Exchange 2010/2007 to 2013 Migration and Co-existence Guide
We don’t have a lot of guides out there helping with a step by step guide for the migration and co-existence of Exchange 2010/2007 to Exchange 2013So, here you go !!!
Update:
If you are planning to employ a third party product for migration – look no further. CodeTwo is a mature and reliable product for full blown Exchange migraiton from
Exchange 2003/2007/2010 – cross forest or cross domain migration:
Take a look here:
CodeTwo Exchange migration for Exchange 2003 to 2010/2013: Operational review: https://msexchangeguru.com/2013/11/24/codetwo-exchange-migration/
Download here:
Download Codetwo for free: http://www.codetwo.com/exchange-migration/
Before you proceed with the actual migration steps, these articles may be of interest to you:
Exchange 2013 CAS Role Demystified: https://msexchangeguru.com/2013/05/22/exchange-2013-cas/
Exchange 2013 High Availability demystified: https://msexchangeguru.com/2013/05/23/e2013-ha-demystified/
Load Balancing Exchange Server 2013 – Good to know stuff: https://msexchangeguru.com/2013/06/05/load-balancing/
Public Folders Migration from Exchange 2007/2010 to Exchange 2013: https://msexchangeguru.com/2013/04/18/exchange2013-public-folders/
Upgrade from Exchange 2013 CU1 or RTM to CU2: https://msexchangeguru.com/2013/07/10/install-e2013-cu2/
Monitoring and troubleshooting Exchange using powershell: https://msexchangeguru.com/2013/07/23/monitoring-powershell/
For Complex Exchange 2007 migration check the common errors here – http://blogs.technet.com/b/exchange/archive/2007/09/10/3403885.aspx
Check our multisite url and authentication blog here – https://msexchangeguru.com/2015/08/22/e20132007-urlsauth-multiadsite/
Preparing Exchange 2010/2007
-
Install the hotfix 2550886 for DAG failover improvements on Exchange 2010/2007 DAG servers.
-
Login to the Exchange 2010/2007 server with Schema Admins, enterprise admins, domain admins and organization management group member id as SP 3 will extend the schema.
-
Install Exchange 2010/2007 SP3 on all the exchange 2010/2007 servers in CAS then HT then mailbox role order if they are not on the same server
SP3 can be downloaded from the below link:
http://www.microsoft.com/en-us/download/details.aspx?id=36768
-
Check the below link for SP3 installation steps
https://msexchangeguru.com/2013/04/03/exchange-2010/2007-sp3/
Installing Exchange 2013
-
I would suggest going for Windows 2012 for Exchange 2013 but you can use windows 2008 R2 SP1 as well.
-
Install the windows 2012 server or Windows 2008 R2 SP1 on a new server and join the domain. It can be virtual or physical. Now Microsoft support virtualized mailbox role.
-
Run the windows update and install all the recommended updates.
-
You might like to configure windows NLB if you don’t have NLB hardware. Check the below blog on it. (optional) https://msexchangeguru.com/
2013/08/14/windowsnlb/ - For Active Directory preparation check the “step 3 preparing active directory” at the blog mentioned below: https://msexchangeguru.com/2013/04/29/install-e2013/
- Install the following prerequisites for Exchange 2013
For Windows 2012:
-
Open Windows PowerShell.
-
Run the following command to install the required Windows components.
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation
-
Restart the server.
-
http://www.microsoft.com/en-us/download/details.aspx?id=34992
-
http://www.microsoft.com/en-us/download/details.aspx?id=17062
-
http://www.microsoft.com/en-us/download/details.aspx?id=26604
For Windows 2008:
-
Open Windows PowerShell.
-
Run the following command to load the Server Manager module.
Import-Module ServerManager
-
Run the following command to install the required Windows components.
Add-WindowsFeature Desktop-Experience, NET-Framework, NET-HTTP-Activation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Web-Server, WAS-Process-Model, Web-Asp-Net, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI
-
Restart the server
-
http://msdn.microsoft.com/en-us/library/5a4x27ek(VS.110).aspx
-
http://www.microsoft.com/en-us/download/details.aspx?id=34595
-
Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit
http://www.microsoft.com/en-us/download/details.aspx?id=34992
-
http://www.microsoft.com/en-us/download/details.aspx?id=17062
-
http://www.microsoft.com/en-us/download/details.aspx?id=26604
6. Restart the server
7. Exchange 2013 Installation – Please follow the below link for the Exchange 2013 installation: https://msexchangeguru.com/2013/04/29/install-e2013/or Exchange 2013 SP1installation: https://msexchangeguru.com/2014/03/02/e2013sp1-installationupgrade/
Imp: You can directly install Exchange 2013 CU1 as well. If you directly install CU1 then you can skip step 12 – Testing mailbox move without CU1. If you are installing CU2 make sure you are installing CU2 V2.
If you are doing new installation then you can directly install Exchange 2013 CU1 which itself is a full setup. You can follow same schema update and AD preparation steps.
After Exchange 2013 installation the biggest challenge will be how to login to the EAC, there is no mailbox on Exchange 2013 and redirection or proxy is not configured to use the existing Exchange admin user.
