172.21.206.106(E2013 MBX ip)
    E2007Hub.domain.com->172.21.206.106(E2013 MBX ip)

    PN – Normally we use something like smtp.domain.com and give transport server IP for applications relay. If you have give server FQDN then you should change the FQDN in your application server. If you will change the IP of 2007 HUB in DNS then you might face some DNS resolution issue which end up causing mail flow issue. At the same time once you uninstall hub transport server you can change DNS entry.

    Similarly I will have two different IP entries to E2013.domain.com in reverse lookup also.
    PN – Reverse lookup should be same.

    2)In my Send connector , I have source server as Exchange 2007 Edge server. I’m planning to re-use the same edge in E2013.I gather that there is no configuration needed on send connector right?Will shutting down E2007 Mbx,Hub cause Edge to not work?

    PN – This should be fine.

    Sorry to bother you with so many questions,
    PN – Its ok.

    3)When I check my ‘Client Settings’ in Databases , there is no entry there for OAB. The drop down has ‘Default offline address book’ and ‘Default offline Address Book(Ex 2012)’ . Which I should be selecting and will it prompt an immeditate download of address book on all clients?

    PN- Use – Default offline Address Book(Ex 2013) for 2013 databases

    4)I really don’t know if we are using public folders . There is a entry there but occupies only 2 kb of data. So should we be worried about moving them to E2013?

    PN – Then you are not using public folders. Make sure you outlook client which are supported for Exchange 2013.

    I Hope this helps

  429. Felix Kondon Says:

    I have a environment where Exchange 2010 and 2013 co-exist. Currently all the mail boxes are still in 2010, not migrated as yet. We have no issues sending/receiving mails.

    Recently I did a test migrate of my own mail box from 2010 – 2013 successfully, confirmed by the summary report. After my mail box migrate, I am facing this issue: I can’t send to internal domain email addresses. I can be able to send to external and even receive from internal plus external email addresses. So issue is I can’t send to internal email addresses.
    Please help me sort this out.

    I have moved my mail box back to 2010 from 2013 but issue remains same.

    -Felix, 2014

  430. Prabhat Nigam Says:

    Hi Felix,

    Share the error.

  431. Jovin Says:

    @PN Thank you for assistance , my earlier points 3,4 could you add clarifications,

    3) I see only ‘Default offline Address Book(Ex 2012)’ , I don’t see Ex2013 . Is it okay ? can I change it to that?

    4)My outlook client supports e2013 .Currently ,If my mailbox is in Exchange 2013 , it has connection to public folder on E2007. So is it safe to just delete and not move them as you said?

  432. Prabhat Nigam Says:

    @Jovin
    3) Yes, change it
    4) If PFs does not have any data then yes go ahead.

  433. Felix Kondon Says:

    Hello Prabhat,

    I will get the error and paste it.

    I have an issue here, I want to have access to someone mailbox as I want to retrieve some emails. All I want to have is to have read ONLY access to his inbox, send & delete folders. How can i achieve this. I have tried adding the mailbox under my email and right clicked on inbox, Properties and give Reviewer access but that does not help, I can still delete mails under his inbox.
    Please let me know.

    Felix – 2014

  434. Prabhat Nigam Says:

    @Felix
    Permission can be be full access or send as only. Better to have a sharepoint for these kind of share permission.

  435. Heni Feinberg Says:

    Hi again,
    can anybody can tell me if I can setup Exchange 2013 to service MAPI over HTTP for users with Outlook 2013 SP1, and service at the same time users with RPC over HTTP for all other Outlook version (Except 2003) ?

    Thanks in advance.

    Henri.

  436. Prabhat Nigam Says:

    You should be using exchange 2013 SP1 to use outlook 2013 sp1 with other outlook version which has update from nov 2012 except 2003.

  437. Heni Feinberg Says:

    Thanks,
    I already have Exchange 2013 SP1 so I am OK to be able to use MAPI over HTTP and OA for other users (except O2003) than Outlook 2013 sp1 users with no issues?

  438. Prabhat Nigam Says:

    @Heni
    You are good.

  439. Felix Kondon Says:

    thanks Prabhat.

    Another issue here, i have moved my mail box from 2010 to 2013 successfully. How can i moved back to 2010? I have tried from 2013 Admin centre but never worked.

    Felix -2014

  440. Prabhat Nigam Says:

    Hi Felix,

    It is simple. Disconnect the mailbox in 2013. Then go to 2010 EMC Goto disconnect mailboxes and connect the old mailbox to the user.

