Exchange 2010/2007 to 2013 Migration and Co-existence Guide
We don’t have a lot of guides out there helping with a step by step guide for the migration and co-existence of Exchange 2010/2007 to Exchange 2013So, here you go !!!
Update:
If you are planning to employ a third party product for migration – look no further. CodeTwo is a mature and reliable product for full blown Exchange migraiton from
Exchange 2003/2007/2010 – cross forest or cross domain migration:
Take a look here:
CodeTwo Exchange migration for Exchange 2003 to 2010/2013: Operational review: https://msexchangeguru.com/2013/11/24/codetwo-exchange-migration/
Download here:
Download Codetwo for free: http://www.codetwo.com/exchange-migration/
Before you proceed with the actual migration steps, these articles may be of interest to you:
Exchange 2013 CAS Role Demystified: https://msexchangeguru.com/2013/05/22/exchange-2013-cas/
Exchange 2013 High Availability demystified: https://msexchangeguru.com/2013/05/23/e2013-ha-demystified/
Load Balancing Exchange Server 2013 – Good to know stuff: https://msexchangeguru.com/2013/06/05/load-balancing/
Public Folders Migration from Exchange 2007/2010 to Exchange 2013: https://msexchangeguru.com/2013/04/18/exchange2013-public-folders/
Upgrade from Exchange 2013 CU1 or RTM to CU2: https://msexchangeguru.com/2013/07/10/install-e2013-cu2/
Monitoring and troubleshooting Exchange using powershell: https://msexchangeguru.com/2013/07/23/monitoring-powershell/
For Complex Exchange 2007 migration check the common errors here – http://blogs.technet.com/b/exchange/archive/2007/09/10/3403885.aspx
Check our multisite url and authentication blog here – https://msexchangeguru.com/2015/08/22/e20132007-urlsauth-multiadsite/
Preparing Exchange 2010/2007
-
Install the hotfix 2550886 for DAG failover improvements on Exchange 2010/2007 DAG servers.
-
Login to the Exchange 2010/2007 server with Schema Admins, enterprise admins, domain admins and organization management group member id as SP 3 will extend the schema.
-
Install Exchange 2010/2007 SP3 on all the exchange 2010/2007 servers in CAS then HT then mailbox role order if they are not on the same server
SP3 can be downloaded from the below link:
http://www.microsoft.com/en-us/download/details.aspx?id=36768
-
Check the below link for SP3 installation steps
https://msexchangeguru.com/2013/04/03/exchange-2010/2007-sp3/
Installing Exchange 2013
-
I would suggest going for Windows 2012 for Exchange 2013 but you can use windows 2008 R2 SP1 as well.
-
Install the windows 2012 server or Windows 2008 R2 SP1 on a new server and join the domain. It can be virtual or physical. Now Microsoft support virtualized mailbox role.
-
Run the windows update and install all the recommended updates.
-
You might like to configure windows NLB if you don’t have NLB hardware. Check the below blog on it. (optional) https://msexchangeguru.com/
2013/08/14/windowsnlb/ - For Active Directory preparation check the “step 3 preparing active directory” at the blog mentioned below: https://msexchangeguru.com/2013/04/29/install-e2013/
- Install the following prerequisites for Exchange 2013
For Windows 2012:
-
Open Windows PowerShell.
-
Run the following command to install the required Windows components.
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation
-
Restart the server.
-
http://www.microsoft.com/en-us/download/details.aspx?id=34992
-
http://www.microsoft.com/en-us/download/details.aspx?id=17062
-
http://www.microsoft.com/en-us/download/details.aspx?id=26604
For Windows 2008:
-
Open Windows PowerShell.
-
Run the following command to load the Server Manager module.
Import-Module ServerManager
-
Run the following command to install the required Windows components.
Add-WindowsFeature Desktop-Experience, NET-Framework, NET-HTTP-Activation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Web-Server, WAS-Process-Model, Web-Asp-Net, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI
-
Restart the server
-
http://msdn.microsoft.com/en-us/library/5a4x27ek(VS.110).aspx
-
http://www.microsoft.com/en-us/download/details.aspx?id=34595
-
Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit
http://www.microsoft.com/en-us/download/details.aspx?id=34992
-
http://www.microsoft.com/en-us/download/details.aspx?id=17062
-
http://www.microsoft.com/en-us/download/details.aspx?id=26604
6. Restart the server
7. Exchange 2013 Installation – Please follow the below link for the Exchange 2013 installation: https://msexchangeguru.com/2013/04/29/install-e2013/or Exchange 2013 SP1installation: https://msexchangeguru.com/2014/03/02/e2013sp1-installationupgrade/
Imp: You can directly install Exchange 2013 CU1 as well. If you directly install CU1 then you can skip step 12 – Testing mailbox move without CU1. If you are installing CU2 make sure you are installing CU2 V2.
