MX and firewall question

Posted on 2008-10-17
Last Modified: 2012-05-05
I am preparing to transition from a single 2003 Exchange server to a single 2007 Exchange server. After i verify the Mailbox store has been transferred and is functioning on the new server, i was planning on changing the new server's IP address to what the old server used. This is an attempt to avoid having to reconfigure the firewall or modify the MX recoed for our domain. Is there something i am not thinking of or will this work correctly?
Question by:lappladmin
  • 2
  • 2
LVL 57

Accepted Solution

Pete Long earned 400 total points
ID: 22741442
your reasoning is sound, thats what I usually do :)
assuming you are simply port forwarding SMTP/HTTPS and the rules are in place for the internal IP address then yes - you may need to restart the firewall (or issue a clear xlate command if its a cisco firewall) when you are done.

heres my usual field notes................

*****Exchange 2003 > 2007 Single Server*****
(Updated 300908)

This assumes the new server will hold the Mailbox, Hub transport, and Client Access Roles.

*****Pre Site Visit*****

1. To save time onsite it may be worth (If remote connection is available) downloading the relevant Service packs beforehand, particularly if the client  
has a slow internet connection.
2. On a single site the 2007 server will be x64 bit, - if you are replacing a x32 bit server that IS NOT R2 you will need a copy of the x32 bit Media to  
Extend the schema (x64 bit ADPREP fails!).
3. Exchange Server 2007 SP1 is 854MB have a copy handy before you visit site.
4. Any Antispam or third Party Applications (Like McAfee Groupshield make sure you have a copy that supports Exchange 2007)

*****Pre Exchange 2007 Install Server and domain Tasks******

1. Before you start, all existing Exchange 2000 servers should be at SP3 and all Exchange 2003 Servers should be at SP2.
Start > All Programs > Microsoft Exchange > System Manager > Administrative groups > First Administrative Group {NB yours may be name differently} > 
Servers >See the right hand pane for Build Numbers.

Build Numbers are.....

Microsoft Exchange 2000 Server                      6.0.4417                  October 2000
Microsoft Exchange 2000 Server (a)                  6.0.4417                  January 2001
Microsoft Exchange 2000 Server SP1                  6.0.4712                  July 2001
Microsoft Exchange 2000 Server SP2                  6.0.5762                  December 2001
Microsoft Exchange 2000 Server SP3                  6.0.6249                  August 2002
Microsoft Exchange 2000 Server post-SP3             6.0.6487                  September 2003
Microsoft Exchange 2000 Server post-SP3             6.0.6556                  April 2004
Microsoft Exchange 2000 Server post-SP3             6.0.6603                  August 2004
Microsoft Exchange Server  2003                     6.5.6944                  October 2003
Microsoft Exchange Server  2003 SP1                 6.5.7226                  May 2004
Microsoft Exchange Server  2003 SP2                 6.5.7638                  October 2005

Ref: M$ KB 158530

2. All Exchange 5.5 Servers need upgrading to Exchange 2000/2003 before you start.
 Note: If you have any Legacy AD connectors from an Exchange 5.5 Upgrade these need removing before you start. (If you remove it from add remove programs you might get an MSDE error  ignore the MSDE Error and it should uninstall. If not get the Media that AD Connector was installed from and run D:\ADC\Setup\i386\Setup.exe to get rid of it.) If all else fails you can remove the connector with ADSIEdit (Last resort)

3. Ensure all Domain Controllers are (At Least) SP1 Preferably SP2
 Note: You need 381Mb Free on the system plus 170Mb free space to install SP2.

4. Set the domain functional Level to "Windows Server 2003" (Windows Server 2000 will work). Start > Run > dsa.msc {enter} > Right Click the domain name  
> Raise Domain Functional Level > Select Windows Server 2003 > Raise > OK > OK.

5. Server needs mmc version 3 installing (Installed by Default on R2) (About 8Mb)
 Note: If your service packed up you may already have MMC 3.0 installed.

6. Server needs Powershell 1.0 or above installing. Http:// (About 2.5Mb)

7. Server needs the following windows components installing, Start > Run > appwiz.cpl {enter}

Application server > IIS > World Wide Web Services.
Application server > Enable network COM+ access.

Note: Unlike previous versions of Exchange SMTP and NNTP should NOT be installed.

8. Server needs the following windows components installing .net framework 2.0 (windows update)

9. Download and run the Exchange Best Practice analyser (Note this can save you many headaches due to Exchange 2003 problems.) Download it straight from M$ to get the latest version.

*****Pre Exchange 2007 Install Exchange Tasks******

1. Put the exchange Organisation into Native Mode. Start > All Programs > Microsoft Exchange > System Manager

2. Right Click the Organisation (highest entry) > Properties > General Tab > If it says Mixed mode (can support pre-Exchange 2000 Servers) then Press  
Change Mode (If it says Native Mode (no pre-Exchange 2000 Servers) then do nothing.

3. If you are raising the Operation Mode, Select Yes at the warning screen > Apply > OK.

4. Assuming the CD/DVD from which you are deploying exchange 2007 from is D: Start > Run > CMD {enter}

5. Execute the following command "d:\ /PrepareLegacyExchangePermissions" (2 Minutes).

6. When its done Execute the following command "d:\ /PrepareSchema" (5 to 10 minutes).

7. When its done Execute the following command "d:\ /PrepareAD" (2 to 3 minutes).

8. When its done Execute the following command "d:\ /PrepareDomain" (2 Minutes).

*****Install Exchange 2007*****

I have on one occasion needed to copy all the DVD/CD's contents to the server for Installation to be successful.