If you are trying to access EAC for the first time and your mailbox is on Exchange 2010, you need to use the URL in the format:
https://Exchange2013ServerName/ecp?ExchClientVer=15
This is because in a co-existence scenario, your mailbox is still housed on the Exchange 2010 mailbox server, the browser will default to the Exchange Server 2010 ECP. Now if you want to access the Exchange 2010 ECP and your mailbox resides on an Exchange 2013 mailbox server, use the following URL:
https://Exchange2010ServerName/ecp?ExchClientVer=14.
Take a look at:
Working with EAC or Exchange administration center in Exchange 2013 – Part1: https://msexchangeguru.com/2013/01/16/eac-exchange-2013/
So you need to create a mailbox to administer Exchange 2013. We will follow the below steps:
- Create a mailbox in Exchange 2013 mailbox database.
- “New-Mailbox –name 2013Admin –userPrincipalName 2013Admin@domain.com –Database “2013 DBName””
-
Run Get-mailboxdatabase to check the database name
4. Give the permission to the mailbox to Administrate EAC.
Add the following group membership:
Domain Admins
Schema Admins
Enterprise Admins
Organization Management
Test mailbox migration without CU1 for Exchange 2013
-
Now, you should be able to login to EAC by going to the url https://localhost/ECP. If you will test the mailbox migration from Exchange 2010/2007 to Exchange 2013 before CU1 for Exchange 2013, it will be working but full co-existence will not work so it is a necessity to install CU1. As an example my Servers are mentioned below:
- EAC will show Databases from both the servers
- Now I am migrating the mailbox being Exchange 2010/2007 on SP3 and Exchange 2013 without CU1.
Created new mailbox in Exchange 2010/2007, you can see 2013 database is not showing here
- Database before move
- I have moved the mailbox from Exchange 2013 EAC to Exchange 2013 database. Now click on migration to check the status
- Now Refresh and you will see completed depends on the size of mailbox.
- Check the Database name has changed
Continue the Exchange 2013 CU1 installation
5. If you have not install CU1 version of exchange 2013 then this is the time to install Exchange 2013 Cumulative update 1 so that we avoid any co-existence issue. If you are doing new installation then you can directly install Exchange 2013 CU1 which itself is a full setup. You can follow same schema update and AD preparation steps mentioned in the Exchange 2013 installation article
Update 4/7/2014: Now – We can go for SP1 – https://msexchangeguru.com/2014/03/02/e2013sp1-installationupgrade/
6. Download the Exchange 2013 from the below link which is an Exchange 2013 setup with Cumulative update
http://www.microsoft.com/en-us/download/details.aspx?id=38176
7. Install the Exchange 2013 CU 1 with the help of below link:
https://msexchangeguru.com/2013/04/15/e2013-cu1-2/
Configuring Exchange 2013 and network
-
Transport Configuration
-
Send connector
1. Exchange 2013 reads exchange 2010/2007 send connector information. Click on the pencil icon to check and add exchange 2013 in the same send connector.
2. Click on scoping and + icon to add the server
3. Select the server and add, then click on and save. Send connector configuration completed.
3. Receive Connector
1. Add a receive connector as per the current connector configuration.
2. Select the 2013 server, oh what we have 5 connectors for what. Let me explain here.
3. You can see all 5 together here as I have CAS and Mailbox on same server. First 3 are for the CAS connector and remain 2 are for mailbox role.
4. I would link to explain the transport pipe line here which consists of the following services:
Front End Transport service – This service runs on all Client Access servers and acts as a stateless proxy for all inbound and outbound external SMTP traffic for the Exchange 2013 organization. The Front End Transport service doesn’t inspect message content, only communicates with the Transport service on a Mailbox server, and doesn’t queue any messages locally.
Transport service – This service runs on all Mailbox servers and is virtually identical to the Hub Transport server role in previous versions of Exchange. The Transport service handles all SMTP mail flow for the organization, performs message categorization, and performs message content inspection. Unlike previous versions of Exchange, the Transport service never communicates directly with mailbox databases. That task is now handled by the Mailbox Transport service. The Transport service routes messages between the Mailbox Transport service, the Transport service, and the Front End Transport service.
Mailbox Transport service – This service runs on all Mailbox servers and consists of two separate services: the Mailbox Transport Submission service and Mailbox Transport Delivery service. The Mailbox Transport Delivery service receives SMTP messages from the Transport service on the local Mailbox server or on other Mailbox servers, and connects to the local mailbox database using an Exchange remote procedure call (RPC) to deliver the message. The Mailbox Transport Submission service connects to the local mailbox database using RPC to retrieve messages, and submits the messages over SMTP to the Transport service on the local Mailbox server, or on other Mailbox servers. The Mailbox Transport Submission service has access to the same routing topology information as the Transport service. Like the Front End Transport service, the Mailbox Transport service also doesn’t queue any messages locally.
(from TechNet)
5. Here are the details about the receive connectors
When you install a Mailbox server running the Transport service, two Receive connectors are created. No additional Receive connectors are needed for typical operation, and in most cases the default Receive connectors don’t require a configuration change. These connectors are the following:
Default <server name> Accepts connections from Mailbox servers running the Transport service and from Edge servers.
Client Proxy <server name> Accepts connections from front-end servers. Typically, messages are sent to a front-end server over SMTP.
During installation, three Receive connectors are created on the Front End transport, or Client Access server. The default Front End Receive connector is configured to accept SMTP communications from all IP address ranges. Additionally, there is a Receive connector that can act as an outbound proxy for messages sent to the front-end server from Mailbox servers. Finally, there is a secure Receive connector configured to accept messages encrypted with Transport Layer Security (TLS). These connectors are the following:
Default FrontEnd <server name> Accepts connections from SMTP senders over port 25. This is the common messaging entry point into your organization.