  441. Felix Kondon Says:

    thanks Prabhat, just let me know how i can disable using the EAC.

  442. Prabhat Nigam Says:

    @Felix
    Follow the disable steps at the link http://technet.microsoft.com/en-us/library/jj863434(v=exchg.150).aspx

  443. Felix Kondon Says:

    Hi Prabhat, please ignore my last post above on how to disable.

  444. Felix Kondon Says:

    Hi Prabhat,
    I am getting an error after I disabled my mailbox in 2013 and then connect under disconnected box box.
    Please help

  445. Prabhat Says:

    Do the AD replication and you should be good.

    If not then share the error.

  446. Felix Kondon Says:

    Hi Prabhat,
    I have replicated but still nothing. Refer below the error:

    error:mailbox ‘32157d94-2233-456e-3294f68035at’ does not exit on database ‘mailbox database’

  447. Prabhat Nigam Says:

    @Felix
    what is the retention configured on Exchange 2010 database. If we have passed the retention then mailbox might be removed from 2010 DB. In this can connect back to 2013 mailbox. Export the data to Pst. Then disconnect mailbox in 2013, create new mailbox in 2010 and import Pst.

    I have not tested the command to migrate back to 2010 so I can’t confirm on command let.

    If mailbox move was done within retention and we have not waited 24hrs to run mailbox management then we might need to run the command clean-mailboxdatabase. link is here http://technet.microsoft.com/en-us/library/bb124076(v=exchg.141).aspx
    Full command will be “get-mailboxdatabase | clean-mailboxdatabase” – Run on 2010

  448. Felix Kondon Says:

    thanks Prabhat, I was able to create a new mail box and import the pst. Now i can have all my items in inbox & send from the old one.

    Another issue (different):
    A user receives his email from internet using OWA and his inbox is full and wants to archive them but he says, there is no tab in OWA to do the archiving them. How can I do this for him on the EMC in 2010?

  449. Prabhat Says:

    You need to create a archive mailbox or install 3rd party Archive software

  450. Felix Kondon Says:

    thanks Prabhat

  451. Jovin Says:

    Hello PN, Thanks for narrowing down my doubts to just one , My mailboxes on E2013 on outlook point to E2007 for public folders. Where is it specified that it should point to E2007?Will deleting public folder on E2007 make Outlook to not look for public folders anymore(which is what I want to achieve)?

    How does Outlook make sure public folders are not needed anymore?

  452. Prabhat Nigam Says:

    @Jovin
    Dismount the PF mailbox store for couple of day and see if anyone reports any issue.

  453. Jovin Says:

    Hi Prabhat, Are you sure dismounting the PF database will work ? Wont we have to remove it from adsiedit to not allow E2013 to see the PF databases on E2007?

    Some of my outlook 2010 clients are on 14.0.6025.1000 ,whereas the minimum supported on Microsoft website is 14.0.6126.5000. But, my outlook 2007 clients are above the minimum .

    How come my outlook 2010 clients work on Exchange 2013 .Do I have to upgrade them to the latest service pack?

  454. Prabhat Nigam Says:

    @Jovin
    Dismount is better option for testing that noone is using. once you are satisfied no one is using. Then we will have to remove it.
    ADSIEDIT.msc is the last resort to remove PF but it is not recommended to use and we should try using it because this is the raw level AD.

    Update your outlook 2010 as per the Microsoft website. There is no other choice.

    We should keep all softwares up to date unless any error report in the update. So upgrading to latest is going to improve in case of outlook.

  455. Felix Kondon Says:

    Hi Prabhat,

    I am trying to create a policy in Exchange Manager. My case is:
    Create a email account which will except bigger sized emails and detach the attachments and send it to a shared folder where users with less sized email limits can access the files on the shared folder.

    thanks

    Felix -2014

  456. Prabhat Nigam Says:

    Very interesting. Let me know the result.

  457. Felix Kondon Says:

    Hi Prabhat,

    Sorry, I was trying to say how I can do/achieve this. I tried this and never got it working so need your help please

    Felix -2014

  458. Felix Kondon Says:

    Hi Prabhat,
    Where can I check my SMTP settings on my exchange 2010 server?

  459. Felix Kondon Says:

    Hi PN,
    please disregard my post above.

