thor_08
asked on
Simply question about exchange migration from 2003 to 2007.
Hi very good afternoon, I have a query.
We are doing a migration from Exchange 2003 to Exchange 2007
Our architecture of Exchange 2003 is as follows, is an Exchange Front End server and other back end
The front end server has no mailbox, only make traffic E-mail and authenticate users accessing outside the organization to OWA for example
We add an Exchange 2007 server back end with the 3 roles required. (HUB, CLIENT & Mailbox)
Moving a mailbox Back end of 2003 to 2007 and no problem,
Now I have a problem with owa
1) From outside the organization can not access the owa of the user who resides in the new exchange 2007.
I think it may be because the server front end Exchange 2003 does not know where to go for the mailbox for that user
can anyone help me?
Thanks
We are doing a migration from Exchange 2003 to Exchange 2007
Our architecture of Exchange 2003 is as follows, is an Exchange Front End server and other back end
The front end server has no mailbox, only make traffic E-mail and authenticate users accessing outside the organization to OWA for example
We add an Exchange 2007 server back end with the 3 roles required. (HUB, CLIENT & Mailbox)
Moving a mailbox Back end of 2003 to 2007 and no problem,
Now I have a problem with owa
1) From outside the organization can not access the owa of the user who resides in the new exchange 2007.
I think it may be because the server front end Exchange 2003 does not know where to go for the mailbox for that user
can anyone help me?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you require Exchange 2007 users to access OWA, then no. The process is to replace the front-end first with a CAS and HT server then the back-end.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey, thanks again
So the idea would be
unnistall the client access server role of our Exchange 2007 back end and install a new server in the DMZ with the role of client access server
If so, can I post the new server with another ip? and that they are living for a time the front end Exchange 2003 and Exchange 2007 front end (client access server)
The idea of thiss that I say:
That users have mailbox in Exchange 2003 point to exchange 2003 front end , users who are migrating point owa to the new Exchange Server 2007 client access server
is possible?
Thank you
So the idea would be
unnistall the client access server role of our Exchange 2007 back end and install a new server in the DMZ with the role of client access server
If so, can I post the new server with another ip? and that they are living for a time the front end Exchange 2003 and Exchange 2007 front end (client access server)
The idea of thiss that I say:
That users have mailbox in Exchange 2003 point to exchange 2003 front end , users who are migrating point owa to the new Exchange Server 2007 client access server
is possible?
Thank you
Yes, theoretically you can do that, but there is no need to keep the 2003 one running - all users can connect to the 2007 CAS. Install a new Exchange 2007 Server as a 'front-end' by installing it with the CAS role.
If you have the 2003 FE and 2007 CAS running, you will need two external IP addresses to forward the ports on, and users accessing Exchange 2007 would have to access a different one, thus the recommendation to simply replace the 2003 FE with a 2007 CAS. I would place the Hub Transport role on a 2007 CAS, too.
-tigermatt
ASKER
Hey guys, thanks again for the quick answers
The Hub Transport role is necessary to install on the same physycal server that the Client Access server?
The current transport hub I got it installed on the mailbox server (and now also access the client server)
And are all in the same Active Directory site.
The idea is that a server with the transport hub + mailbox server and one with the client access server
Thx
The Hub Transport role is necessary to install on the same physycal server that the Client Access server?
The current transport hub I got it installed on the mailbox server (and now also access the client server)
And are all in the same Active Directory site.
The idea is that a server with the transport hub + mailbox server and one with the client access server
Thx
Sorry, I should have made that more clear. If you were going to remove the Exchange 2003 Front End completely from the network, it would be my recommendation to have the Hub Transport role on the same server as the CAS. Since the Hub Transport server is where all incoming email is delivered, this would replicate the environment previously where mail is delivered to a 2003 FE.
You certainly can install the Hub Transport role on the Mailbox Server if you wished; just remember that port 25 for incoming mail, if you decommission the 2003 FE, must be forwarded to the Hub Transport server, while 443 goes to the CAS for OWA and RPC/HTTPS access.
-tigermatt
ASKER
you think of this scenario?
Not completely remove the front end Exchange 2003 server, which is for the routing of emails with internet
Open port 443 to join the Exchange 2007 back end is going to have installed the exchange mb, ca and hu server roles
That way, you could access by outsiders to owa mailboxes Exchange 2007 and Exchange 2003 that will be migrating.
what do you think?
Not completely remove the front end Exchange 2003 server, which is for the routing of emails with internet
Open port 443 to join the Exchange 2007 back end is going to have installed the exchange mb, ca and hu server roles
That way, you could access by outsiders to owa mailboxes Exchange 2007 and Exchange 2003 that will be migrating.
what do you think?
