FattyPo
asked on
Migration or Transition to exchange 2010
Hi i have the scenario where we would like to upgrade to exchange 2010 from 2003. However at the same time i have the opportunity to rebuild the domain as i have inherited issues that appear to have never been fully rectified and seem to have been migrated as the servers have been changed over the years.
My ideal scenario is.
To build a complete new domain on Server 2008 with exchange 2010, then migrate or transition the exchange data in.
Can anyone recommend any good articles about this, or advise if this is in deed possible?
Many thanks
My ideal scenario is.
To build a complete new domain on Server 2008 with exchange 2010, then migrate or transition the exchange data in.
Can anyone recommend any good articles about this, or advise if this is in deed possible?
Many thanks
This will not be pretty no matter what you do. Migrating user accounts then migrating exchange to a new domain on a new x64 server. Then attaching mailboxes to users. Most people just suck it up and work on the domain they have!
ASKER
could i not back the pst files and public folders up for each individual and the re-import them to a new domain?
Whatever method you use for getting the data from exchange you will still have to map the users to the mailboxes in order for them to reconnect. How long are your users going to be happy with not having mail?
ASKER
i have the xmas week as the window to conduct the works. So i could have 3 days.
could i not back the pst files and public folders up for each individual and the re-import them to a new domain?
Yes you can do this. It is purely a matter of time as you will have to also re-create all the users, and rejoin all the computers to the new domain, and give everyone new profiles etc etc.
Yes you can do this. It is purely a matter of time as you will have to also re-create all the users, and rejoin all the computers to the new domain, and give everyone new profiles etc etc.
ASKER
thats what i was planning, as the domain desperately needs rebuilding. There just seems to be issue after issue. So i was going to build a new domain. Backup all pst's and drop all computers of the current domain. Rejoin all the computers/users to the new domain and then import the pst.
How many users, how many mailboxes, how many AD groups, how many SQL groups?
Remember any rights you have set in databases, mailboxes, rights to files.....basically anything from AD will have to be recreated if you want a new domain. Oh and you will have to rejoin every PC to the domain.....
In fact the more I think on this the more ugly it gets!
....new DNS.....
....new DHCP....
....new group policy....
.....setup login scripts....
...folder redirection......
....exchange AD expansion.....
...dont do it!
Remember any rights you have set in databases, mailboxes, rights to files.....basically anything from AD will have to be recreated if you want a new domain. Oh and you will have to rejoin every PC to the domain.....
In fact the more I think on this the more ugly it gets!
....new DNS.....
....new DHCP....
....new group policy....
.....setup login scripts....
...folder redirection......
....exchange AD expansion.....
...dont do it!
ASKER
so would the best suggestion be.
Build new server exchange 2010 and migrate the information from the old server and then drop that of the domain? the thing everyone hates even though it's petty is the domain name. It it is the old company name with a .co.uk not .local or .dom.
Build new server exchange 2010 and migrate the information from the old server and then drop that of the domain? the thing everyone hates even though it's petty is the domain name. It it is the old company name with a .co.uk not .local or .dom.
You shouldn't need to build a completely new domain. It wouldn't float when you balance effort versus time, not to mention it annoys people when they lose all their settings.
The only supported method from Exchange 2003 to 2010 is the migration strategy and I certainly wouldn't try anything else.
If you target your GPOs properly (i.e. appropriate security groups or OUs, migrating one site at a time) you can also migrate from your current environment to what you might consider a more appropriate AD environment without affecting the users. It all comes down to proper testing. The more effort you put into the testing phase, the smoother the eventual transition will go.
A basic outline I would follow is to use the current AD and get Exchange 2003/2010 message flow working properly with a few test users, practicing the migration of those users from 2003 to 2010 within the current environment to make sure everything works as expected.
I would then implement the new AD OU struture to hold users/groups/computers and setup the appropriate GPOs.
I would then test that a new user in the new environment works correctly i.e. GPOs including folder redirection, IE settings, etc.
I would setup a few test users and test the migration from the old environment to the new one. This would include migrating the mailbox, moving the user and computer objects to the new OUs.