  460. Felix Kondon Says:

    Hi Prabhat,

    My IMAP4 setting on the server is set to “Secure Logon. A TLS connection is required ….” and i wanted to integrate a system with my Exchange 2010 for email communication.
    Can you please confirm what settings I can use on the new system to integrate well.

    ie port number, Authentication type (ie Authlogin, cramMD5, NTLM or Plain), etc..

    thanks

  461. Prabhat Nigam Says:

    @Felix
    Have a look here
    http://technet.microsoft.com/en-us/library/jj657728(v=exchg.150).aspx#settings
    http://msexchangeguru.com/2013/08/04/e2013popimapauth/

  462. Felix Kondon Says:

    Hi Prabhat,
    Refer to post above on 4/06/2014 12:59am.

    I have done as advised but i now used to face a prompt when i restart outlook, ie or
    When i click use old Data, it will go to the old outlook but offline. Now i used to click on “use temporarily Mailbox” and use this and I have already moved my emails from old to this new one.
    Now I am annoyed by this prompt and finding how i can remove or disable it to prompt when I start outlook.

  463. Prabhat Nigam Says:

    Reconfigure the profile and make sure autodiscover is working fine.

  464. Snap Says:

    Hello Prabhat, I have everything up and running. I followed your steps, they are the best on the internet. I am having another issue now. Emails are still filtering through Exchange 2007 to 2013. How do I change it to go directly to 2013?

  465. Felix Kondon Says:

    Hi Prabhat,
    I want to export csv list to my desktop for all my users with their respective mailbox quota status. Please help me with the command so i can ran now.

    thanks, felix

  466. Felix Kondon Says:

    Hi Prabhat,
    Also I would like to know which database a user mailbox is stored on my exchange server as I have more than 2 mailbox databases.

    thanks -felix

  467. Prabhat Nigam Says:

    Create a c:\temp folder and run the following command:

    Get-Mailbox | Get-MailboxStatistics | select Displayname, TotalDeletedItemSize, TotalItemSize, database | Export-Csv c:\temp\Alluser.csv -NoTypeInformation

  468. Felix Kondon Says:

    thanks PN.

  469. Felix Kondon Says:

    Hi PN,

    I have migrated a user mailbox from 2010 – 2013 but came with error. I have checked the user mail in 2010 that the user mail box has a request flagged on it (green color). What can I do to move it successfully, or has it already in 2013 database??

    Please let me know, felix

  470. Prabhat Nigam Says:

    Hey Felix,

    Previous command will tell you the Database name. Just run it for one user. So it migrated then it should be 2013 else 2010.

    Get-Mailbox username | Get-MailboxStatistics | select Displayname, TotalDeletedItemSize, TotalItemSize, database

    Share the error to tell you move about it.

  471. Felix Kondon Says:

    Hi PN, Below is the error:
    Error: MigrationPermanentException:Mail ‘Joe Blow’ has a completed move request associated with it. Before you create a new move requestfor the mailbox, run the Remove-MoveRequest cmdlet to clear the completed move request.

    I have several users with a green color on their mailbox so please let me know what needs to be done before i move all of them successfully.

    thanks, felix

  472. Prabhat Nigam Says:

    @Felix,

    This is not an error, in fact an information message that there is a move request associated with it and you need to remove the move request before moving this mailbox to another database. You will see this for all mailboxes. They all will be in green color.

    Move request keeps the details of migrated and failed migrations. which you can check in Exchange 2010 console under move request. If you see the status is completed then you can select them together and choose clear move request action.

    Get-moverequest “displayname” – will show you the status of the move. you are safe to delete the move request if the status is completed.

  473. Felix Kondon Says:

    Hi PN,
    Thanks for the above post.

    Now, after i successfully migrated a user mailbox to 2013, the user is unable to send/receive mails. It says on the user outlook that the mail box is full. If I increase the quote for the user mailbox in 2013, the issue is fixed. I have so many (>1000) mailboxes to be migrated. My mailbox database on 2013 is set to “issue a warning at 3GB”, “Prohibit send at 3GB”, “Prohibit send/receive at 3GB” as well.
    How can i manage this, Do I need to increase the mailbox database quota to more than 3GB?

    Thanks, felix

  474. Prabhat Nigam Says:

    Go to the properties of mailbox database from ECP and change the limits.

  475. Felix Kondon Says:

    thanks PN:

  476. Felix Kondon Says:

    Hi PN:

    Those mailbox successfully migrated to 2013 are shown under disconnected mailbox in 2010. Is this normal?

    thanks, felix

  477. Prabhat Nigam Says:

    Yes, they gets disconnected in 2010, this is the way to delete a mailbox from a DB in your case it is 2010 DB. They will stay here until your DBs retention period complete. Default is 30 days.