Outbound Proxy Frontend <server name> Accepts messages from a Send Connector on a back-end server, with front-end proxy enabled.
By default we don’t route the outgoing email to CAS. If we have some mailgaurd or compliance requirement on a separate CAS server then we can use it. If we have CAS and mailbox role on the same server then we don’t need to configure this connector. We can simply disable it.
Client Frontend <server name> Accepts secure connections, with Transport Layer Security (TLS) applied.
6. So we have to configure “Default Frontend Servername” connector which is accepting the emails on port 25. Yes this is very important when you have both role on one server then Frontend will be 25 and backend will be 2525
7. You might need to check email address policies, this might needs to re-apply. If we have more than 3000 mailboxes then it is suggest applying from EMS.
To understand the mailflow we can read the below article: https://msexchangeguru.com/2012/08/09/e2013-mailflow/
Exchange 2013 Certificates
Create a new Exchange certificate on Exchange 2013: https://msexchangeguru.com/2013/01/18/e2013-certificate/
Use current certificate
For Export and import of the cert Please check here – https://msexchangeguru.com/2013/06/29/import-cert-e2013/
- Export the cert from Exchange 2010
- Import the cert to Exchange 2013
- Configure the external url. This is very simple in exchange 2013. You don’t need to go to every virtual directory property.
- Select the wrench mentioned below windows
5. Then this wizard will open, select the exchange 2013 server and give the external url and save it.
6. CAS Authentication will be “Use form-based authentication” on both Exchange 2013 and Exchange 2010/2007.
Database availability Group
We would like to configure a DAG for high availability with multiple databases. So we have 2 options.
1. DAG with IP. Check the below link to create a DAG with IP
https://msexchangeguru.com/2013/01/17/e2013-dag/
2. DAG without IP – This needs Exchange 2013 SP1 on Windows 2012 R2
Check the below link to create IP less DAG
https://msexchangeguru.com/2014/03/21/e2013sp1-ip-less-dag/
Update Feb 2015: If you have 2 datacenters expanded DAG then now you can configure your FSW in Azure which means your DAG can be configurable to 3 Data center expanded automated DAG. This will allow you to completely shut down the data center without loosing production connectivity. Here is the link to configure FSW in Azure – Using a Microsoft Azure VM as a DAG witness server
Move Arbitration and Discovery Search mailboxes
Follow the below steps to move all arbitration and discovery search mailboxes to final 2013 database.
Open EMS with run as administrator and run the following cmds
Get‐Mailbox –Arbitration | New‐MoveRequest –TargetDatabase TargetDBName
Get-Mailbox “*Discovery*” | New‐MoveRequest –TargetDatabase TargetDBName
Unified Messaging: Upgrade Exchange 2010 UM to Exchange 2013 UM
This is the optional step only for unified messaging configured organizations.
Please follow the below link to upgrade exchange 2010 UM to Exchange 2013 UM
http://technet.microsoft.com/en-us/library/dn169226(v=exchg.150).aspx
Configure Enabled Outlook Anywhere
For Exchange 2007
Set-OutlookAnywhere -Identity “2010 CasServerNameRpc (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName mail.domain.com -IISAuthenticationMethods {NTLM,Basic}
For Exchange 2010
Set-OutlookAnywhere -Identity “2010 CasServerNameRpc (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName mail.domain.com -IISAuthenticationMethods NTLM, Basic
Configure OAB
Run the below command to configure OAB for all databases
Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Default Offline Address List (Ex2013)”
Default Offline Address List (Ex2013) can be replaced by your custom named OAB.
Enabling and Configuring Outlook Anywhere
For Exchange 2007
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 8*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable-OutlookAnywhere -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName mail.domain.com -IISAuthenticationMethods NTLM, Basic
For Exchange 2010
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable-OutlookAnywhere -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName mail.domain.com -IISAuthenticationMethods NTLM, Basic
SCP – Service Connection Point Configuration:
Run the below command to configure SCP on Exchange Management Shell of 2007/2010/2013 separately:
get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.domainname/autodiscover/autodiscover.xml
SCP might be already configured on 2007/2010 server so you can also check it and use the same -AutoDiscoverServiceInternalUri. Run the below cmd to get current SCP on 2013 Shell
get-ClientAccessServer | fl name,AutoDiscoverServiceInternalUri
RemoteDomain:
Run the below cmd in EMS to allow auto forwarding, oof, auto reply and disable the possibility of winmail.dat from domino server.
Set-remoteDomain -AutoReplyEnabled $True -AutoForwardEnabled $True -TNEFEnabled $False -AllowedOOFType External
Pop/IMAP:
If you have pop3/imap4 users then you might like to configure 2013 for some addition configuration.
1. Configure the Basic authentication on EAC for CAS 2013
2. Start the services and change them to automatic.
Email address policy:
You might need this step if you organization was initially created on Exchange 2003.
1. Create a new email address policy if there is only one “Default Policy”.
2. Change the attributes of existing email address policy by running the below cmd
Get-emailaddresspolicy | Set-EmailAddressPolicy -RecipientFilter “Alias -ne $null” -IncludedRecipients AllRecipients
3. If you see the below error for the default policy then Remove “Default Policy” which was created in 2003 and will be in ready only mode in Exchange 2013.