Once all the testing is done and you're sure the migration will go as planned, you can start migrating users in small batches. I performed approximately 1 branch per day which meant about 8-10 users. Don't bite off more than you can chew. It took a while to migrate 250 users but it went flawlessly. The main thing is you need to make sure mail flow is working correctly before trying to perform the production migration.
The only supported method from Exchange 2003 to 2010 is the migration strategy and I certainly wouldn't try anything else.
If you target your GPOs properly (i.e. appropriate security groups or OUs, migrating one site at a time) you can also migrate from your current environment to what you might consider a more appropriate AD environment without affecting the users. It all comes down to proper testing. The more effort you put into the testing phase, the smoother the eventual transition will go.
A basic outline I would follow is to use the current AD and get Exchange 2003/2010 message flow working properly with a few test users, practicing the migration of those users from 2003 to 2010 within the current environment to make sure everything works as expected.
I would then implement the new AD OU struture to hold users/groups/computers and setup the appropriate GPOs.
I would then test that a new user in the new environment works correctly i.e. GPOs including folder redirection, IE settings, etc.
I would setup a few test users and test the migration from the old environment to the new one. This would include migrating the mailbox, moving the user and computer objects to the new OUs.
Once all the testing is done and you're sure the migration will go as planned, you can start migrating users in small batches. I performed approximately 1 branch per day which meant about 8-10 users. Don't bite off more than you can chew. It took a while to migrate 250 users but it went flawlessly. The main thing is you need to make sure mail flow is working correctly before trying to perform the production migration.
Once you've performed the migration, it's not difficult to perform a domain rename later. I would consider a domain rename to be the least of your problems. It doesn't stop people getting their job done.
My recommendation would be to tackle this in stages. One possible way to go would be to throw up your new forest with Exchange. This would then be considered a resource forest temporarily. You can then move mailboxes with powershell or the EMC and link them back to the accounts which would still reside in your original forest (connect via a two-transitive trust). Once you're up and running you can proceed to migrate the accounts using ADMT.
Is it their logon names they dont like or the domain name? The domain name cannot be changed too easily but you can always add an 'alias style' name so they logon with a different bit after the @ symbol.
e.g. mydomainname.co.uk can have mydomainname.com as well
You can add UPN names from AD domain and trusts.
e.g. mydomainname.co.uk can have mydomainname.com as well
You can add UPN names from AD domain and trusts.
ASKER
Hi all, apologies for abandoning this question. Family illness has kept me away for a few months. I have taken the advice on board. I have currently got a new 2008 R2 server on the domain, fully updated, but have not installed exchange 2010 as yet.
Is there a good document to follow for adding the new exchange server 2010 into the domain and then migrating the users to the new exchange. Domain etc... at this stage as previously posted is off no relevance. I just need to get the users onto exchange 2010 from 2003 and drop that server of the network.
Many thanks, and once again apologies for not responding.
Is there a good document to follow for adding the new exchange server 2010 into the domain and then migrating the users to the new exchange. Domain etc... at this stage as previously posted is off no relevance. I just need to get the users onto exchange 2010 from 2003 and drop that server of the network.
Many thanks, and once again apologies for not responding.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
thanks, good to be back!
I have printed the rapid transition guide and will start this tomorrow on site. Many thanks for the prompt response.
Have you got a rough time scale this process takes? as I guess I will need some downtime so will need to book some out of hours with the client.
I have printed the rapid transition guide and will start this tomorrow on site. Many thanks for the prompt response.
Have you got a rough time scale this process takes? as I guess I will need some downtime so will need to book some out of hours with the client.
If you do it right there is no downtime to the client, only while their actual mailbox in in the process of being moved. Outlook will detect the new server the next time they start outlook and away they go. You eventually take the old server ofline and noone notices.
I generally do it all during work hours and start the mailbox move to run overnight. Leave the old server on the network for a little while until everyone has connected at least one anc been referred to the new server, then take it off the network. Users won;t even know the sever has changed (except searches work better, webmail is better, it is faster, and they have more mailbox space). But apart from all the good things they never saw you goto their computer.