If you are doing new installation then you can directly install Exchange 2013 CU1 which itself is a full setup. You can follow same schema update and AD preparation steps.
After Exchange 2013 installation the biggest challenge will be how to login to the EAC, there is no mailbox on Exchange 2013 and redirection or proxy is not configured to use the existing Exchange admin user.
If you are trying to access EAC for the first time and your mailbox is on Exchange 2010, you need to use the URL in the format:
https://Exchange2013ServerName/ecp?ExchClientVer=15
This is because in a co-existence scenario, your mailbox is still housed on the Exchange 2010 mailbox server, the browser will default to the Exchange Server 2010 ECP. Now if you want to access the Exchange 2010 ECP and your mailbox resides on an Exchange 2013 mailbox server, use the following URL:
https://Exchange2010ServerName/ecp?ExchClientVer=14.
Take a look at:
Working with EAC or Exchange administration center in Exchange 2013 – Part1: https://msexchangeguru.com/2013/01/16/eac-exchange-2013/
So you need to create a mailbox to administer Exchange 2013. We will follow the below steps:
- Create a mailbox in Exchange 2013 mailbox database.
- “New-Mailbox –name 2013Admin –userPrincipalName 2013Admin@domain.com –Database “2013 DBName””
-
Run Get-mailboxdatabase to check the database name
4. Give the permission to the mailbox to Administrate EAC.
Add the following group membership:
Domain Admins
Schema Admins
Enterprise Admins
Organization Management
Test mailbox migration without CU1 for Exchange 2013
-
Now, you should be able to login to EAC by going to the url https://localhost/ECP. If you will test the mailbox migration from Exchange 2010/2007 to Exchange 2013 before CU1 for Exchange 2013, it will be working but full co-existence will not work so it is a necessity to install CU1. As an example my Servers are mentioned below:
- EAC will show Databases from both the servers
- Now I am migrating the mailbox being Exchange 2010/2007 on SP3 and Exchange 2013 without CU1.
Created new mailbox in Exchange 2010/2007, you can see 2013 database is not showing here
- Database before move
- I have moved the mailbox from Exchange 2013 EAC to Exchange 2013 database. Now click on migration to check the status
- Now Refresh and you will see completed depends on the size of mailbox.
- Check the Database name has changed
Continue the Exchange 2013 CU1 installation
5. If you have not install CU1 version of exchange 2013 then this is the time to install Exchange 2013 Cumulative update 1 so that we avoid any co-existence issue. If you are doing new installation then you can directly install Exchange 2013 CU1 which itself is a full setup. You can follow same schema update and AD preparation steps mentioned in the Exchange 2013 installation article
Update 4/7/2014: Now – We can go for SP1 – https://msexchangeguru.com/2014/03/02/e2013sp1-installationupgrade/
6. Download the Exchange 2013 from the below link which is an Exchange 2013 setup with Cumulative update
http://www.microsoft.com/en-us/download/details.aspx?id=38176
7. Install the Exchange 2013 CU 1 with the help of below link:
https://msexchangeguru.com/2013/04/15/e2013-cu1-2/
Configuring Exchange 2013 and network
-
Transport Configuration
-
Send connector
1. Exchange 2013 reads exchange 2010/2007 send connector information. Click on the pencil icon to check and add exchange 2013 in the same send connector.
2. Click on scoping and + icon to add the server
3. Select the server and add, then click on and save. Send connector configuration completed.
3. Receive Connector
1. Add a receive connector as per the current connector configuration.
2. Select the 2013 server, oh what we have 5 connectors for what. Let me explain here.
3. You can see all 5 together here as I have CAS and Mailbox on same server. First 3 are for the CAS connector and remain 2 are for mailbox role.
4. I would link to explain the transport pipe line here which consists of the following services:
Front End Transport service – This service runs on all Client Access servers and acts as a stateless proxy for all inbound and outbound external SMTP traffic for the Exchange 2013 organization. The Front End Transport service doesn’t inspect message content, only communicates with the Transport service on a Mailbox server, and doesn’t queue any messages locally.
Transport service – This service runs on all Mailbox servers and is virtually identical to the Hub Transport server role in previous versions of Exchange. The Transport service handles all SMTP mail flow for the organization, performs message categorization, and performs message content inspection. Unlike previous versions of Exchange, the Transport service never communicates directly with mailbox databases. That task is now handled by the Mailbox Transport service. The Transport service routes messages between the Mailbox Transport service, the Transport service, and the Front End Transport service.
Mailbox Transport service – This service runs on all Mailbox servers and consists of two separate services: the Mailbox Transport Submission service and Mailbox Transport Delivery service. The Mailbox Transport Delivery service receives SMTP messages from the Transport service on the local Mailbox server or on other Mailbox servers, and connects to the local mailbox database using an Exchange remote procedure call (RPC) to deliver the message. The Mailbox Transport Submission service connects to the local mailbox database using RPC to retrieve messages, and submits the messages over SMTP to the Transport service on the local Mailbox server, or on other Mailbox servers. The Mailbox Transport Submission service has access to the same routing topology information as the Transport service. Like the Front End Transport service, the Mailbox Transport service also doesn’t queue any messages locally.