Clean up health mailboxes:
When you remove default mailbox database, it does not remove health mailboxes which we can check by running the cmd and below warning will come. Health mailboxes are for the health service and they are specific for every database so we don’t need to move them rather we need to remove them.
Get-mailbox –monitoring
Mailboxes/HealthMailbox94863fe5394447619ec45c4e6b2dd971 has been corrupted, and it’s in an inconsistent state.
The following validation errors happened: WARNING: Database is mandatory on UserMailbox.
To fix this we need to delete user account in dsa.msc at yourdomain/Microsoft Exchange System Objects/Monitoring Mailboxes
Important: At the point configure your outlook for Exchange 2007/2010 mailbox and 2013 mailbox. If both are working from Internet then move to the next step.
CutOver :Updated 2007 part Feb 2015
Now it is the time to do cutover means point the connections to Exchange 2013. It can be done in few simple steps.
1. Create or change Public and Private DNS pointers.
a. autodiscover.domain.com will be pointing to the CAS 2010/2007 or Load balancer of CAS 2010/2007. So change the IP from Exchange 2010/2007 to 2013. In case of new installation or exchange 2007 environment we need to create new host record in DNS. This will be done on both internal and external
b. mail.domain.com (OWA/activesync/RPCoverhttp/mapioverhttp) Change the IP from Exchange 2010/2007 to Exchange 2013 CAS servers or Load balancer.
c. Create Legacy.domain.com host record in case of exchange 2007 co-existence in both public and private DNS. This will point to Exchange 2007 CAS servers or Exchange 2007 l0ad balancer CAS VIP.
2. Point your Spam Guard to forward all the emails to exchange 2013 to receive incoming mail via Exchange 2013.
3. Configure Spam Guard to accept emails from all Exchange 2013 Mailbox servers.
4. Configure all other application to send email to the Exchange 2013 Mailbox Servers.
5. Update PTR and SPF record if Exchange 2013 are sending the emails out directly.
6. In case of Exchange 2007, we need to update the following URLs and Authentications as well.
- EWS – Run the below cmd on Exchange 2007 EMS
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl https://legacy.Domain.com/EWS/Exchange.asmx -internalurl https://legacy.Domain.com/EWS/Exchange.asmx
- OWA – Run the below cmd on Exchange 2007 EMS
Get-OWAVirtualDirectory | Set-OWAVirtualDirectory -ExternalUrl https://legacy.Domain.com/OWA -internalurl https://legacy.Domain.com/OWA
- OWA – Run the below command to change the authentication method in Exchange 2007 EMS
Get-owaVirtualDirectory -identity “CASName1OWA (Default web site)” | Set-OwaVirtualDirectory -ExternalAuthenticationMethods FBA,basic
Exchange 2013 Mailbox Migration
So what are we waiting for… Let us begin the mailbox migration.
- Now you can run the following cmdlet to move bulk or single mailbox
Get-Mailbox –Database “Exchange 2010/2007/2007 Database” –OrganizationUnit “DN of the OU” | New-Move Request –TargetDatabase “Exchange 2013 Database”
2. You can monitor the migration by running the following cmdlet or going to the migration tab in EAC:
Get-MoveRequest
3. Once completed it will show the below window
For Cross forest mailbox migration check this link: https://msexchangeguru.com/2013/11/02/e2013crossforestmigration/
Public Folder Migration
-
Once we complete all mailbox migration then we can start the Public Folders migration.
For Public Folder migration use the below Link:
https://msexchangeguru.com/2013/04/18/exchange2013-public-folders/
- Test everything working and shutdown Exchange 2010/2007 server for 1 production week and observe if no issue reported then go ahead with the Exchange 2010/2007 removal process.
Known Issues:
Active Sync Config without Domain Name: https://msexchangeguru.com/2013/08/06/e2013mobiledomain/
OWA redirection broken page and SSL: http://www.expta.com/2013/05/owa-2013-cu1-redirection-is-broken-for.html – This was fixed in CU3
If you have pop/imap user go for CU2: https://msexchangeguru.com/2013/08/04/e2013popimapauth/
Mailflow misconfiguration: https://msexchangeguru.com/2013/08/03/e2013-2010mailflowissue/
Certifacate and cryptographic provider Issue: http://msitpros.com/?p=1770
Legacy Removal
-
Now we are in a position to remove exchange 2010. We can follow the below link for the exchange 2010/2007 removal.
https://msexchangeguru.com/2013/09/01/e20102007decomposte2013mig/
Hit us with questions
Prabhat Nigam | MVP Exchange
Team @MSExchangeGuru
Keywords: Exchange 2010 to exchange 2013 migration, how to migrate to Exchange 2013
February 19th, 2014 at 11:43 am
Hi Prabhat,
How do I re-map if mailboxes are auto-mapped in Outlook? I also tried to remove the full permissions and re-add it again but still auto-mapping does not work if Exchange 2010 primary mailbox is accessing Exchange 2013 auto-mapped mailbox.
Thanks,
February 24th, 2014 at 4:37 pm
Prabhat,
Thanks for all your help – hope you add “tips” button somewhere on here.
However, I am in “process” of migrating from 2010 on cross forest typology. For that I would still like to use my 2010 as a “front end” exchange server. Kill me but I am sill having issues with the relay.
