Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Exchange 2007 to Exchange 2010 - Is it possible to do without using a Legacy Host Name?

Posted on 2011-03-22
Medium Priority
Last Modified: 2012-05-11
This may be a bit long winded so apologies in advance.
We are currently in the process of migrating from Exchange 2007 to Exchange 2010 but we're facing some issues with setting up a legacy host name for coexistence.
Here's our current setup:

One internet facing Exch2007 CAS server behind a firewall (with port secured obviously).
One Exch2007 Hub Transport/Mailbox server (approx. 1200 large-ish mailboxes).
SSL UC cert with 5 names (maxed out) currently in use on 2007 CAS server.
FQDN of OWA (mail.externaldomain.com) resolves to one of our ISP assigned public IP addresses.
Firewall has DNAT rule setup to redirect incoming traffic for mail.externaldomain.com to the Exch2007 CAS server IP address.
Firewall has SNAT rule to stamp all outbound SMTP traffic with same public IP address mentioned above.

For reasons I won't go into here, we were unable to include any of our internal domain FQDNs on our UC cert. To work around this issue with autodiscover and internal Outlook clients, we've had to implement a second internal DNS forward look-up zone for our external domain and create one A record there for our external FQDN (mail.externaldomain.com) and give it the IP address of our Exch2007 CAS server.

Our Exchange 2010 setup will be basically the same as our Exch2007 setup above.

MS claim that for coexistence (after installing and configuring new Exch2010 CAS server), you must create additional A records in internal and external DNS zones for a legacy host name which will point to the IP address of the Exch2007 CAS server. Because of our unique (and ham-fisted) setup, we'd like to avoid doing this as it presents complications (we've only a few public IP addresses left which are to be allocated to MOSS and we've used up all of the names on our UC cert which is still valid for another 2 years and we plan to export it to the new Exch2010 CAS server so we don't want to have to get an additional one).
Is it possible to simply install the new Exch2010 CAS server (and export the current UC cert to it), give it the mail.externaldomain.com name, change the firewall DNAT rule to redirect mail.externaldomain.com to its IP address and then decommission the Exch2007 CAS server? If so, how would the new 2010 CAS server know how to redirect to Exch2007 for those users with mailboxes still on that server?
Thanks in advance for any help.
Question by:stedwardsitdept
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 74

Accepted Solution

Glen Knight earned 2000 total points
ID: 35189623
only if you don't want to provide remote access to both servers during the migration.

The legacy host name is so that the Exchange 2010 CAS server can redirect client requests to the 2007 CAS server.  if you are not worried about this or don't use external access then it is not required.

Author Comment

ID: 35191516
Unfortunately, we will want to have remote access available during the move so it looks like we'll have to go with the legacy host name option.
I understand that we'll have to create a A record in our external DNS zone for "legacy" that directs to the Exch2007 CAS server IP, but is it necessary to create same record for our internal DNS? Outlook 2007 uses autodiscover to look for SCP AD object which points to our Exch2007 CAS currently. Would the intstallation of the 2010 CAS server alter that record so that it points to 2010 CAS?
LVL 74

Expert Comment

by:Glen Knight
ID: 35191527
You don't need to do it for internal users, it's only for external access.

You will also need 2 public IP addresses, the legacy URL will point to 1 and the other will be for Exchange 2010
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!


Author Comment

ID: 35197481
Thanks for your help and swift responses on this.
Perhaps you can help clarify the redirection process a bit for me.
I understand that we will need to create the external DNS record for legacy and assign it a public IP address. I also understand that we will need to give the 2010 CAS server the original OWA FQDN (mail.externaldomain.com). Further, I know that we will need to obtain another UC cert for the 2010 CAS server that lists the legacy FQDN. My confusion comes in at how the 2010 CAS actually goes about performing the redirection. I've read that it sends requests for users still on Exch2007 back outside the organisation to look for that legacy record, but I'm unclear on how this is done. I've read that you must "publish" the legacy address, but this brings to mind technology used by Forefront, ISA, TMG, none of which we are using. Our CAS servers are internet facing and simply sit behind a firewall. I'm aware that we will need to configure the DNAT rules to send incoming connections for "legacy" to the 2007 CAS server and redirect connections for the original mail.external.com to the new 2010 CAS server. Can you enlighten me?
LVL 74

Expert Comment

by:Glen Knight
ID: 35197484
OK, basically when a client makes a request to the 2010 server, it will redirect the client to their 2007 CAS server using the LegacyURL option.

The redirection is then done silently and the client will request legacy.domain.com (for example) and get logged in.  This is why both URL's need to be available externally and why they need their own IP address because you cannot port forward the same port from a single external IP to 2 different destinations.

You don't need FTMG or ISA to achieve this.

Author Comment

ID: 35198771
Yes, I understand that much of it. I'm more enquiring about the details of what the 2010 CAS server is doing to the request it receives from Exch2007 users in order to redirect them to the new legacy URL. In other words, is it altering the request by stripping out the original URL, replacing it with the legacy URL, then pushing the request back out of the firewall/organisation so that it does a "u-turn" to look for that legacy FQDN? And what of the Set-OwaVirtualDirectory -Exchange2003URL cmdlet? Is that a necessary part of the process? I've read that it must be run in order for redirection to work.
LVL 74

Expert Comment

by:Glen Knight
ID: 35198822
>>In other words, is it altering the request by stripping out the original URL, replacing it with the legacy URL, then pushing the request back out of the firewall/organisation so that it does a "u-turn" to look for that legacy FQDN

Basically, yes.

>>And what of the Set-OwaVirtualDirectory -Exchange2003URL cmdlet? Is that a necessary part of the process?
You only need to use this if you still have Exchange 2003 servers.

Have a look at: http://blogs.technet.com/b/exchange/archive/2009/11/20/3408856.aspx

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question