I can do the whole thing in a day for a small site, the longest process is moving the mailboxes, 5GB per hour is as fast as this will go unless you have blisteringly fast hardware on your 2003 server. but like I said let this run overnoght (Disable mailbox maintenance if it is going to clash with that time window on the 2003 server)
I generally do it all during work hours and start the mailbox move to run overnight. Leave the old server on the network for a little while until everyone has connected at least one anc been referred to the new server, then take it off the network. Users won;t even know the sever has changed (except searches work better, webmail is better, it is faster, and they have more mailbox space). But apart from all the good things they never saw you goto their computer.
I can do the whole thing in a day for a small site, the longest process is moving the mailboxes, 5GB per hour is as fast as this will go unless you have blisteringly fast hardware on your 2003 server. but like I said let this run overnoght (Disable mailbox maintenance if it is going to clash with that time window on the 2003 server)
ASKER
thanks I will do this tomorrow and let you know.
if its your first time, it will take you longer :) don't expect to get it all done tomorrow..... but take your time and do it right.
ASKER
Hi, i am running the analyser tool and i keep getting an error on the BES server saying that it is not on the correct sp. I have confirmed that it is on SP2 but it appears the credentials cannot read the registry.
Any ideas?
Thanks
Any ideas?
Thanks
BES Server? or SBS Server?
ASKER
BES server, i have followed the MS article but cannot connect apparently
Where did BES come into it? we were talking about migrating Exchange?
What analyser tool are you running? MSBPA? or some other?
Are you following steps from
http://technet.microsoft.com/en-us/exdeploy2010/default.aspx#Index
or
http://www.msexchangegeek.com/2010/01/30/rapid-transition-guide-from-exchange-2003-to-exchange-2010/
I recommend the microsoft article.
What analyser tool are you running? MSBPA? or some other?
Are you following steps from
http://technet.microsoft.com/en-us/exdeploy2010/default.aspx#Index
or
http://www.msexchangegeek.com/2010/01/30/rapid-transition-guide-from-exchange-2003-to-exchange-2010/
I recommend the microsoft article.
ASKER
I am migrating the exchange 2003 server but as i have a BES on the network as well which has exchange components installed to run. The MS analyser warns me that Exchange 2010 cannot be installed until this is upgraded? or should i just ignore this?
How many users on BES?
What version?
If it is only a small number of users I would ignore it, BESdoes complicate matters a lot, and you might need to re-activate the handsets.
Personally I would just forge on... BES is pretty easy to re-install. There will be a whole lot of permissions changes that need to be made for BES to work with 2010, and re-installing it might be easier anyway.
What version?
If it is only a small number of users I would ignore it, BESdoes complicate matters a lot, and you might need to re-activate the handsets.
Personally I would just forge on... BES is pretty easy to re-install. There will be a whole lot of permissions changes that need to be made for BES to work with 2010, and re-installing it might be easier anyway.
ASKER
ok thanks, only 15 users and we are going to change it to BIS anyay afterwards as you don't have to pay the networks a husge fee each month.
Forge on then.....
good luck - I am in australia so going to bed. bye for now.
ASKER
cheers many thnkas
ASKER
Hi aoakeley, it will not let me forge on without it recognising the BES server being on SP2. Appreciate you are now in bed. So touch base tomorrow.
Thanks
Thanks
What version of BES is the BES Server?
Does the BES server have the Exchange Management tools, installed on it? or what components of exchange are there? you should be able to uninstall any exchange components on there and just leave the MAPI connectivity
Does the BES server have the Exchange Management tools, installed on it? or what components of exchange are there? you should be able to uninstall any exchange components on there and just leave the MAPI connectivity
Hav you also just tried re-running Exchange SP2 on the BES Server?
ASKER
Hi I have run the SP2 upgrade again on the server, the BES is 4.1. I spoke with the mobile operator yesterday and they informed me that this will not work with Exchange 2010 so they reckon there is something in the software that does not allow for the upgrade.
But that being true or not the BES is going to stop working after the upgrade anyway, so my plan now is to back all the handsets up, drop the BES of the network. Install Exchange 2010, migrate everyone as planned. Install BES express, which was planned anyway and reconnect the devices.