1. Assuming the CD/DVD from which you are deploying exchange 2007 from is D: Start > Run > CMD {enter}
2. Execute the following command "d:\Setup.exe"
3. Click Step 4 > Introduction Screen > Next Tick "I accept the terms...." > Next > Next > Select Typical.
4. Next > Browse > Locate your 2000/2003 Exchange Server > Select it > OK > Next
5. Exchange 2007 will now do some checks.

Note: If you receive a warning about replicating the free/busy folder see free/busy note below.

6. Click Install > When done > Finish.

7. Launch the Exchange Management Console > Ignore any Licence warnings.
8. Select Server configuration > Select the new Server > Action > Enter Product Key > Type in your Key > Read the Warning > Finish
9. The new 2007 Org will have 1 mailbox database and one Public folder database Expand Microsoft Exchange > Server configuration > Mailbox > Select the  
server > The Databases will be displayed in the center panel at the bottom.
10. You can select the databases > Right Click > "Move Database Path" to move them onto another partition.

*****free/busy Note******

1. You need to set up replication to the new Server. (If you got the warning message above)
2. On the OLD 2000.2003 Server > Start > All Programs > Microsoft Exchange > System Manager.
3. Administrative groups > First Administrative group > Folders > Right Click > View system Folders.
4. Expand Shedule+Free Busy > Select the Folder(s) below it > Right Click > Properties > Replication > Add > Select New Server > OK
5. Set Folder replication interval to "Always Run" > Set Replication message priority to "Urgent" > Apply > OK.
6. Right Click the folder again > All Tasks > Resend Changes > Select source (old) and Destination (New)
7. Set the resend changes made in the last days to 9999 > OK > Yes.
8. Other Public Folders are replicated like older versions of exchange (set up the replica on this server > Replicate the folders > Remove the original  

*****Point SMTP Feed to the New Server*****

The MX Record should now be pointing to the public IP of the new server OR the Firewall SMTP Port re-directs needs changing to the new server.

*****Migrate the Mailbox's*****

I usually migrate the domain administrators mailbox, test mail flow then move the rest of the mailboxes

1. Move the mailbox's, in EMC Expand Recipient configuration > Mailbox > Select the mailbox's to move > Move Mailbox.
2. Select the New Server > Next > Skip the mailbox > Next > Immediately > Next > Move.
3. If you do not have a server deployed as an Edge Transport Server then you need to add some settings, in the EMC > Server Configuration > Hub  
Transport > receive connector (Default {server name} > Properties > Permissions Groups > Tick Anonymous users.
4. Expand Organization Configuration > Hub Transport > Send connector > Right Click > New Send Connector > Give it a Name > Set Intended use to  
5. Next > Add > Simply enter an asterisk > Tick and sub domains >? OK > Next > Add a smart host if required > Next > Next > New > Finish.

NOW REBOOT the Exchange 2007 Server and Ensure the Microsoft Exchange Information Store Service Starts correctly when the server boots.

6. Move all the remaining Mailbox's.

Note: If a user has been disabled, and you try to move that users mailbox you will get an error.

*****Install Antispam Agents*****

1. Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
2. Execute the following commands
 cd "c:\Program Files\Microsoft Exchange Server\Scripts" {enter}.
./install-AntispamAgents.ps1  {enter}.
Net stop "Microsoft Exchange Transport" {enter}.
Net start "Microsoft Exchange Transport" {enter}.
3. Stop and restart the Exchange Management Console (NOT the exchange Management Shell).

Note: If the antispam Agents are installed remove the following folder from the backup (Or it will error).
C:\Program Files\Microsoft\Exchange Server\TransportRoles\

*****Decommission the OLD Exchange Server*****

Note: Clients with Older Versions of Outlook (Pre Outlook 2007) will need to log into their mailbox at least once before you remove the old server (To  
pick up the new mapping to their Mailbox).

1. On the Legacy Server Launch ESM > Recipients > Recipient update services > Change the server for all settings to the new exchange server.
2. If its a single server site you can now remove the Global Catalogue role from the Old Server and demote it to a member server.
3.  After everything is moved and tested you need to remove the connector from the 2000/2003/or to the 2007 org. On the Legacy exchange server launch  
the Exchange System Manager > Administrative groups > Routing Groups > Routing Group > Connector > Delete.
4. Remove the original Exchange server, note if you use public folders leave the Management tools installed as 2007 cannot manage them (from EMC  this  
is going to be fixed).

5. Re-run the Best Practice analyser against the 2007 server to make sure there are no problems.

*****Post Install Tasks*****

1. You may need to Exclude the following folder from the backup.
2. If OWA displays "Service Unavalable" See and run through the ASP.NET 2.0, 64-bit version section.

Author Comment

ID: 22741531
Exactly what i was looking for! Thanks Pete

Author Closing Comment

ID: 31507146
THaks again
LVL 57

Expert Comment

by:Pete Long
ID: 22746224
:) No probs - hope all goes well :)

and thanQ

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question