  478. Felix Kondon Says:

    thanks PN,

    Now i have migrated a user from 2010 – 2013 using the 2013 EAC and the result is as:
    status: completed
    total:0
    synced:0
    finalized:0
    failed:0
    Email report received states “migration batch has completed successfully”

    The mail box is still in 2010, what’s wrong here or what do i need to do?

    thanks, felix

  479. Felix Kondon Says:

    Hi PN:
    Another Post: Before doing the migrate, does the user’s outlook be closed or still can be open and in use?

    thanks, felix

  480. Prabhat Nigam Says:

    Status completed is not migration completed. Run Get-moverequest to get the status.

    Outlook can remain open.

  481. Felix Kondon Says:

    thanks PN.

    If I want to move say 10 mailboxes at a time from one particular mailbox database in 2010 to another in 2013, how can i archive this?

    thanks, felix

  482. Prabhat Nigam Says:

    Hey Felix,

    Most of the things explained in the blog, I would recommend you to go through the full blog.

  483. Felix Kondon Says:

    thank Prabhat

  484. Felix Kondon Says:

    Hi PN:
    This command as you mentioned, should run on 2010 or 2013?

    thanks, felix

  485. Felix Kondon Says:

    the command:
    Run Get-moverequest to get the status.

  486. Felix Kondon Says:

    Hi Prabhat,
    When searching for “search mail” on my outlook, the following error appears: You know any fix to this?

    “The action couldn’t be completed. Please try again”

    thanks, felix

  487. Snap Says:

    Hi Prabhat, how to I get my email to flow though exchange 13 -> 2007 instead of 2007 -> 2013? I want the 2013 server to be primary. I still have a few mailboxes on 2007 though.

  488. Prabhat Nigam Says:

    Felix
    484 and 485 – Run it on 2013
    486 – create new ost if its for one user.

  489. Prabhat Nigam Says:

    @Snap,

    Exchange 2013 should forward the emails to 2007 with no extra config. you need to point antispam or natting to deliver to 2013. In 2013 add the IP in the receive connector.

    Check the cut over section of the blog.

  490. Snap Says:

    Hey Prabhat, should I take the A record of 2007 out of my registrar and out of our filtering so it is only 2013. Also, I need to put the 2007 IP on the Default receive connector for 2013?

  491. Prabhat Nigam Says:

    @Snap
    A records for CAS connection should be there because CAS should use separate urls for 2007 and 2013.

    A record for mx should point to exchange 2013. I have suggested to change the natting on the firewall of pointer on the spam guard because public IP might take long time to change it. If you have only option to change public dns then add a new mx record for 2013 with low priority than 2007 and monitor it for few days then remove 2007.

  492. Exchange 2013 Coexistence References | ODDYTEE Says:

    […] Exchange 2010/2007 to 2013 Migration and Co-existence Guide … http://msexchangeguru.com/2013/05/10/exchange2013-migration/ […]

  493. Snap Says:

    If I send a email from a mailbox still on 2007 it is going out of 2007. Should it be sending over to 13 and leaving from there?

  494. Felix Kondon Says:

    Hi Prabhat,
    I am moving some mailboxes using EAC 2013 from 2010 -2013 and getting the error below:
    Error: This mailbox exceeded the maximum number of corrupted items that were specified for this move request.

    Please give me the power shell command to move these mailboxes from one database to another with baditemlimit of 50

    many thanks, felix

  495. Prabhat Nigam Says:

    @Felix
    Below switch should be added.
    -baditemlimit XXX
    x = number

    More switches are available here. http://technet.microsoft.com/en-us/library/dd351123(v=exchg.150).aspx

  496. Prabhat Nigam Says:

    @Snap
    Check your source server in the send connector. you should have 2013 servers. If you see 2007 servers then remove them’

  497. Felix Kondon Says:

    Hi PN:
    i do not know what is happening here, I have moved a user mailbox and the result is as follows:
    Completed successfully;
    synced mailboxes:0
    finalized mailboxes:0
    failed mailboxes:0

    the mailbox is still in 2010.

    thanks, felix

  498. Prabhat Nigam Says:

    Do you see this in get-moverequest displaynameofuser ?

  499. Felix Kondon Says:

    This is in the GUI on EAC 2013 reports. What is the full command that I can issue in powershell?