Unfortunately i am trying to co-ordiante when i can have all the handsets, which is looking like end of next week.
But that being true or not the BES is going to stop working after the upgrade anyway, so my plan now is to back all the handsets up, drop the BES of the network. Install Exchange 2010, migrate everyone as planned. Install BES express, which was planned anyway and reconnect the devices.
Unfortunately i am trying to co-ordiante when i can have all the handsets, which is looking like end of next week.
> the BES is 4.1. I spoke with the mobile operator yesterday and they informed me that this will not work with Exchange 2010
No it won't. This is why I asked you for the version number a few times.
You can still install 2010, just leave the mailboxes with BES handsets on the old server until you install the new BES. Then you can just move the mailbox and put the user on the new BES at the same time. That way you can manage it. You will need to install the new BES on a different server, but nothing to stop you having two BES servers on the same network.
No it won't. This is why I asked you for the version number a few times.
You can still install 2010, just leave the mailboxes with BES handsets on the old server until you install the new BES. Then you can just move the mailbox and put the user on the new BES at the same time. That way you can manage it. You will need to install the new BES on a different server, but nothing to stop you having two BES servers on the same network.
ASKER
I can install the BES express, but i still can't install 2010, as i cannot prepare the permissions and schema as it fails due to the current BES server not being seen on SP2.
Sorry i must have missed the version request.
Sorry i must have missed the version request.
How about this for a plan.
Install a new BES on a new server
Move all the handsets to the new server in a controlled manner
Decomission the old sevrer
Upgrade exchange
voila!
Install a new BES on a new server
Move all the handsets to the new server in a controlled manner
Decomission the old sevrer
Upgrade exchange
voila!
ASKER
Hi, i am just in the process of putting a server together for the BES express install. I then plan to move the users over the next couple of days as they are in the office. Then i will remove BES. And upgrade as you say :-)
ASKER
Hi, i have blackberry users that i will move shortly then i will start on the install of 2010. I have one stupid question. If i migrate the mailboxes to the new server and the end user should not notice anything. How does the firewall handle the smtp traffic as it points to the IP of the 2003 exchange server?
Thanks
Thanks
While the 2003 server is still there mail will be forwarded from the 2003 serevr to the 2010 server.
Once you remove the 2003 serve you will have to change the firewall to port forward to the new server
Once you remove the 2003 serve you will have to change the firewall to port forward to the new server
ASKER
cool, thanks.
the fact that you are asking such a basic question scares me a little..... but lets keep moving on.... :)
ASKER
hi ya, right got all the way through the seup using the 2010 + SP1 install files and it failed on installing the mailbox role with the following error.
Couldn't resolve the user or group "domainname/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
The trust relationship between the primary domain and the trusted domain failed.
I have followed a few articles to no avail. And when i run exchange maintenance to try and install the role it is greyed out as if it is installed. Any ideas?
thanks
Couldn't resolve the user or group "domainname/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
The trust relationship between the primary domain and the trusted domain failed.
I have followed a few articles to no avail. And when i run exchange maintenance to try and install the role it is greyed out as if it is installed. Any ideas?
thanks
ASKER
but i have read few articles that would suggest completely uninstalling exchange 2010 and reinstalling from scratch?
Is all your dns correct? Does the server only point to a domain DNS server?
Does the group exist?
Is this a single domain? Or is there a trust?
I would uninstall and reinstall with a SP0 (rtm) disk
Does the group exist?
Is this a single domain? Or is there a trust?
I would uninstall and reinstall with a SP0 (rtm) disk
ASKER
Dns is all correct, the server only points to a domain dns server. this is a single domain. It started windoews updates for SP2 and i can't seem to find a way of uninstalling it?
doesn't give me the option.
doesn't give me the option.
so you are saying it started windows updates for Windows SP2 or Exchange 2010 SP2 during the install?
Looks like you are in a right mess. Blow away the seerver and start again.
Looks like you are in a right mess. Blow away the seerver and start again.
ASKER
exchange 2010 SP2 not server
of course... server 2008R2 not up to SP2.....