(from TechNet)
5. Here are the details about the receive connectors
When you install a Mailbox server running the Transport service, two Receive connectors are created. No additional Receive connectors are needed for typical operation, and in most cases the default Receive connectors don’t require a configuration change. These connectors are the following:
Default <server name> Accepts connections from Mailbox servers running the Transport service and from Edge servers.
Client Proxy <server name> Accepts connections from front-end servers. Typically, messages are sent to a front-end server over SMTP.
During installation, three Receive connectors are created on the Front End transport, or Client Access server. The default Front End Receive connector is configured to accept SMTP communications from all IP address ranges. Additionally, there is a Receive connector that can act as an outbound proxy for messages sent to the front-end server from Mailbox servers. Finally, there is a secure Receive connector configured to accept messages encrypted with Transport Layer Security (TLS). These connectors are the following:
Default FrontEnd <server name> Accepts connections from SMTP senders over port 25. This is the common messaging entry point into your organization.
Outbound Proxy Frontend <server name> Accepts messages from a Send Connector on a back-end server, with front-end proxy enabled.
By default we don’t route the outgoing email to CAS. If we have some mailgaurd or compliance requirement on a separate CAS server then we can use it. If we have CAS and mailbox role on the same server then we don’t need to configure this connector. We can simply disable it.
Client Frontend <server name> Accepts secure connections, with Transport Layer Security (TLS) applied.
6. So we have to configure “Default Frontend Servername” connector which is accepting the emails on port 25. Yes this is very important when you have both role on one server then Frontend will be 25 and backend will be 2525
7. You might need to check email address policies, this might needs to re-apply. If we have more than 3000 mailboxes then it is suggest applying from EMS.
To understand the mailflow we can read the below article: https://msexchangeguru.com/2012/08/09/e2013-mailflow/
Exchange 2013 Certificates
Create a new Exchange certificate on Exchange 2013: https://msexchangeguru.com/2013/01/18/e2013-certificate/
Use current certificate
For Export and import of the cert Please check here – https://msexchangeguru.com/2013/06/29/import-cert-e2013/
- Export the cert from Exchange 2010
- Import the cert to Exchange 2013
- Configure the external url. This is very simple in exchange 2013. You don’t need to go to every virtual directory property.
- Select the wrench mentioned below windows
5. Then this wizard will open, select the exchange 2013 server and give the external url and save it.
6. CAS Authentication will be “Use form-based authentication” on both Exchange 2013 and Exchange 2010/2007.
Database availability Group
We would like to configure a DAG for high availability with multiple databases. So we have 2 options.
1. DAG with IP. Check the below link to create a DAG with IP
https://msexchangeguru.com/2013/01/17/e2013-dag/
2. DAG without IP – This needs Exchange 2013 SP1 on Windows 2012 R2
Check the below link to create IP less DAG
https://msexchangeguru.com/2014/03/21/e2013sp1-ip-less-dag/
Update Feb 2015: If you have 2 datacenters expanded DAG then now you can configure your FSW in Azure which means your DAG can be configurable to 3 Data center expanded automated DAG. This will allow you to completely shut down the data center without loosing production connectivity. Here is the link to configure FSW in Azure – Using a Microsoft Azure VM as a DAG witness server
Move Arbitration and Discovery Search mailboxes
Follow the below steps to move all arbitration and discovery search mailboxes to final 2013 database.
Open EMS with run as administrator and run the following cmds
Get‐Mailbox –Arbitration | New‐MoveRequest –TargetDatabase TargetDBName
Get-Mailbox “*Discovery*” | New‐MoveRequest –TargetDatabase TargetDBName
Unified Messaging: Upgrade Exchange 2010 UM to Exchange 2013 UM
This is the optional step only for unified messaging configured organizations.
Please follow the below link to upgrade exchange 2010 UM to Exchange 2013 UM
http://technet.microsoft.com/en-us/library/dn169226(v=exchg.150).aspx
Configure Enabled Outlook Anywhere
For Exchange 2007
Set-OutlookAnywhere -Identity “2010 CasServerNameRpc (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName mail.domain.com -IISAuthenticationMethods {NTLM,Basic}
For Exchange 2010
Set-OutlookAnywhere -Identity “2010 CasServerNameRpc (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName mail.domain.com -IISAuthenticationMethods NTLM, Basic
Configure OAB
Run the below command to configure OAB for all databases
Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Default Offline Address List (Ex2013)”
Default Offline Address List (Ex2013) can be replaced by your custom named OAB.