  500. Prabhat Nigam Says:

    @Felix
    It is in the blog. Please read.
    Check command 2 in the section – Exchange 2013 Mailbox Migration

  501. Felix Kondon Says:

    Hi PN:
    No I can’t see this user on the moverequest display list

  502. Felix Kondon Says:

    Hi Prabhat,

    Some users when I migrated them, result as “completed with error” and details as “this mailbox has a completed moverequest associated with it, before you create a new moverequest, run the remove moverequest command to clear the completed moverequest”
    After i reove remove the initial moverequest, and then do a moverequest, it comes up with the first issue i have mentioned above, ie
    Completed successfully;
    synced mailboxes:0
    finalized mailboxes:0
    failed mailboxes:0

  503. Felix Kondon Says:

    Hi PN:
    Please ignore above.

  504. Felix Kondon Says:

    Hi PN:
    I have moved a mailbox for a user successfully and after this his outlook is disconnected. Please how can i fix this issue?

    thanks, Felix

  505. Felix Kondon Says:

    Hi Prabhat,

    I need your tips, I have tried some tips but still no luck, please let me know.
    issue: I have moved a mailbox for a user successfully and after this his outlook is disconnected. Please how can i fix this issue?

    regards, Felix

  506. Felix Kondon Says:

    Hi Prabhat,

    I have a outlook 2010 client having disconnected from exchange 2010 server, ie keeps prompting for outlook password (same as the domain credentials) and even he enters his correct password, it keeps prompting (even after resetting the password). What I did was created another outlook profile under control panel, mail and then restart the outlook and now it can get connected to the exchange server, but the issue is, the user’s emails in inbox and folders on his initial profile are not updated (synchronized) with this new profile. When we connect using the initial profile, the mails and the folders are all there but are not updated in his new profile here. His outlook is cached.

    Any workaround or fix to this issue please.

    appreciate, thanks -felix.

  507. David Susemiehl Says:

    We are migrating from 2010 to 2013, at the same time we are building a new forest to make up for some of the issues left over from previous administrators. I have already built the 2013 Exchange environment and configured the cross forest mail. My problem is synchronizing the GAL during the coexistence phase (probably 6 months) I think FIM is the way to go but we are only a 1000 user organization. What is the best way to go? Do you have any links :)

    Thanks, Dave

  508. Prabhat Nigam Says:

    @Dave
    For over 1000 mailboxes 6 months time is too long, we should be able to finish them within a week unless migration is over the WAN. Use the cross Forest migration blog here. http://msexchangeguru.com/2013/11/03/e2013crossforestmigration/

    Yes, FIM is the best for GAL sync. I have not written any blog on FIM yet. Try this blog but test in your lab 1st.
    http://setspn.blogspot.com/2010/05/fim-gal-sync-my-first-steps.html

  509. Felix Kondon Says:

    Hi PN;

    You know why this error is happening?
    us-smtp-1.mimecast.com rejected your message to the following e-mail addresses:

    rgds, Felix,

  510. Prabhat Nigam Says:

    @Felix
    Share the full NDR.

    If you will share your issues here then you will get more replies (not just me) and faster as well. http://social.technet.microsoft.com/Forums/office/en-US/home?category=exchangeserver&filter=alltypes&sort=lastpostdesc

  511. Felix Kondon Says:

    Hi PN:

    Just today, users getting two different errors (email bounce back) when sending out mails:

    1st. ns30.small-dns.com rejected your message to the following e-mail addresses:joeblow@xxx.com
    Service unavailable; Client host [exchange server name] blocked using Barracuda Reputation

    2nd. mx7.domain rejected your message to the following email addresses:

    peterjoe@domain (peterjoe@domain)

    mx7.domain gave this error:
    Domain/IP address is blocked by the reputation server.

  512. Prabhat Nigam Says:

    @Felix,
    Your outgoing IP is blocked or blacklisted. Check the IP black listing at mxtoolbox.com, if it is not black listed then ask receiving domain’s system admin to add your IP in safe sender list. Else remove IP from black listing.

  513. Felix Kondon Says:

    Hi PN: What do I do if it is blacklisted?

    thanks, felix

  514. Prabhat Nigam Says:

    Contact blacklisted domain and request to remove from blacklist. Some of the website has link on their website.

  515. Felix Kondon Says:

    thanks PN:

    Just a question:
    1.Using this command “BadItemLimit XXX” in a moverequest, what does it actually do, ie Does it leave those bad mails behind or does it allow those bad mails to move across?
    2. If those bad mails are left behind during the move, what happens to them, are they still in initial database incase I might need them later??

    thanks, felix

  516. Prabhat Nigam Says:

    1. Yes bad items will stay in old mailbox.
    2. Yes, Until the mailbox cleanup run.

  517. Felix Kondon Says:

    thanks PN!

