Solved

Exchange 2003 to 2010 migration questions

Posted on 2011-03-16
10
742 Views
Last Modified: 2012-05-11
1. We are using a smart host/email spam appliance for all outgoing & external incoming mail. Do I need to configure the default received connector to allow for Anonymous? Or can I just leave it alone?


2. This maybe a result of the existing 2003 server but I notice that we have a send connector already and it’s pointed to our email spam appliance. Do I have to create another send connector as we have a number of distribution lists that contain external SMTP addresses that our users send mail to. We also have some servers email alerts to internal IT staff via Exchange. Can we just use the existing connector?
 

3. In Hub transport Client & Default receive connectors, “networks” setting, I assume this means the Nic adapter on the hub transport server that will be allowed to receive email. And not which remote IP address the hub server receive email from. Meaning if i have 1 nic card and my nic is 192.168.92.x, it would receive email from that IP. And it won't matter what the source ip is.

4. Do I need to create a new email address policy or can I work with the 2 that’s been created by default from the migration?

5. I don’t use ISA or TMG 2010 but I do use a web/spam appliance to filter mail, do I need to change the authentication properties for owa web app or can I leave it as default?
0
Comment
Question by:iamuser
  • 5
  • 4
10 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 35154884
1. We are using a smart host/email spam appliance for all outgoing & external incoming mail. Do I need to configure the default received connector to allow for Anonymous? Or can I just leave it alone?

it needs anonymous

2. This maybe a result of the existing 2003 server but I notice that we have a send connector already and it’s pointed to our email spam appliance. Do I have to create another send connector as we have a number of distribution lists that contain external SMTP addresses that our users send mail to. We also have some servers email alerts to internal IT staff via Exchange. Can we just use the existing connector?

Yes the connector you are seeing is the one of 2003, if you check it will have no source server.
Yes you will need to create another send connector with 2010 as source server


4. Do I need to create a new email address policy or can I work with the 2 that’s been created by default from the migration?
you don't need to create a new one

5. I don’t use ISA or TMG 2010 but I do use a web/spam appliance to filter mail, do I need to change the authentication properties for owa web app or can I leave it as default?

Leave it as default

0
 
LVL 41

Accepted Solution

by:
Amit earned 250 total points
ID: 35156374
0
 

Author Comment

by:iamuser
ID: 35157348
2. This maybe a result of the existing 2003 server but I notice that we have a send connector already and it’s pointed to our email spam appliance. Do I have to create another send connector as we have a number of distribution lists that contain external SMTP addresses that our users send mail to. We also have some servers email alerts to internal IT staff via Exchange. Can we just use the existing connector?

Yes the connector you are seeing is the one of 2003, if you check it will have no source server.
Yes you will need to create another send connector with 2010 as source server

You are right there is no source server but it looks like i have the option to add in a source server. And it let's me do it. Can I  just add in the 2010 server as the source server or is this one used for 2003 only?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35157900
No don't do this because they are in different routing groups, you should create another one for exchange 2010
0
 

Author Comment

by:iamuser
ID: 35158588
Active Sync

3. Enable Integrated Windows authentication on the Microsoft-Server-ActiveSync virtual directory on the Exchange 2003 back-end server. This allows the Exchange 2010 Client Access server and the Exchange 2003 back-end server to communicate using Kerberos authentication.

Install the hotfix located here, and then use Exchange System Manager to adjust the authentication settings of the Exchange ActiveSync virtual directory

Don’t use IIS Manager to change the authentication setting on ActiveSync Virtual Directory

Do the 2 servers have to communicate using kerberos? Can they work on basic authentication?

I can use ESM on exchange 2010 to probably change the authentication setting for active sync but  server manager in 2003 doesnt' allow for such a feature. Not that I can find
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 49

Expert Comment

by:Akhater
ID: 35159609
proxying always use kerberos and no you cannot make use basit authentication

You do should do this on your 2003 and not on 2010
0
 

Author Comment

by:iamuser
ID: 35160402
So change authentication to "integrated windows" on 2003 Back-end servers only.

The acess settings for the microsoft-server-active sync properties are all grey out on my backend exchange server. I can't access it to change it

0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 250 total points
ID: 35160420
So change authentication to "integrated windows" on 2003 Back-end servers only.
yes and don't change it just add integrated authentication and leave basic


The acess settings for the microsoft-server-active sync properties are all grey out on my backend exchange server. I can't access it to change it

yes you need a hotfix http://support.microsoft.com/kb/937031
0
 

Author Comment

by:iamuser
ID: 35160856
thanks, I thought you did the patch after the change.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35160862
actually you need it for the change :)
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now