Enabling and Configuring Outlook Anywhere
For Exchange 2007
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 8*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable-OutlookAnywhere -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName mail.domain.com -IISAuthenticationMethods NTLM, Basic
For Exchange 2010
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable-OutlookAnywhere -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName mail.domain.com -IISAuthenticationMethods NTLM, Basic
SCP – Service Connection Point Configuration:
Run the below command to configure SCP on Exchange Management Shell of 2007/2010/2013 separately:
get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.domainname/autodiscover/autodiscover.xml
SCP might be already configured on 2007/2010 server so you can also check it and use the same -AutoDiscoverServiceInternalUri. Run the below cmd to get current SCP on 2013 Shell
get-ClientAccessServer | fl name,AutoDiscoverServiceInternalUri
RemoteDomain:
Run the below cmd in EMS to allow auto forwarding, oof, auto reply and disable the possibility of winmail.dat from domino server.
Set-remoteDomain -AutoReplyEnabled $True -AutoForwardEnabled $True -TNEFEnabled $False -AllowedOOFType External
Pop/IMAP:
If you have pop3/imap4 users then you might like to configure 2013 for some addition configuration.
1. Configure the Basic authentication on EAC for CAS 2013
2. Start the services and change them to automatic.
Email address policy:
You might need this step if you organization was initially created on Exchange 2003.
1. Create a new email address policy if there is only one “Default Policy”.
2. Change the attributes of existing email address policy by running the below cmd
Get-emailaddresspolicy | Set-EmailAddressPolicy -RecipientFilter “Alias -ne $null” -IncludedRecipients AllRecipients
3. If you see the below error for the default policy then Remove “Default Policy” which was created in 2003 and will be in ready only mode in Exchange 2013.
Clean up health mailboxes:
When you remove default mailbox database, it does not remove health mailboxes which we can check by running the cmd and below warning will come. Health mailboxes are for the health service and they are specific for every database so we don’t need to move them rather we need to remove them.
Get-mailbox –monitoring
Mailboxes/HealthMailbox94863fe5394447619ec45c4e6b2dd971 has been corrupted, and it’s in an inconsistent state.
The following validation errors happened: WARNING: Database is mandatory on UserMailbox.
To fix this we need to delete user account in dsa.msc at yourdomain/Microsoft Exchange System Objects/Monitoring Mailboxes
Important: At the point configure your outlook for Exchange 2007/2010 mailbox and 2013 mailbox. If both are working from Internet then move to the next step.
CutOver :Updated 2007 part Feb 2015
Now it is the time to do cutover means point the connections to Exchange 2013. It can be done in few simple steps.
1. Create or change Public and Private DNS pointers.
a. autodiscover.domain.com will be pointing to the CAS 2010/2007 or Load balancer of CAS 2010/2007. So change the IP from Exchange 2010/2007 to 2013. In case of new installation or exchange 2007 environment we need to create new host record in DNS. This will be done on both internal and external
b. mail.domain.com (OWA/activesync/RPCoverhttp/mapioverhttp) Change the IP from Exchange 2010/2007 to Exchange 2013 CAS servers or Load balancer.
c. Create Legacy.domain.com host record in case of exchange 2007 co-existence in both public and private DNS. This will point to Exchange 2007 CAS servers or Exchange 2007 l0ad balancer CAS VIP.
2. Point your Spam Guard to forward all the emails to exchange 2013 to receive incoming mail via Exchange 2013.
3. Configure Spam Guard to accept emails from all Exchange 2013 Mailbox servers.
4. Configure all other application to send email to the Exchange 2013 Mailbox Servers.
5. Update PTR and SPF record if Exchange 2013 are sending the emails out directly.
6. In case of Exchange 2007, we need to update the following URLs and Authentications as well.
- EWS – Run the below cmd on Exchange 2007 EMS
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl https://legacy.Domain.com/EWS/Exchange.asmx -internalurl https://legacy.Domain.com/EWS/Exchange.asmx
- OWA – Run the below cmd on Exchange 2007 EMS
Get-OWAVirtualDirectory | Set-OWAVirtualDirectory -ExternalUrl https://legacy.Domain.com/OWA -internalurl https://legacy.Domain.com/OWA
- OWA – Run the below command to change the authentication method in Exchange 2007 EMS
Get-owaVirtualDirectory -identity “CASName1OWA (Default web site)” | Set-OwaVirtualDirectory -ExternalAuthenticationMethods FBA,basic
Exchange 2013 Mailbox Migration
So what are we waiting for… Let us begin the mailbox migration.
- Now you can run the following cmdlet to move bulk or single mailbox
Get-Mailbox –Database “Exchange 2010/2007/2007 Database” –OrganizationUnit “DN of the OU” | New-Move Request –TargetDatabase “Exchange 2013 Database”
2. You can monitor the migration by running the following cmdlet or going to the migration tab in EAC:
Get-MoveRequest
3. Once completed it will show the below window
For Cross forest mailbox migration check this link: https://msexchangeguru.com/2013/11/02/e2013crossforestmigration/
Public Folder Migration
-
Once we complete all mailbox migration then we can start the Public Folders migration.