One thing to note that is important. The Client Access role is not supported in the DMZ.
Yes, that is definitely possible. However, it will come under the restriction I mentioned above - until the Exchange 2003 is removed, you must have a second public IP address for the Exchange 2007 CAS and Hub Transport server, and users on Exchange 2007 must remember to connect to OWA using that external IP address temporarily.
dsolaris, you would be surprised how many people will still find a way to make the CAS work in the DMZ, because it is 'safer', yet in fact it is actually a large security hole placing any Active Directory domain member in the DMZ, and should never be attempted, not even for an Exchange Server (with the exception of an Edge).
-tigermatt
I know how many people try it and want it for the "higher securoty" lol unfortunatly. Consultant myself.
Way to make it work and supported. Hehe, I always liked that. You can make anything work, but placing it in the DMZ and configuring everything to make it work as desiged. Not safer at all due to the the plithora of ports that you have to open. I bet you always like to fight that battle as much as I do. :-)
Thore, use this for a good starting point:
http://technet.microsoft.com/en-us/library/bb885041(EXCHG.80).aspx
Way to make it work and supported. Hehe, I always liked that. You can make anything work, but placing it in the DMZ and configuring everything to make it work as desiged. Not safer at all due to the the plithora of ports that you have to open. I bet you always like to fight that battle as much as I do. :-)
Thore, use this for a good starting point:
http://technet.microsoft.com/en-us/library/bb885041(EXCHG.80).aspx
ASKER
thanks again
ok, users accessing OWA are going to have to go through another IP.
Perfect.
when you make an uninstall Exchange 2003 server back end, there will be no problem routing between Exchange 2003 front end and back end 2007 exchange? (Except the mentioned problems about OWA)
Thank you
ok, users accessing OWA are going to have to go through another IP.
Perfect.
when you make an uninstall Exchange 2003 server back end, there will be no problem routing between Exchange 2003 front end and back end 2007 exchange? (Except the mentioned problems about OWA)
Thank you
> when you make an uninstall Exchange 2003 server back end, there will be no problem routing between Exchange 2003 front end and back end 2007 exchange? (Except the mentioned problems about OWA)
I think so, yes, but I wouldn't risk it myself; I would change the inbound port 25 port over to the IP of the Exchange 2007 Hub Transport as soon as possible.
ASKER
hello
In the link that mentions dsolaris said that not supported a front end Exchange 2003 server and Exchange 2007 back end.
?
Thanks!
In the link that mentions dsolaris said that not supported a front end Exchange 2003 server and Exchange 2007 back end.
?
Thanks!
Of course that is the case with OWA, I am not too sure on the inbound SMTP. It should thoeretically be able to route, but just to be sure I would still change the inbound port configuration in your firewall to the IP of the Exchange 2007 Hub, so mail can be routed without any hiccups.
-tigermatt
Yeh, mail routing will be fine from the DMZ, what I was mentioning is that it is not supported to have a CAS server in the DMZ. Basically, Tigermatt and I are saying the same thing.
ASKER
Thanks!!
the day I uninstall the 2003 back end server, will I have to point the traffic to the hub transport server?
It is assumed that the front end Exchange 2003 server can route Mails with the exchange 2007 back end server (for that, we live the Exchange 2003 front end)
Already you have not tried it, but maybe you know:)
Thanks!!
the day I uninstall the 2003 back end server, will I have to point the traffic to the hub transport server?
It is assumed that the front end Exchange 2003 server can route Mails with the exchange 2007 back end server (for that, we live the Exchange 2003 front end)
Already you have not tried it, but maybe you know:)
Thanks!!
Yes. Exchange 2003 front-end can relay mail to an Exchange 2007 back end.
But before you can install an Exchange 2007 Mailbox server you are required to have a Hub Transport Server, and for the most part a CAS server.
BUt those can all be running on the same system and you can remove them at any point later if you desire to run the CAS and HT role on different server.
But... there is a caveat there too. If you run the CAS role on a Mailbox server, it will modify the \Exchange virtual directory and will not properly proxy Exchange 2003 users. Have we confused you yet? lol
There are some temporary steps that you can take. Here is an example of a method we had to have a client use due to system contraints.
Pruchase one new machine. Build it out as the temporay Client Acces/Hub Transport Server.
Cut all services over to this temp system.
Decommision the Exchange 2003 Front-ENd server.
Rebuild it as the permanant Exchange 2007 CAS/HT server (if it is 64bit).
Cut all OWA and SMTP services over to the new Perm CAS/HT server.