Let the service pack run
Does the group domainname/Microsoft Exchange Security Groups/Discovery Management. exist?
Let the service pack run
Does the group domainname/Microsoft Exchange Security Groups/Discovery Management. exist?
ASKER
where would i check for that?
AD users and computers
ASKER
yes discovery management does exist
has the exchange SP2 upgrade completed?
Can you add the mailbox roll now?
Can you add the mailbox roll now?
ASKER
sp2 has completed but the mailbox role failed due to admin tools not being present.
ASKER
i would quite happily uninstall the exchange 2010 and reinstall but i can't find anyway of uninstalling it?
ASKER
on the exchange 2010 sp2 upgrade everything passes on the readiness checks. Shall i run the upgrade process again?
ASKER
Summary: 5 item(s). 5 succeeded, 0 failed.
Elapsed time: 00:01:31
Configuring Prerequisites
Completed
Elapsed Time: 00:00:13
Languages Prerequisites
Completed
Elapsed Time: 00:00:31
Hub Transport Role Prerequisites
Completed
Elapsed Time: 00:00:21
Client Access Role Prerequisites
Completed
Elapsed Time: 00:00:12
Mailbox Role Prerequisites
Completed
Elapsed Time: 00:00:11
Elapsed time: 00:01:31
Configuring Prerequisites
Completed
Elapsed Time: 00:00:13
Languages Prerequisites
Completed
Elapsed Time: 00:00:31
Hub Transport Role Prerequisites
Completed
Elapsed Time: 00:00:21
Client Access Role Prerequisites
Completed
Elapsed Time: 00:00:12
Mailbox Role Prerequisites
Completed
Elapsed Time: 00:00:11
If SP2 has already been run, I dont think ther will be much to gain by running it again, but it will not hurt
your way forward from here
a) blow the server away, restore AD to a point before you installed this server, and try again with an SP0 install
or (and this is what i would do)
b) establish a new baseline. List everything that has happened in order so I have some idea of where you are at. The error you got during install seems to happen when a domain has previously had a Exchange 2007 server installed in it (or attempted to be installed in it) or when upgrading from SP0 to SP1
if you select (B) then:
outline your environment again
list the steps you have done
List the steps that you have taken to resolve the issue
Can you access the Exchange 2010 management console
What else can and can't you access
you said you had tried following a few articles for a resolution but no avail, what articles, what did you try? did your commands work or did you get errors when you ran them?
did you try any of the solutions at
http://www.howexchangeworks.com/2011/03/exchange-2010-sp1-setup-error-couldn.html
eg.
Delete the existing user account in Users OU (System Mailbox{….}. Run setup.com /prepareADIt will recreate the account. Make sure that the mailbox is enabled. That's all.
Did you run setup /prepareAD or did you just run setup?
Which instructions did you follow in the end?
etc
etc
your way forward from here
a) blow the server away, restore AD to a point before you installed this server, and try again with an SP0 install
or (and this is what i would do)
b) establish a new baseline. List everything that has happened in order so I have some idea of where you are at. The error you got during install seems to happen when a domain has previously had a Exchange 2007 server installed in it (or attempted to be installed in it) or when upgrading from SP0 to SP1
if you select (B) then:
outline your environment again
list the steps you have done
List the steps that you have taken to resolve the issue
Can you access the Exchange 2010 management console
What else can and can't you access
you said you had tried following a few articles for a resolution but no avail, what articles, what did you try? did your commands work or did you get errors when you ran them?
did you try any of the solutions at
http://www.howexchangeworks.com/2011/03/exchange-2010-sp1-setup-error-couldn.html
eg.
Delete the existing user account in Users OU (System Mailbox{….}. Run setup.com /prepareADIt will recreate the account. Make sure that the mailbox is enabled. That's all.
Did you run setup /prepareAD or did you just run setup?
Which instructions did you follow in the end?
etc
etc
and take your time... no short answers
ASKER
i am just reading that article which is exactly what i did. I will follow that and try then answer the questions.
Thanks for your patience.
Thanks for your patience.