For Public Folder migration use the below Link:
https://msexchangeguru.com/2013/04/18/exchange2013-public-folders/
- Test everything working and shutdown Exchange 2010/2007 server for 1 production week and observe if no issue reported then go ahead with the Exchange 2010/2007 removal process.
Known Issues:
Active Sync Config without Domain Name: https://msexchangeguru.com/2013/08/06/e2013mobiledomain/
OWA redirection broken page and SSL: http://www.expta.com/2013/05/owa-2013-cu1-redirection-is-broken-for.html – This was fixed in CU3
If you have pop/imap user go for CU2: https://msexchangeguru.com/2013/08/04/e2013popimapauth/
Mailflow misconfiguration: https://msexchangeguru.com/2013/08/03/e2013-2010mailflowissue/
Certifacate and cryptographic provider Issue: http://msitpros.com/?p=1770
Legacy Removal
-
Now we are in a position to remove exchange 2010. We can follow the below link for the exchange 2010/2007 removal.
https://msexchangeguru.com/2013/09/01/e20102007decomposte2013mig/
Hit us with questions
Prabhat Nigam | MVP Exchange
Team @MSExchangeGuru
Keywords: Exchange 2010 to exchange 2013 migration, how to migrate to Exchange 2013
May 21st, 2015 at 10:33 am
6. Install the following prerequisites for Exchange 2013
For Windows 2012:
1.Open Windows PowerShell.
2.Run the following command to install the required Windows components.
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation
May 21st, 2015 at 10:35 am
I really want to thank you for taking the time to answer everyone’s questions in such a timely manner. Due to Ex2k13 being so different in it’s roles- or lack thereof 🙂 you need to rethink how you have to convert a multi-server ex2k7/ex2k10 setup to ex2k13. Typical Microsoft. 🙂
May 21st, 2015 at 1:54 pm
Yes this is a prerequisite command which has to be run on all servers.
May 21st, 2015 at 1:59 pm
Excellent. Thanks.
May 25th, 2015 at 11:06 am
I am running Exchange 2013 in my lab. I have CAS and MBX role on two different server. Which role or server, I should add in send connector. CAS or MBX?
May 26th, 2015 at 5:51 pm
You can add to any server but mailbox role will send the emails out faster. On the other hand Cas will an extra layer of security.
May 28th, 2015 at 10:04 am
Prabhat,
Great Article, have question about Certificates and the legacy namespace. We are in the process of a Exchange 2007 to Exchange 2013 upgrade.
Do we really need to create a new certificate with example legacy.xxx.com included? We do not have many OWA users. If we use our current certificate
mail.xxx.com in the exchange 2013 server, and upgrade to Exchange 2013, then move any users who use OWA first to the New Exchange would this work?
Instead of getting another certificate with mail.xxx.com and legacy.xxx.com in the certificate.
Thanks
June 1st, 2015 at 11:07 am
Hi Russ,
Yes, you have planned a good work around. If you move these users on the cut-over night then you are all set to continue without new certificate.
June 1st, 2015 at 3:26 pm
Hi there, I have an Exchange 2010 and 2013 environment that is coexisting right now. At the moment I’m having trouble with Outlook clients whos mailbox is migrated to the new environment getting reconnected to the server.
IE. My two exchange servers are MAIL1 and MAIL2 (Exchange 2010) .. Separate CAS servers CAS1/CAS2/CAS3
My two new exchange servers are MAIL3 and MAIL4 (Exchange 2013) .. Going to use the mailbox servers as the CAS servers (it’s only 500 mailboxes, so it’s not a huge environment with a big load)
Clients moved to the 2013 environment cannot connected just stucked at DISCONNECTED in Outlook .. meanwhile their iPads work, phones, etc. (So activesync is fine).
Tasking using the Remote Connectivity Analyzer is fine too via autodiscover
Any hints?
June 1st, 2015 at 4:12 pm
Looks like either of the following
1. No outlook anywhere configuration on exchange 2013
2. Autodiscover DNS record is not resolving in lan
3. Outlook version is not supported.
June 1st, 2015 at 5:58 pm
Nice article Prabhat.
I am have an issue with a cross forest (exchange 2010 domain A to exchange 2013 domain B) setup, where when a user on the 2013 side creates a meeting invite with a user in on the 2010 side. When the user on the 2010 side accepts the meeting a double entry, one entry shows the GALsync information and another show as an unknown user, is created on the meeting that only the user on the 2013 side can see. If the user on the 2013 side makes a change to the meeting that does not require the user on the 2010 side to accept the double entry for the user on of the 2010 side goes away. If the user on the 2013 makes another change that requires acceptance once the user on the 2010 side accepts the double entry comes back.