Can you in short say what I am missing?
2010 – setup as Accepted Domains – Relay
2013 – has Accepted DOmains relay as well ( for same domain)
2013 – has send connector to route to 2010.
I am able to email outbound , only if I have smtp as * but its using a default connector and I dont want that.
February 24th, 2014 at 4:38 pm
Subscribed to this too.
February 24th, 2014 at 4:48 pm
@Ziva
So basically you wanted to send your domain email from Send connector 1 and rest of the email from Send connector 2(default)….
On Send connector 1 You should have used smart host pointing to 2010 transport server. If you are using this then in 2010 you need to add this servers IP in the receive connector with anonymous user.
On Send connector 2 You should let it use DNS to resolve MX. Make sure your 2013 server is able to resolve MX record using local dns in the tcpip properties.
February 27th, 2014 at 8:11 am
I uninstalled EX0213CU3 completely, then installed SP1 but broken SSL/TLS remains. Now it does not even find links to https://MailServer/owa or ecp. How do I issue new certificate for exchange and make it default certificate becaus new-exchange certificate without parameters does not help. I have few of certificates in store now. need to use powershell because cant get into ECP
March 4th, 2014 at 5:56 am
update. somehow I fixed SSL and now I at least get login window for ECP and for OWA, playing with different authentications i can get either loop (login window repeats after I enter credentials) or “bad user name or password”. I’ll try to ask very specificly what auth methods I need:
For Default Web Site/OWA:
For Default Web Site/ECP
For Exchange Back End/OWA
For Exchange Back End/ECP
Anythhing else I missed to mention?
Thanks
P.S. It is only 5 months trying to start EX2013 so I have like one month of patience left 🙂
March 4th, 2014 at 11:42 am
@laimis
See if this helps: https://msexchangeguru.com/2013/12/31/e20132007-urlsauth/
If not then give me the remote. 5 months is a big time. I have asked you via email. or open a support case with Microsoft.
March 13th, 2014 at 5:42 pm
Update on Laimis issue:
-Server was looking an old upgrade from 2003 to 2007 to 2013, so IIS had all extra directories which were causing problems.
-we also got the error:
Could not load file or assembly ‘Microsoft.Exchange.OwaUrlModule, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. This assembly is built by a runtime newer than the currently loaded runtime and cannot be loaded.
-We Removed IIS, then Removed Exchange 2013 then restarted the server.
-Now we installed IIS, then exchange 2013 SP1 and everything started working good.
March 13th, 2014 at 10:42 pm
Hello Prabhat,
I really appreciate if you able to provide an advise regarding co-existence Exhange 2010 and 2013, Single AD site. OWA/OutlookAnywhere pointed towards Exchange 2013 servers. Mailboxes are still on Exchange 2010 servers.
Exchange 2013 Virtual Directories Internal URLS and External URLS are same as company.domain.com
Question is what should be the recommended Exchange 2010 Virtual directories are Internal URLs and External URLs?
Thanks,
Raman
March 13th, 2014 at 10:50 pm
@Raman
Same URL as 2013 company.domain.com
March 13th, 2014 at 10:52 pm
Prabhat,
Thanks for your quick response
So all the virtual directories on 2010 and 2013 should have same External URL.
But that would not create a loop? And it would work for Outlook Anywhere and if you are connected on LAN keeping in mind Exchange 2010 users.
Thanks
Raman
March 13th, 2014 at 10:54 pm
I mean to say Outlook anywhere and RPC connections for Exchange 2010 users.
Exchange 2013 I believe would work fine.
I am just wondering when Exchange 2013 proxy the connections to back end Exchange 2010 CAS servers that would not create a loop?
Thanks,
March 13th, 2014 at 11:29 pm
Don’t worry. It will not create a loop. 2013 will proxy to 2010.
March 13th, 2014 at 11:30 pm
Prabhat,
What about autodiscoverinternalUri that should also be company.domain.com for all Exchange 2010 and 2013 CAS servers?
Thanks,
Raman
March 13th, 2014 at 11:31 pm
I mean autodiscover.company.com/autodiscover/autodiscover.xml
March 13th, 2014 at 11:34 pm
Same on both 2010 and 2013: https://autodiscover.domain.com/autodiscover/autodiscover.xml
March 17th, 2014 at 7:27 am
Hi Prabhat,
Thanks for your help on launching EX2013. Now I’m facing another issue: I need to reconfigure TMG2010 for Exchange 2013 and my questions are:
1. Will EX2013 server redirect mail to EX2007 out of box or some configuration has to be done?
2. I tried new OWA publishing rule for EX2013 and got in a loop telling that I should use https://mail.company.com/owa.
Entry for mail.company.com exists in DNS and is pointing to EX2013 server
When I try internaly to log 2007 user to 2013 OWA it generates an error and does not forward to 2007 OWA, should it be like this?
When i try mail.company.com/owa internaly it goes for 404 “page not found” error. what should I do there?
March 18th, 2014 at 12:43 pm
Hello Prabhat,
Is there a place on this where we can start a new question?
By the way following is the question I would like to put for some advise: –
===========================
We are currently running Exchange 2013 SP1 co-existence with Exchange 2010 SP3 Rollup 4.
Our Outlook Anywhere and OWA are pointed towards Exchange 2013 CAS servers.
User mailboxes are still on Exchange 2010.
