Exchange 2007 to Exchange 2010 - Is it possible to do without using a Legacy Host Name?

Posted on 2011-03-22
Last Modified: 2012-05-11
This may be a bit long winded so apologies in advance.
We are currently in the process of migrating from Exchange 2007 to Exchange 2010 but we're facing some issues with setting up a legacy host name for coexistence.
Here's our current setup:

One internet facing Exch2007 CAS server behind a firewall (with port secured obviously).
One Exch2007 Hub Transport/Mailbox server (approx. 1200 large-ish mailboxes).
SSL UC cert with 5 names (maxed out) currently in use on 2007 CAS server.
FQDN of OWA ( resolves to one of our ISP assigned public IP addresses.
Firewall has DNAT rule setup to redirect incoming traffic for to the Exch2007 CAS server IP address.
Firewall has SNAT rule to stamp all outbound SMTP traffic with same public IP address mentioned above.

For reasons I won't go into here, we were unable to include any of our internal domain FQDNs on our UC cert. To work around this issue with autodiscover and internal Outlook clients, we've had to implement a second internal DNS forward look-up zone for our external domain and create one A record there for our external FQDN ( and give it the IP address of our Exch2007 CAS server.

Our Exchange 2010 setup will be basically the same as our Exch2007 setup above.

MS claim that for coexistence (after installing and configuring new Exch2010 CAS server), you must create additional A records in internal and external DNS zones for a legacy host name which will point to the IP address of the Exch2007 CAS server. Because of our unique (and ham-fisted) setup, we'd like to avoid doing this as it presents complications (we've only a few public IP addresses left which are to be allocated to MOSS and we've used up all of the names on our UC cert which is still valid for another 2 years and we plan to export it to the new Exch2010 CAS server so we don't want to have to get an additional one).
Is it possible to simply install the new Exch2010 CAS server (and export the current UC cert to it), give it the name, change the firewall DNAT rule to redirect to its IP address and then decommission the Exch2007 CAS server? If so, how would the new 2010 CAS server know how to redirect to Exch2007 for those users with mailboxes still on that server?
Thanks in advance for any help.
Question by:stedwardsitdept
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 74

Accepted Solution

Glen Knight earned 500 total points
ID: 35189623
only if you don't want to provide remote access to both servers during the migration.

The legacy host name is so that the Exchange 2010 CAS server can redirect client requests to the 2007 CAS server.  if you are not worried about this or don't use external access then it is not required.

Author Comment

ID: 35191516
Unfortunately, we will want to have remote access available during the move so it looks like we'll have to go with the legacy host name option.
I understand that we'll have to create a A record in our external DNS zone for "legacy" that directs to the Exch2007 CAS server IP, but is it necessary to create same record for our internal DNS? Outlook 2007 uses autodiscover to look for SCP AD object which points to our Exch2007 CAS currently. Would the intstallation of the 2010 CAS server alter that record so that it points to 2010 CAS?
LVL 74

Expert Comment

by:Glen Knight
ID: 35191527
You don't need to do it for internal users, it's only for external access.

You will also need 2 public IP addresses, the legacy URL will point to 1 and the other will be for Exchange 2010
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 35197481
Thanks for your help and swift responses on this.
Perhaps you can help clarify the redirection process a bit for me.
I understand that we will need to create the external DNS record for legacy and assign it a public IP address. I also understand that we will need to give the 2010 CAS server the original OWA FQDN ( Further, I know that we will need to obtain another UC cert for the 2010 CAS server that lists the legacy FQDN. My confusion comes in at how the 2010 CAS actually goes about performing the redirection. I've read that it sends requests for users still on Exch2007 back outside the organisation to look for that legacy record, but I'm unclear on how this is done. I've read that you must "publish" the legacy address, but this brings to mind technology used by Forefront, ISA, TMG, none of which we are using. Our CAS servers are internet facing and simply sit behind a firewall. I'm aware that we will need to configure the DNAT rules to send incoming connections for "legacy" to the 2007 CAS server and redirect connections for the original to the new 2010 CAS server. Can you enlighten me?
LVL 74

Expert Comment

by:Glen Knight
ID: 35197484
OK, basically when a client makes a request to the 2010 server, it will redirect the client to their 2007 CAS server using the LegacyURL option.

The redirection is then done silently and the client will request (for example) and get logged in.  This is why both URL's need to be available externally and why they need their own IP address because you cannot port forward the same port from a single external IP to 2 different destinations.

You don't need FTMG or ISA to achieve this.

Author Comment

ID: 35198771
Yes, I understand that much of it. I'm more enquiring about the details of what the 2010 CAS server is doing to the request it receives from Exch2007 users in order to redirect them to the new legacy URL. In other words, is it altering the request by stripping out the original URL, replacing it with the legacy URL, then pushing the request back out of the firewall/organisation so that it does a "u-turn" to look for that legacy FQDN? And what of the Set-OwaVirtualDirectory -Exchange2003URL cmdlet? Is that a necessary part of the process? I've read that it must be run in order for redirection to work.
LVL 74

Expert Comment

by:Glen Knight
ID: 35198822
>>In other words, is it altering the request by stripping out the original URL, replacing it with the legacy URL, then pushing the request back out of the firewall/organisation so that it does a "u-turn" to look for that legacy FQDN

Basically, yes.

>>And what of the Set-OwaVirtualDirectory -Exchange2003URL cmdlet? Is that a necessary part of the process?
You only need to use this if you still have Exchange 2003 servers.

Have a look at:

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question