  518. Felix Kondon Says:

    Hi PN:

    477: I have moved some mailboxes over to 2013 and they were under “Disconnected mailbox” folder in 2010 for the last 2-3 weeks after the move, but they are no longer there now. I think retention period is set less the 2-3 weeks or so. But how can i retrieve so i can connect back?

    thanks -felix

  519. Henri Feinberg Says:

    Hi again,

    we moved most of the mailboxes from E2010 to E2013 without a problem except:
    1. the discovery mailbox had a corrupted tag on it
    2. Some Outlook users complained that they cannot see their old Outlook Tasks and even when creating a new task it does not show, on the E2010 everything was Okay.

    Any insight regarding these two issue will be very welcome.
    Thanks again.

    Henri.

  520. Prabhat Nigam Says:

    1. You are supposed to migrate old discovery mailbox. If you didn’t then New-mailbox -discovery will create new discovery mailbox.
    2. Not sure about tasks at this moment. Share the error and I will check.

  521. Henri Feinberg Says:

    Thank for a quick replay.
    Indeed the first move to E2013 was the Discovery mailbox, so when the move was over that when I sow that it was under curropted tag.

    As for the taks, no errors showing up only empty entries.

    Thanks,
    Henri

  522. Prabhat Nigam Says:

    Create new discovery mailbox. This mailbox comes into play when you have implemented litigation hold and need to investigate any mailbox.

  523. Lee Says:

    Would appreciate some help on 2010 > 2013 PF migration if anyone out there is feeling charitable. so far i have exported all the PF info but i am having difficulties creating the new PF mailbox with -holdformigration. I get an AD error {Access Denied and insufficient rights} I have checked over the inherit permissions using ADSI edit and re ran domain prep.

    Any Ideas would be great.

    Thanks

  524. Prabhat Nigam Says:

    @Lee
    Read the blog carefully. you have missed the PF migration blog under the topic “Before you proceed with the actual migration steps, these articles may be of interest to you:”

    Go to the PF migration blog and tell us you are stuck on which step. Also comment on PF migration blog.

  525. Lee Says:

    Hi Prabhat
    firstly thanks for your reply.

    I am stuck on the PF migration process.
    http://msexchangeguru.com/2013/04/18/exchange2013-public-folders/

    Step 5 create the public folder mailbox. I seem to get some AD permissions/insufficient rights – access denied error, although I can create a “normal” mailbox.

  526. Prabhat Nigam Says:

    Please post your issue below the PF migration blog.

  527. SaurabhGautam Says:

    Hi, Thanks Prabhat, Such a nice article and only place where you find all coexistence activities under one link. One question, It is clear that within same AD site CAS 2010 and 2013 can have same URLs configured. if AD site of Exchange 2010 CAS and Exchange 2013 CAS is different and we promote Exchange 2013 CAS as internet facing then can the same URL be used in both CAS or we need different URLs for CAS2010 ? CAS 2010 is removed from internet facing. Thanks.

  528. Prabhat Nigam Says:

    Hi Saurabh,

    Good one, you found me here. Thank you.

    Did you go through the links Tushar shared on Facebook Exchange 2013 group. The link explain the working of exchange cas.
    No need of different urls. You can configure same url.

  529. Heni Feinberg Says:

    Hi Prabhat again,

    when I run the .\PublicFolderToMailboxMapGenerator.ps1 5000MB I get 2 mailboxes ‘Malbox1’and ‘Mailbox2′ as oppose to one ‘Mailbox1′ with a value of 20000MB for a single mailbox.
    We have a total of 10MB PF and I need room for expansion so if I specify 5GB it will create TWO mailboxes of a size of 5GB each total 10GB which is too small. Note that I cannot specify a smaller value that the largest public folder which is 2GB. But if I specify 2GB I get 5 Mailboxes entries with 2GB each, again a total of 10GB.

    What option will be the best?

    Thanks again Prabhat

  530. Prabhat Nigam Says:

    @Heni

    I am answering on the PF migration blog.

  531. Andy Says:

    Hi,

    A very good step by step guide – I have been working on this “mini” project of Exchange 2007 to Exchange 2013 migration since beginning of July. I am stuck on getting outlook to recognise a users mailbox has been moved to 2013. I have checked certificates and autodiscover – all appears to be ok. Any pointers you can offer to troubleshoot this. Also I cannot send/receive from a migrated mailbox – although I have added the send and receive connectors on the new 2013 setup so the two problems may well be related….

    Thanks

    Andy

  532. Felix Kondon Says:

    Hi PN,

    I have a user complaining of his emails for Jan-June missing in his inbox. This period he was away from work and when he returned to work, he realized that this period’s mails were missing. I have checked his PC for any pst, ost, or even archive files but were not.