Outlook Anywhere with Exchange 2010 mailboxes are able to connect via Outlook 2010.
The only issue is when Outlook Anywhere is being used from Internet or from Internal network and user goes in Outlook 2010 -> File -> Automatic replies get the following error: –
“Your automatic reply settings cannot be saved. The server might be unavailable, or your automatic reply message might have exceeded the size limit on the server”
This only occurs if connection goes via Exchange 2013 SP1 CAS server. It was working before and it seems it just broke down since we upgraded to Exchange 2013 SP1. In HTTPProxy EWS logs on Exchange 2013 SP1 CAS server I see this when I re-create the issue on Outlook 2010.
=================================
“2014-03-18T12:46:48.135Z,c64653f6-6b52-4657-8b3b-f9f1f5ece965,15,0,847,30,,Ews,messages.domain.com,/EWS/Exchange.asmx,,Negotiate,True,domain.com\id2013,,Sid~S-1-5-21-323741388-3570301916-4168597275-99094,Microsoft Office/14.0 (Windows NT 6.1; Microsoft Outlook 14.0.7113; Pro),10.90.234.35,VPLXCAS01,400,,,POST,Proxy,exch2010casserver.domain.com,14.03.0123.000,IntraForest,WindowsIdentity,,,,5423,,,,2,0,,0,,0,,0,0,0,0,1,0,,,,,,3,0,,2,,4,5,,,CorrelationID=;BeginRequest=2014-03-18T12:46:48.135Z;ProxyState-Run=None;DownLevelTargetHash=4/4/6;ClientAccessServer=exch2010casserver.atkearney.com;ResolveCasLatency=0;ProxyToDownLevel=True;BeginGetRequestStream=2014-03-18T12:46:48.135Z;OnRequestStreamReady=2014-03-18T12:46:48.135Z;ProxyState-Complete=ProxyRequestData;,StreamProxy=StreamProxy-Request-None;HttpException=Cannot find the appropriate SOAP header or body.;”
=========================
I have checked and double checked using https://testconnectivity.microsoft.com/ and there are no issues in “EWS”.
It works fine if user mailbox is on Exchange 2013 Sp1.
I was wondering if anyone has co-existence of Exchange 2013 SP1 and Exchange 2010 SP3 could you please test Exchange 2010 mailbox via Outlook Anywhere and see if you could re-create this issue. After spending a week on this I wonder if it is some sort of bug in Exchange 2013 SP1.
Thanks,
March 24th, 2014 at 12:43 pm
Hey, I am getting this error “There is a problem with the proxy server’s security Certificate. The name on the Security Certificate is invalid or does not match the name on the target site. Outlook is unable to connect to the proxy server. (error Code 0)
I have change out the cert multiple times, exported and imported from 2007 to 2013. Both servers have the same cert. I have done all the troubleshooting steps I could find online. The rpc url, purchased a new cert. installed the cert on local machine. I even build the 2007 and 2013 replica in a lab which does not have this problem at all.
When I am getting this problem is when I create a room calendar in 2013 and try to access it from a mailbox in 2007.
Anyone have this issue?
March 24th, 2014 at 12:48 pm
There is a possibility of design and never works. It should not be Legacy to NEW same thing applies to Modern PF. I will have to check on it.
March 24th, 2014 at 2:49 pm
Very nice article. I absolutely love this site.
Stick with it!
March 27th, 2014 at 3:28 am
Hi Prabhat.
We have exchange 2010 and exchange 2013 in co-existence. We have run in to a issue.
Exchange 2010 users cannot access ECP in OWA as it hangs once they click on options
Exchange 2013 users have no issues accessing the ECP.
The authentication across all the CAS servers is FBA
Header in OWA 2010 when we click on options : https://mail.domain.com/ecp/?rfr=owa
Header in OWA 2013 when we click on options : https://mail.domain.com/ecp/?rfr=owa&owaparam=modurl%3D0&p=account
Tried connecting to ecp using exchange 2010 CAS server https://casserver1.domain.com/owa and still does not work.
March 27th, 2014 at 1:36 pm
@Ahmad
What is the version of exchange 2013?
Try this url if this helps: https://Exchange2010ServerName/ecp?ExchClientVer=14
Also add Basic auth for OWA and see if this helps.
March 28th, 2014 at 8:05 am
First off…Great Article.
I am in the process of upgrading from Exchange 2007 to Exchange 2013. I already have both Exchange 2007 and 2013 installed on separate servers. I am kind of stuck with swapping over Outlook Anywhere and the other service URLs.
My current Exchange 2007 server has a hostname of ex1.domain.com and the same for internal and external DNS. Also, all of the service URLs point to the ex1.domain.com (e.g. https://ex1.domain.com/Autodiscover/Autodiscover.xml). My new Exchange 2013 server is called ex2.domain.com. I know I can swap the external DNS for the Exchange 2013 to ex1.domain.com without an issue but I will not be able to do the internal DNS because the Exchange 2007 hostname is ex1.domain.com.
What would be your recommendation for changing to the Exchange 2013 server?
March 28th, 2014 at 3:03 pm
@Matthew
Look for the URLs on this blog
https://msexchangeguru.com/2013/12/31/e20132007-urlsauth/
AutoDiscoverServiceInternalUri should be this on both server- https://autodiscover.domain.com/Autodiscover/Autodiscover.xml
Let me know if you still looking for some answers.