Things to check
1. ipv6 must be enabled on the server
2. Did you prepare the schema when you ran setup?
setup /prepared
setup /prepareschema
3. you are installing on serevr 2008 R2 arent you?
- see point 9 then come back to here
4. This post suggests (backup first) deleting this registry key http://forums.techarena.in/technology-internet/1370349.htm
"HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Exchang eServer\v1 4\MailboxR ole"
5. This article suggests deleting and re-creating the discovery mailbox
http://www.msdigest.net/2010/11/sp1-install-fails-with-couldnt-resolve-the-user-or-group-mydomain-localmicrosoft-exchange-security-groupsdiscovery-management/
6. This post backs up the previous
http://social.technet.microsoft.com/Forums/en/exchange2010/thread/99bcd365-9cc8-47f8-be6b-cbe1b5fe6ddb
7. Even though it is a sngle domain, did it ever have a trust? is so delete old trusts from AD domains and trusts
8. From http://msibrahim.wordpress.com/2011/01/09/exchange-sp1-install-fails-with-couldn%E2%80%99t-resolve-the-user-or-group-mydomain-localmicrosoft-exchange-security-groupsdiscovery-management/
Had exactly the same issue on a new Exchange 2010 SP1 install – I noticed when navigating to the DiscoverySearchMailbox via EMC, it did not have users assigned under security tab!
All I did was reboot the server, login to Exchange Management Console, locate the DiscoverySearchMailbox in Recipient Configuration -> Mailbox and assign Manage Full Access Permission for the Domain/Enterprise admins (and domain administrator)
Run Exchange setup again and voila, completes successfully.
9. THIS ONE looks promising (replace volcanosurfboards.com with your domain)
A) Disable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7 E09334BB85 2}”
B) Enable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7 E09334BB85 2}” -Arbitration
B) Add-MailboxPermission -Identity:"volcanosurfboar ds.com/Use rs/Discove rySearchMa ilbox {D919BA05-46A6-415f-80AD-7 E09334BB85 2}” -User:”Discovery Management” -AccessRights:”FullAccess”
1. ipv6 must be enabled on the server
2. Did you prepare the schema when you ran setup?
setup /prepared
setup /prepareschema
3. you are installing on serevr 2008 R2 arent you?
- see point 9 then come back to here
4. This post suggests (backup first) deleting this registry key http://forums.techarena.in/technology-internet/1370349.htm
"HKEY_LOCAL_MACHINE\SOFTWA
5. This article suggests deleting and re-creating the discovery mailbox
http://www.msdigest.net/2010/11/sp1-install-fails-with-couldnt-resolve-the-user-or-group-mydomain-localmicrosoft-exchange-security-groupsdiscovery-management/
6. This post backs up the previous
http://social.technet.microsoft.com/Forums/en/exchange2010/thread/99bcd365-9cc8-47f8-be6b-cbe1b5fe6ddb
7. Even though it is a sngle domain, did it ever have a trust? is so delete old trusts from AD domains and trusts
8. From http://msibrahim.wordpress.com/2011/01/09/exchange-sp1-install-fails-with-couldn%E2%80%99t-resolve-the-user-or-group-mydomain-localmicrosoft-exchange-security-groupsdiscovery-management/
Had exactly the same issue on a new Exchange 2010 SP1 install – I noticed when navigating to the DiscoverySearchMailbox via EMC, it did not have users assigned under security tab!
All I did was reboot the server, login to Exchange Management Console, locate the DiscoverySearchMailbox in Recipient Configuration -> Mailbox and assign Manage Full Access Permission for the Domain/Enterprise admins (and domain administrator)
Run Exchange setup again and voila, completes successfully.
9. THIS ONE looks promising (replace volcanosurfboards.com with your domain)
A) Disable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7
B) Enable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7
B) Add-MailboxPermission -Identity:"volcanosurfboar
ASKER
hi i am confused on point 9. add mailbox permission identity. full access. I am lost on how or where to do this?
ASKER
as in ad users i have no user discovery managemnt?
> hi i am confused on point 9. add mailbox permission identity. full access. I am lost on how or where to do this?
Exchange power shell
Exchange power shell
> as in ad users i have no user discovery managemnt?