Add the Mailbox Role to the new system and remove the CAS/HT roles.
Move your mailboxes to the 2007 Mailbox server.
Decommision and reallocate Exchange 2003 Back-End.
Kind of loopy but good way to do it if you desire to reuse existing hardware.
But before you can install an Exchange 2007 Mailbox server you are required to have a Hub Transport Server, and for the most part a CAS server.
BUt those can all be running on the same system and you can remove them at any point later if you desire to run the CAS and HT role on different server.
But... there is a caveat there too. If you run the CAS role on a Mailbox server, it will modify the \Exchange virtual directory and will not properly proxy Exchange 2003 users. Have we confused you yet? lol
There are some temporary steps that you can take. Here is an example of a method we had to have a client use due to system contraints.
Pruchase one new machine. Build it out as the temporay Client Acces/Hub Transport Server.
Cut all services over to this temp system.
Decommision the Exchange 2003 Front-ENd server.
Rebuild it as the permanant Exchange 2007 CAS/HT server (if it is 64bit).
Cut all OWA and SMTP services over to the new Perm CAS/HT server.
Add the Mailbox Role to the new system and remove the CAS/HT roles.
Move your mailboxes to the 2007 Mailbox server.
Decommision and reallocate Exchange 2003 Back-End.
Kind of loopy but good way to do it if you desire to reuse existing hardware.
ASKER
Hey, no problem.
their response are highly valued
Now I'm going to say the esceneario and you are going to say if what I raise this as well.
- I'm going to uninstall the CAS role of the current Exchange Server 2007 and I'm going to install a new server, all this so that can do a good job of proxy with users of Exchange 2003, ok?
- I'm going to publish this new server through an ISA Server with a new iP publishes.
In this way, users have mailbox in both exchange will be able to successfully access through OWA.
- I'm going to finish migrate from Exchange 2003 mailbox to exchange 2007
I'm going to uninstall the Exchange 2003 back end server
-I 'm going to uninstall the Exchange 2003 back end server
In this instance, there are going to publish a Ip for route emails (from the front end Exchange 2003 server to Exchange 2007 and HT MB)
and other IP for the CAS to use OWA
until everything is right there?
Thank you
until everything is right there?
Thank you
their response are highly valued
Now I'm going to say the esceneario and you are going to say if what I raise this as well.
- I'm going to uninstall the CAS role of the current Exchange Server 2007 and I'm going to install a new server, all this so that can do a good job of proxy with users of Exchange 2003, ok?
- I'm going to publish this new server through an ISA Server with a new iP publishes.
In this way, users have mailbox in both exchange will be able to successfully access through OWA.
- I'm going to finish migrate from Exchange 2003 mailbox to exchange 2007
I'm going to uninstall the Exchange 2003 back end server
-I 'm going to uninstall the Exchange 2003 back end server
In this instance, there are going to publish a Ip for route emails (from the front end Exchange 2003 server to Exchange 2007 and HT MB)
and other IP for the CAS to use OWA
until everything is right there?
Thank you
until everything is right there?
Thank you
Yeh that will work.
Yes that would be fine :)
ASKER
Thanks!!
Really Thanks!!
Really Thanks!!
ASKER
Thanks guys!
2 were excellent, I gave more points to dsolaris by the quick response,
But the truth than the 2 very good predisposition
Thanks real
2 were excellent, I gave more points to dsolaris by the quick response,
But the truth than the 2 very good predisposition
Thanks real
ASKER
hello again
I need your help, I have already installed the CAS, with this certificate by default.
I'm going to make the publication with the ISA server, as a beginning?
We have an internal CA, I request a certificate?
On the other hand is, I open a new question.
https://www.experts-exchange.com/questions/23841049/Configure-CAS-server-Role-in-exchange-2007-Publishing-Exchange-2007-OWA-with-ISA-Server-2006.html
Thank you
I need your help, I have already installed the CAS, with this certificate by default.
I'm going to make the publication with the ISA server, as a beginning?
We have an internal CA, I request a certificate?
On the other hand is, I open a new question.
https://www.experts-exchange.com/questions/23841049/Configure-CAS-server-Role-in-exchange-2007-Publishing-Exchange-2007-OWA-with-ISA-Server-2006.html
Thank you
ASKER
understanding what you told me, there are now an item.
The Exchange 2007 backend is inside the lan and can not by issues of security go to the DMZ and authenticate users from outside.
The question is, there is no possibility for me to stay the exchange's 2003 border and the Exchange 2007 back end?
Our idea in principle and for a time was only replace the back end Exchange 2003 server