    He confirmed he did not delete his of his mail.

    Any idea how i can retrieve his mails?

    thanks -felix

  533. Prabhat Nigam Says:

    Check the retention policy and users mailbox size which might be full. Who gets 6 months vacation. mostly during the time company disable the mailbox.

    Option 1 you have is to check what you have in the recover deleted items folder in outlook.

    Option 2 if you have enabled litigation hold then we can do a search which is only in Exchange 2010 and 2013.

    Option 3 restore the backup for every month and extract his mailbox.

  534. Felix Kondon Says:

    Thanks PN for your response.I go through the options and see.

    thanks, felix

  535. JoBlack Says:

    Install prerequisite and roles
    Install Exchange 2013
    Configure send connectors
    Migrate mailboxes

    Hi Prabhat, I am happy i stumbled across your site. Awesome by the way. I am about to install 2013 myself i a coexistence setup with exchange 2007. My problem is finding the correct steps to complete without messing the existing users. I was wondering if you by any chance have a quick list of steps (in the recommended order of completion). i.e.

    Install Prerequisites and roles
    Install Exchange 2013
    Configure send connector (or not)
    Migrate mailboxes
    Migrate PFs
    Setup the virtual director for OWA and routing to the new exchange
    Migrate certificate
    Configure DNS
    Cleanup
    Decomission Exchange

    I was hoping to find a way to set the 2013 as the front end right a way, then take my time migrating mailboxes across with out issues. Greatly appreciated.

  536. Prabhat Nigam Says:

    Just follow the blog.

  537. computer monitor Says:

    Very good write-up. I definitely appreciate this website.
    Stick with it!

  538. roy Says:

    prabhat I have a kidn of complicated scenario.

    I have a cross forest 2003 to 2007/10 environment. we are not fully off the 03 as some mailboxes still sit there but that’s in a different AD forest/domain. we stood up a new domain/forest and I installed 07 then upgrade 2010 but still have 1 2007 server running for migrating users over from 2003 over.

    im trying to do the following now.
    i currently have exchange 2010 sp3 setup as follows

    2 cas/ht using windows nlb for array.internal.com as the nlb name

    2 mailbox servers using 1 dag for replication between them.

    I would like to stand up 2 new CAS 2013 sp1 servers(2012 r2) and use our netscaler hlb to load balance and do ssl offloading.
    id like to use the hlb to load balance and ssl offload all possible traffic not just owa, i.e. activesync etc.
    the netscaler is running version 10.5.

    id like to make this as seamless as possible for the user, so no owa name change or anything like that.

    any ideas?

  539. Prabhat Nigam Says:

    1. You need to remove exchange 2003 else you can’t install exchange 2013.
    2. You need to remove exchange 2007 else we need to configure 2 URLs for owa which does not proxy.

    3. If we are just left with 2010 then everything always go seem less. I have done many migration like this.

  540. Almir Says:

    Hello Prabhat,

    first of all I would thank you for your excelent article.
    I have one question for cross forest OWA coexistence.
    I have the old-org.com and the new-org.com. Moving users works fine. There is a AD trust, certificates are fine.
    In the Coexistence Phase the IP point now to the neworg.com CAS Exchange 2013 and he should route/proxy the neworg.com User to Exchange 2013 and oldorg.com to Exchange 2010.
    In migration environments in the same forest this works automaticaly but how can i configure it in this cross forest case?

  541. roy Says:

    i need to remove 2003 even though its a completely different exchange forest?
    also do you have any guides or ideas as to how to migrate the 2010cas array to a 2013 netscaler Load balance solution?

  542. Prabhat Nigam Says:

    @Roy
    If 2003 is in different forest then you don’t need to remove it but you will not be able to migrate anything to 2013 once you install 2013 in the 2nd forest.

    Load balancer is different than CASArray. Load balancer has a many configurations depending on your infra. We can configure the LB but a Product guide will be better.

  543. Prabhat Nigam Says:

    @Almir
    You need to use 2 different URLs one for each forest.

  544. Amit kumar Says:

    Hi Prabhat,

    We have Exchange 2010 running currently, We are planning to Migrate Exchange to 2013 Sp1 on Windows 2012 OS.

    Below is the requirement
    1. We want to use current OWA (mail.domain.com) URL to Exchange 2013 server. Please do let me know how to achieve this, Can i use exisiting certificate 2010 Certificate on Exchange 2013 ? If yes, then what are all things i need to consider.