Thanks for your help
June 1st, 2015 at 11:13 pm
Thanks Prabhat for getting back to me,
1. Outlook anywhere is enabled on all 2013 boxes
2. Autodiscover record is pointing at a 2010 CAS server (I tried also making it point to the exchange 2013 servers but no dice :()
3. I’m testing with Outlook 2013 clients
Any other thoughts as to what I could try?
June 2nd, 2015 at 12:31 am
I am doubting your Autodiscover configuration. Run the command and past the output here.
get-ClientAccessServer | fl name,AutoDiscoverServiceInternalUri
June 2nd, 2015 at 9:12 am
Here is the output – I’ve obfuscated my domain name (hope that’s OK).
I notice that my BACKEND mail servers (from Exchange 2010 are showing up – that OK?). Even though Outlookanywhere is disabled on MAIL1 and MAIL2 (ie. only configured on the CAS servers, CAS1 + 2).
With the new environment I was going to have the CAS and mailbox servers share the same role (MAIL3 and MAIL4)
Name : MAIL2
AutoDiscoverServiceInternalUri : https://mail2.contoso.com/Autodiscover/Autodiscover.xml
Name : MAIL1
AutoDiscoverServiceInternalUri : https://mail1.contoso.com/Autodiscover/Autodiscover.xml
Name : MAIL3
AutoDiscoverServiceInternalUri : https://mail3.contoso.com/Autodiscover/Autodiscover.xml
Name : MAIL4
AutoDiscoverServiceInternalUri : https://mail4.contoso.com/Autodiscover/Autodiscover.xml
Name : CAS1
AutoDiscoverServiceInternalUri : https://cas1.contoso.com/Autodiscover/Autodiscover.xml
Name : CAS2
AutoDiscoverServiceInternalUri : https://cas2.contoso.com/Autodiscover/Autodiscover.xml
June 3rd, 2015 at 12:30 am
Please update it as mentioned in the scp part of the blog..
June 3rd, 2015 at 10:32 am
Thanks Prabhat,
One problem after doing this – external users getting password prompts.
I also changed the autodiscover.domain.com to point to the new mail server / cas server (ie. 2013)
Any thoughts as to why it would not be accepting password now?
Thanks!
June 3rd, 2015 at 10:53 am
You might have missed to update the authentication method for outlook anywhere.
Try basic on 2013 cas and windows integrated on 2010.
June 3rd, 2015 at 11:32 am
Here’s what I have for authentication method for CAS1 & 2 (my old boxes) and MAIL3 and 4 (my new boxes)
Identity ExternalClientAuthenticationMethod InternalClientAuthenticationMethod IISAuthenticationMet
hods
——– ———————————- ———————————- ——————–
CAS2\Rpc (Default Web Site) Ntlm Ntlm {Basic, Ntlm, Neg…
CAS1\Rpc (Default Web Site) Ntlm Ntlm {Basic, Ntlm, Neg…
MAIL3\Rpc (Default Web Site) Negotiate Ntlm {Basic, Ntlm, Neg…
MAIL4\Rpc (Default Web Site) Negotiate Ntlm {Basic, Ntlm, Neg…
Also, should I be leaving outlookanywhere off for my 2010 mailbox servers?
Thanks again, sorry for all the Q’s!
June 3rd, 2015 at 5:25 pm
Prabhat,
Do we really need a Public DNS record for autodiscover.xxx.com for Exchange 2013 ? We have very small group of OWA users and a bunch of active sync users. Will OWA/Active synce still work using mail.xxx.com. We Setup a Internal Autodiscover.xxx.com and got Outlook Anywhere working inside,
but we have a Isa 2004 server which looks like its blocking Rpc requests.
Thanks
June 3rd, 2015 at 6:00 pm
You need external DNS if you are going to use outlook anywhere externally. For mobile device you use mail.xxx.com. This is all going to be https traffic so rpc is not a worry.
I don’t think it will cost anything. Your DNS service provider should allow you.
June 3rd, 2015 at 8:31 pm
Any thoughts on my current settings above Prabhat? Is Negotiate ok or do I really need to go to basic for the ExternalClientAuthenticationMethod on the 2013 ?
Do I need to have it set to Basic on 2010 as well ? I’m assuming I leave internal Ntlm for both? and External basic for all?
Appreciate any advice you can offer
June 8th, 2015 at 5:11 pm
Prabhat,
Again thats for the valuable insight. Just to confirm, We are planing on Installing Exchange 2013 into our Exisiting Exchange 2007 envirionment soon.
Ad is Preped, and Exchange 2007 has current Rollup installed etc. After the Install of 2013, if we do not touch Connectors etc, right away,
will our inbound/outbound mail work. This way we can Install Certificates, and create a user Mailbox, or move Administrator mailbox to new 2013 DB.