April 2nd, 2014 at 8:57 am
This a great article and thanks for the same, However we are finding difficulties in migrating OAB from 2010 to 2013. Do you have any article regarding the same?
Thanks in advance
April 2nd, 2014 at 9:47 am
Hey Sandeep,
You can’t move OAB from 2010 to 2013 because exchange 2013 has new OAB which can only be managed by shell
So go to exchange 2013 shell and type get-offlineaddressbook and you will see it.
New Oab is part of a arbitration mailbox.
Check this link
http://blogs.technet.com/b/exchange/archive/2013/01/14/managing-oab-in-exchange-server-2013.aspx
April 4th, 2014 at 4:28 pm
One problem I am missing is the free/busy between users in 2010 and 2013 exchange, how to go about that?
I looked into FIM etc but thats for GalSync not free/busy
April 4th, 2014 at 4:58 pm
@Ziva
We add the availability address space. Please look at the step on this technet link
http://technet.microsoft.com/en-us/library/bb125182.aspx
April 5th, 2014 at 1:12 am
Hey Prabhat,
Thanks for the update and we have turned off the Exch 2010 servers and OAB is working fine internally but we are not able to download OAB from external network. Have i missed anything?
I have updated the Virtual directories.
How do I check the functioning of OAB before I remove the old servers from network.
Thanks in advance
April 5th, 2014 at 2:48 am
Hi,
I also facing a similar issue, I am not able access https://CASServer.local/OAB either from internally or externally. Also internally only from outlook 2010 I am able to download OAB and when I try from outlook 2013 it doesn’t work says “Object not found”.
Do I need to add any DNS entries to access and download OAB externally?
Regards
April 6th, 2014 at 7:26 pm
I rarely write comments, however I browsed some of the responses on this page Exchange 2010/2007 to
2013 Migration and Co-existence Guide
April 7th, 2014 at 12:19 am
Hey Sandeep,
If OAB is working then it will work externally as well. Just verify the permission on the oab virtual directory.
By the way, how are you checking RPC over http?
April 7th, 2014 at 12:26 am
@Karthikeyan
Exchange 2013 uses arbitration mailbox to keep OAB. So go though this blog which will help you understand and maintain the OAB.
http://blogs.technet.com/b/exchange/archive/2013/01/14/managing-oab-in-exchange-server-2013.aspx
April 7th, 2014 at 1:19 am
Just fixed a simple issue and wanted to share a quick fix. This issue will come to the admins because inheritance gets removed if you are a domain admin and while moving your mailbox exchange will fail and give the below error.
“Error: MigrationPermanentException: Active Directory property ’homeMDB’ is not writeable”
As a quick fix open ADUC, enable advanced features, find your user account, go to the security tab, then advanced and enable inheritance.
April 7th, 2014 at 2:02 am
Hi Prabhat,
When I try to access address book from OWA it works, when I try to download from Outlook I get the error “Object not Found”
April 7th, 2014 at 2:31 am
Hey Sandeep
Owa uses GAL so its different.
The below command will configure the OAB for all databases. Have you run it. “Default Offline Address List (Ex2013)” is the name of the OAB created by 2013. Did you configure it? IF yes then verify permissions on OAB virtual directory.
Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Default Offline Address List (Ex2013)”
April 7th, 2014 at 4:17 am
Hi Prabhat,
As it was a migration from 2010, I migrated the system mailbox from 2010 to 2013. Name of my OAB is Offline Address Book (Ex2012).
[PS] C:\Windows\system32>Get-OfflineAddressBook
Creating a new session for implicit remoting of “Get-OfflineAddressBook” command…
Name Versions AddressLists
—- ——– ————
Offline Address Book (Ex2012) {Version4} {\Default Global Address List}
[PS] C:\Windows\system32>Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Default Offline Address List (Ex
2013)”
Couldn’t find offline address book “Default Offline Address List (Ex2013)” . Please make sure you have typed it
correctly.
+ CategoryInfo : NotSpecified: (:) [], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : A510CFFE
+ PSComputerName : irsauhcas01.irshad.ae
[PS] C:\Windows\system32>Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Offline Address List (Ex2012)”
Couldn’t find offline address book “Offline Address List (Ex2012)” . Please make sure you have typed it correctly.
+ CategoryInfo : NotSpecified: (:) [], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : FE6C3AE
+ PSComputerName : cas01.irshad.ae
[PS] C:\Windows\system32>Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Offline Address Book (Ex2012)”
[PS] C:\Windows\system32>
April 7th, 2014 at 10:44 am
So how is it going running?
Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Offline Address Book (Ex2012)”
April 10th, 2014 at 6:00 am
Howdy very nice blog!! Guy .. Excellent .. Amazing ..
I’ll bookmark your site and take the feeds also? I’m satisfied to seek out so many
useful info right here in the put up, we’d like work out extra techniques on this regard, thank you for sharing.
. . . . .
April 10th, 2014 at 11:46 am
Hi Prabht,
This is a great Blog, congrats.
I have the exact same issue as Matthew in post # 374 except we are migrating from 2010 to 2013:
Presently the front end server is the 2010. I have a “test” mailbox moved and tested successfully for mail flow in and out of the 2013 server through the 2010 server.