    An early reply would be appreciated !!
    Thanks,
    Amit kumar

  545. Prabhat Nigam Says:

    @Amit
    Yes, you can use same url and cert with 2013
    It is simple. Install, configure and do the cut over. Basically follow this guide

    Exchange 2013 proxy to exchange 2010 and does not need the different owa url.

  546. Amit kumar Says:

    Thanks Prabhat for quick clarification…. Still i am missing something or i am bit confused on steps … !!

    I have around 26000 Mailboxes that need to migrate from Exchange 2010 to Exchange 2013. As i stated earlier, I want to use Exchange 2010 URL (mail.xyz.com) to Exchange 2013… As users cannot migrate it one go hence, migration would take 1 to 2 months of time…. By the time, i want User of 2010 & 2013 can access OWA url (mail.xyz.com).

    For this what settings i need to do on Exchange 2010 & 2013 server….. I can use same certificate ??

    Thanks,

    Amit kumar

  547. Prabhat Nigam Says:

    Hi Amit,

    I have already answered your concern. If you are not confident then I would recommend to hire some consultant like me to design the migration which is 4-8 weeks works depends on the scope.

    Make sure support client versions are already deployed and you count PF migration time. There will not be PF replication in Exchange 2013.

    Let me know if there is a need for a consultant otherwise this blog is a complete migration guide. You can write to my email id prabhat@MSExchangeGuru.com

  548. Raman Says:

    Hi Prabhat,

    I am moving Exchange 2010 mailboxes to Exchange 2013 SP1 in production. When I move 2010 mailbox Outlook, OWA works fine but ActiveSync (HTTPProxy log shows on CAS 2013 server that it is still re-directing it to Exchange 2010 CAS servers). Sometimes ActiveSync starts working with in few minutes and sometimes it takes hours before it starts to see that mailbox is moved to Exchange 2013. I am certain it is not ActiveDirectory replication since all other clients are working.
    Is there anything I can do right after the move to make it quick,
    Thanks,
    Raman

  549. Felix Kondon Says:

    Hi PN:

    How can a deploy a standardized signature to all users in the organization from the exchange 2013 management console.

    thanks, felix

  550. Raman Says:

    Hi,
    I would really appreciate if someone provide explanation on “RPCCLientAccessServer” property under Get-MailboxDatabase . Why is it even there? Since, Exchange 2013 does not use RPC. I am not seeing any issues but I am wondering we are running Exchange 2010 and Exchange 2013 co-existence environment.
    Thanks
    Raman

  551. Prabhat Nigam Says:

    @Raman

    This property is available to manage Exchange 2010 property.
    http://technet.microsoft.com/en-us/library/dd351072(v=exchg.150).aspx

  552. Prabhat Nigam Says:

    @Felix
    There are many blogs for Exchange 2010 Signature which uses company disclaimer Which should work in Exchange 2013 as well. I have not worked on this topic yet. If I will publish something on signature then I will link here.

  553. joblack Says:

    Hi Prabhat,
    I would greatly appreciate if you can shed some light. I can mail from 2013 to 2007 and outside but I cannot send mail from 2007 to 2013. Telnet seems to work. Mail are getting stuck in the queue of 2013. Exchange transport services are running. I have two send connectors (client and default).

    I read a few earlier posts related to similar issue but seems like you might have helped them directly. Thanks in advance

  554. Prabhat Nigam Says:

    @Joblack

    Did you change any connector setting on 2013?
    Could you share the error, it should be there in the queue?

    Run the following commands on Exchange 2007 HT server command prompt to reproduce the error. you can’t use backspace in telnet. There share the error and at which level you got the error.

    telnet 2013serverIP 25
    ehlo
    mail from: <2007useremailid>
    rcpt to: <2013useremailid>
    data
    type some data.
    .

  555. Ruben Says:

    Hi Prabhat,
    I have a 3-rd party program, which connect to CAS server thru smtp for sending batch of e-mails. It began to work, but after 30-40 e-mails stop transfering, with “remote socket error” in CAS`s receive connector logs. I checked default frontend receive connector, and have changed “maxinboundconnectionspersource” from 20 (default) to unlimited and “maxinboundconnectionpercentagepersource” from 2 to 100% still without success. Before ms exchange 2013 has exchange 2010 with the same parameters on CAS/HUB default receive connector and all worked fine.
    Please help to resolve this issue.

  556. Prabhat Nigam Says:

    Try the following
    1. Restart the Frontend Transport service on the CAS
    2. Try to move the SMTP relay pointer and receive connector to mailbox role server.

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.