Then Later Change the connectors. I dont want to have interuption of mail. Currently All Inbound Mail gets routed to a Barracuda appliance then
that points to current Exchange 2007. Do we need to need to reroute Barracuda to the New Exchange 2013 server first or leave it pointed to 2007??
Thanks
June 11th, 2015 at 4:33 pm
Prabhat,
I am in the planning stages of a 2007 to 2013 migration. This will be a cross forest migration to a resource forest design. Currently Ex2K7 is in domainA.local and Ex2K13 is in domainB.com. The users will remain in domainA.local for a time (6 months+) so we will have linked accounts until that time. The actual email primary email domain would be domainC.com (if that matters). There are trusts and DNS forwarders in place already. My questions are:
1. Is the process for entering coexistence between the forests the same as within the same forest?
2. Upon initial CoEx, would I also point the smtp traffic to the Exchange 2013 servers as well? Will there be an issue with internal servers relaying through the Ex2K7 server at the same time?
3. Would I set the Ex2K7 server to Internal Relay for the known domains and set a send connector to use the Ex2K13 servers as the smart host?
Thank you in advance and for creating one of the most concise and to the point blogs on this topic.
David
June 11th, 2015 at 4:41 pm
Russ, since you are using Exchange 2007, you have to also set up legacy.company.com or some other name so that OWA and activesync can be redirected over to the 2007 CAS box properly. It is like a two step process. If someone tries to get to mail.company.com/owa and the mailbox is on the Exchange 2013, it will forward through. If the mailbox is on the 2007 mailbox server, then a second call is made to them point to legacy.company.com. Exchange 2010 does not have this issue, only with Exchange 2007. There is an hour long Microsoft video on YT that shows migration from 2010 to 2013 and 2007 to 2013- not like shown above but it talks about 2013 and how you would set up in a coexist environment. He specifically talked about 2007 needing a legacy (used by most by default) record for the old CAS box for mailboxes still on Ex2k7. He said Ex2k10 does not need it, I guess 2k10 is more like 2013 than 2k7.
That sound about right, Prabhat?
June 12th, 2015 at 10:25 am
Babalou,
My First step was only to Introduce Exchange 2013 into our Exchange 2007 envionment without making any Connector changes right away. I plan on
leaving user mailboxs on 2007 for a few days, I just want install Exchange 2013 certificates.. I just want to make sure we have no mail flow
issues after I introduce the new server, and exchange 2007 will work until will start configuring 2013.
We did create a legacy.xxx.com DNS record for Internal to point to the 2007 server for later use.
Thanks
June 12th, 2015 at 1:13 pm
You are doing the exact thing I want to do, especially since Microsoft decided in their “infinite wisdom” to screw it up and move roles around again. I currently have an HTCAS front end and a mailbox backend- all 2007. I want to make sure that both servers can communicate properly. I can move the connectors when ready and have the proper cert. I plan to have a 2013 mailbox and 2013 CAS front end. I know the CAS 2013 is not the same. To me it is like the old 5.5 where you can do a front end back end but had to do a lot of Reg hacks to make sure the front end pointed properly to the back end. I want all inbound mail to eventually come in and go out the front end CAS server, even though it really is just forwarder. I want to keep the MX and SPF info the same, etc.
Question for you. My current mail.xxx.xxx cert on my 2007 HTCAS box is to be renewed over the next couple weeks. I already set up a new UC cert with GoDaddy. Did you set up your new cert on Exchange 2013 with Legacy.xxx.xxx, etc and export/import to 2007 or did you do the Exchange 2007 cert and do the reverse to Exchange 2013?
June 12th, 2015 at 2:51 pm
Babalou,
We are not going to use legacy.***.com from outside nor put it on our New Certifiacte. We only have a few OWA users, and what we will do is migrate
those users mailbox first to exchange 2013, thus no need for legacy.***.com, Prabhat also confirmed this would work. We are going to use our current Exchange 2007 certificate, for internal. mail.***.com
Once Exchange 2013 is installed we will request a new certificate with mail.***.com autodiscover.***.com and mail13.***.com (Internal Exchange 2013 name)
June 12th, 2015 at 2:58 pm
oh, gotcha. Makes sense then. They would use the new CAS for that. Prabhat, is it better to update the Exchange 2007 cert to include legacy for those who will have users still on 2007 that use OWA and export/import into Exchange 2013, or create new one on the 2013 box, and then export and import into the 2007 box? Or does it matter? Thanks.
June 12th, 2015 at 11:37 pm
Reply to Russ June 08
You can continue with 2007 mail flow.