However, I want to set the 2013 as the front end server, for that I will export the SAN certificate from 2010 to the 2013 server and do a switch over, dns and mx to point to the 2013 server, so all external requests will hit the 2013 server and if a mailbox reside on the 2010 box, the 2013 will do the Proxying or redirect to the 2010 if required, so far I think all is well per all the MS KBs and the Exchange deployment Assistant tool. But as for devices that are used Internally & Externally such as laptops, iPhones etc. and even internal access through OWA, I think AD will direct requests wrongly strait to the 2010 as it carry the same host name as the 2013 imported certificate (is there any way to fool the AD DNS and redirect to the 2013 Box?).
To resume, after I have set the 2013 as a front end server I will have the followings:
External AND internal URI on the 2013
https://ex1.domain.com for all services
https://autodiscover.domain.com For SCP
EX1 server internal AD Is the 2010 server as it carry NetBios name: EX1 on the Internal Domain: domain.com, but the 2013 certificate uses the ex1.domain.com name. so users with Exchange 2013 mailboxes will be directed to the 2010 box as per AD DNS resolution and not to the 2013.
Also the autodicover will point wrongly internally to the 2010 server.
How to mitigate the situation as renaming an Exchange computer is out of the question.
Thanks in advance for any Insights.
Henri.
April 10th, 2014 at 11:56 pm
@Henri
Renaming computer is never recommended so I am with you on it.
1. Change the host file of the users desktop and deploy it using gpo until you are in a position to remove 2010.
or
Buy a new certificate. It is not so costly. Try Godaddy.com
2. Point your autodiscover to 2013.
April 16th, 2014 at 4:18 am
For most up-to-date information you have to pay a quick visit world wide web and on web I
found this web page as a best site for latest updates.
May 1st, 2014 at 4:08 am
Prabhat,
Coexisting with 2010/2013 SP1. Right now external outlook clients using OA (with cache mode enabled) get disconnected and reconnected almost every two minutes. Internally it works great. Online Mode works perfectly as well. Using NTLM for authenticating internally and externally. We have “mail.domain.com” for our internal and external hostnames. Pointing “mail.domain.com” to two 2013 CAS servers behide the load balancer with over ports 80/443. Not sure what could cause cached enabled Outlook users to disconnect and reconnect every two minutes.
May 2nd, 2014 at 9:41 am
@Steve
Try the following:
Bypass the load balancer and check.
Are we offloading SSL on Load balancer?
Verify if any service is restarting.
Remove one server from LB and check. Do the same for server2.
May 6th, 2014 at 9:01 pm
Good call on the load balancer Prabhat. That was it.
May 6th, 2014 at 9:05 pm
Journal Migration Question:
I have a two Journal mailboxes (From Exchange 2007 and From Exchange 2010). Would it be possible to manually move the .edb files and mount them on the Exchange 2013 Mailbox server move these extremley large mailboxes? If I did mount these Journal databases, would I be able run e-discovery searches from them in Exchange 2013?
May 7th, 2014 at 1:07 am
Hey Steve,
Trust me I ask this 1st thing when I spoke to Microsoft guys.
But unfortunately we can’t mount 2010 or 2007 DBs to 2013 because of the changes in the DB. Which means New 2013 DB has reduced IOPS requirement, more reliable and fast.
May 7th, 2014 at 3:48 pm
Thanks for the Update Prabhat
I have question regarding my issue with autodiscover.domain-name.com
I have purchased a new SAN Certificate for our 2013 Exchange server, so now we have two SAN certificate one for Exch2010 and one for the 2013, both certificates have the autodoscover.domain-name.com on it. The 2010 is the front server right now, we cannot access mailboxes on the 2013 from the Internet, as it is a backend server no public IP pointing to it yet. is there a way to access a 2013 mailbox by passing through the 2010 front end server?.
Note that I have not started real migration of mailboxes yet as I want to make sure that all is good before I move production mailboxes.
On the MS deployment assistance they suggest to run these commands, I am not sure what there for and if I can run them before I do a switchover to the 2013 as a frontend?:
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $True} | ForEach {Set-OutlookAnywhere “$_\RPC (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Exchange2013HostName -IISAuthenticationMethods NTLM, Basic}
and this one:
Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable-OutlookAnywhere -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Exchange2013HostName -IISAuthenticationMethods NTLM, Basic
Thanks again for help will greatly be appreciated. Henri
@Henri
Renaming computer is never recommended so I am with you on it.
1. Change the host file of the users desktop and deploy it using gpo until you are in a position to remove 2010.
or
Buy a new certificate. It is not so costly. Try Godaddy.com
2. Point your autodiscover to 2013.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
May 7th, 2014 at 4:12 pm
Henri – You can employ 2 separate certificates on Exchange servers. The only requirement is that all URL’s you employ should be added as a SAN name to the UCC certificate AND the URL’s on the Virtual directories on Exchange is set properly. Say you set webservices to the server FQDN whcih isnt a part of the cert – when clients try to connect Outlook will receive a certificate pop up.
In a typical migration scenario you:
1. Install Exchange 2013 and create some test mailboxes in it
2. Test OWA and Outlook connections internally
3. For OWA/ExchangeActiveSync and Outlook anywhere from External,create a different route to and from the internet and NAT those ip’s directly to Exchange 2013. Then test it.
4. Doing this will ensure your Exchange 2013 servers are working correctly and then you can start migrating some test mailboxes.
5. Once you ensure everything is working as expected, simply change the DNS entries to the new server during off business hours.
Hope that helps.
Ratish