Rest of the steps I have explained in the blog. I would recommend to go through the blog,
Reply to David June 11
1. No, cross forest has many different things. Check this blog https://msexchangeguru.com/2013/11/03/e2013crossforestmigration/
2. No issues if the relay through 2007.
3. Yes, your are correct on this.
June 13th, 2015 at 4:21 am
Reply to Babalou June 11
OWA and EWS use redirect and Outlook anywhere & activesync use proxy. Yes, 2010 is better and all protocol does proxy in coexistence with 2010
Reply to Russ June 12 10.25 am
First of all I am glad to see you guys are helping each other. Sorry, I get too busy at time that I can’t reply.
you are doing good here.
Reply to Babalou June 12 1:13 PM
you need to have legacy url else Exchange 2007 owa users will get the cert warning. so add legacy san in the cert.
Reply to Russ June 12 2:51 pm
You are good here but EWS still needs it so be prepared
REply to Babalou
It depends how many day you would like to run the coexistence and if your users will use EXCHANGE 2007 Owa and EWs. I would recommend to add legacy SAN name.
June 13th, 2015 at 5:11 am
@MMac
Outlook anywhere should be enable on all 2013 and 2010 servers. We dont need to change much on authentication, you can use basic on frontend exchange 2013 and outlook anywhere and windows integrated\
June 14th, 2015 at 11:02 am
Prabhat,
Started the Install Of Exchange 2013, all was going good.. Now I have been stuck for 2 hours on
8 of 15 Mailbox Role: Transport Service stuck at 93%. Help any Idea’s, I read you might need
ip6 enabled on all dc’s and exchange server, I did this, so far nothing. Current Production mailflow
is still going..
June 14th, 2015 at 1:48 pm
Is it 1st ex2013?
It may take sometime.
It should not interrupt any mail flow or client connectivity.
June 14th, 2015 at 2:29 pm
It is the first exchange 2013, it finally gave a error.. Not sure if I can past the error. It did not complete
but if you use Exchange powershell it shows both servers Old and new, Can I upload the word document
that has the screen shot with erros??
So fair Mailflow is still working, I’m a little worried right now.
June 14th, 2015 at 2:33 pm
Send me @ prabhat@msexchangeguru.com
June 14th, 2015 at 3:10 pm
ok sent you error
June 14th, 2015 at 3:22 pm
send me setup.log as well.
June 14th, 2015 at 3:49 pm
Okay file has been sent.
June 14th, 2015 at 5:53 pm
Russ:
Try to download a new dump and extract it locally on the server and rerun the setup. It should detect the old setup and continue from where it had left.
June 14th, 2015 at 8:29 pm
What do you mean a new dump? DO you mean re-download Exchange 2013 CU8? You think I have a bad download file?
I did extract to its local the first time..
June 14th, 2015 at 9:39 pm
Setup .log shows some files were missing. I replied to your email.
If you think you previous download was good then just rerun the setup and see if it moves forward.
June 14th, 2015 at 9:47 pm
I re-downloaded the CU8 file again, and re-ran setup. It went a little farther this time, but got another error.. The windows firewall is off.
Have no clue on why it wont complete the install clean.
June 14th, 2015 at 10:50 pm
I would suspect your OS. Rerun it. We need to complete the setup.
June 15th, 2015 at 10:01 am
Prabhat, is it better to update the Exchange 2007 cert to include legacy for those who will have users still on 2007 that use OWA and export/import into Exchange 2013, or create new one on the 2013 box, and then export and import into the 2007 box? Or does it matter? Thanks.
June 15th, 2015 at 11:19 am
New cert will be required. If you can add in the old cert then great.
June 15th, 2015 at 11:30 am
Thanks. My old cert is not a UC cert but I just ordered one. Also, my existing 2007 cert is going to expire in the next few weeks. I will just create a new one on the current Exchange 2007 one and then export and import into the new Exchange 2013 when it is built for future use.
June 15th, 2015 at 11:38 am
Make sure to add minimum 3 SAN names
For all Protocols – mail.domain.com
For 2007 owa and ews – Legacy.domain.com
Autodiscover – Autodiscover.domain.com
June 15th, 2015 at 11:43 am
Prabhat,
After your suggestion, I re-ran setup, it went farther went to final setup phase.. It seem to hang at 64% trying to start Unified Messaging service.
I was not paying attention to it, the next time I checked, the setup application was not running nor did it say complete and reboot. I re-ran setup
and it did not ask to continue with setup, like it was complete. I checked the setup log and it did look like it completed. So I rebooted exchange
manually, All the Exchange services are started.. I’m able to get into EAC. How can I verify I have a good exchange install and all its files are there, with all the times a had to re-run setup??
Thanks
June 15th, 2015 at 11:49 am
RE: 3 SAN names
Good call.
June 15th, 2015 at 11:51 am
Leave this server for now. Install new server.
If new server installation goes smooth then we can move the arbitration mailboxes to the 2nd server and uninstall 1st server and reinstall it.
Keep IP v6 disabled from registry- it has to be disabled in 2007 coexistence.