This will cause an issue adding the user back in for permissions, as the user does no exist.
Go back to the "Things to check" post and work your way through
This will cause an issue adding the user back in for permissions, as the user does no exist.
Go back to the "Things to check" post and work your way through
sorry meant to day... go back to the "b) establish a new baseline" post and put down all the info.
ASKER
OK here we go:
1. The environment is a single domain with, exchange 2003, blackberry server, and file/printer + DB server for custom DB.
2. I installed server 2008 R2 onto the new server, added it to the domain, run the preinstall analyser tool. Discovered the BES was an issue. Added a new BES Express server to the domain, moved all users to the server. Removed BES and associated exchange components.
3.Run the analyser tool everthing passed ok.
4. run setup /preparelegacypermissions
5. run setup / prepareschema
6. run setup on exchange 2010 sp1 download, i did not run the sp0 version as the download from the MS open licence was sp1.
7.Failed with the error "Couldn't resolve the user or group "domainname/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
The trust relationship between the primary domain and the trusted domain failed.
8. The seup asked me to run the updates i did SP2 and then it failed on the Mailbox role as AdminTools not being present.
9. I followed the article did you try any of the solutions at
http://www.howexchangeworks.com/2011/03/exchange-2010-sp1-setup-error-couldn.html
eg.
Delete the existing user account in Users OU (System Mailbox{….}. Run setup.com /prepareADIt will recreate the account. Make sure that the mailbox is enabled. That's all.
10. I then run setup /prepareAD.
11. Here we are, after trying THIS ONE looks promising (replace volcanosurfboards.com with your domain)
A) Disable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7 E09334BB85 2}”
B) Enable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7 E09334BB85 2}” -Arbitration
B) Add-MailboxPermission -Identity:"volcanosurfboar ds.com/Use rs/Discove rySearchMa ilbox {D919BA05-46A6-415f-80AD-7 E09334BB85 2}” -User:”Discovery Management” -AccessRights:”FullAccess” .
1. The environment is a single domain with, exchange 2003, blackberry server, and file/printer + DB server for custom DB.
2. I installed server 2008 R2 onto the new server, added it to the domain, run the preinstall analyser tool. Discovered the BES was an issue. Added a new BES Express server to the domain, moved all users to the server. Removed BES and associated exchange components.
3.Run the analyser tool everthing passed ok.
4. run setup /preparelegacypermissions
5. run setup / prepareschema
6. run setup on exchange 2010 sp1 download, i did not run the sp0 version as the download from the MS open licence was sp1.
7.Failed with the error "Couldn't resolve the user or group "domainname/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
The trust relationship between the primary domain and the trusted domain failed.
8. The seup asked me to run the updates i did SP2 and then it failed on the Mailbox role as AdminTools not being present.
9. I followed the article did you try any of the solutions at
http://www.howexchangeworks.com/2011/03/exchange-2010-sp1-setup-error-couldn.html
eg.
Delete the existing user account in Users OU (System Mailbox{….}. Run setup.com /prepareADIt will recreate the account. Make sure that the mailbox is enabled. That's all.
10. I then run setup /prepareAD.
11. Here we are, after trying THIS ONE looks promising (replace volcanosurfboards.com with your domain)
A) Disable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7
B) Enable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7
B) Add-MailboxPermission -Identity:"volcanosurfboar
ASKER
forgot to add never been a exchange 2007 on the domain.
Woud you like me to have a look at your system. My email address is in my profile. Email me if you would like this
I can use a remote tool so you can see what I am doing at all times. and the tool will be removed afterwards.
I can use a remote tool so you can see what I am doing at all times. and the tool will be removed afterwards.
ASKER
just run this, getting my head around exchange 2010 now, first one i have worked on.
9. THIS ONE looks promising (replace volcanosurfboards.com with your domain)
A) Disable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7 E09334BB85 2}”
B) Enable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7 E09334BB85 2}” -Arbitration
B) Add-MailboxPermission -Identity:"volcanosurfboar ds.com/Use rs/Discove rySearchMa ilbox {D919BA05-46A6-415f-80AD-7 E09334BB85 2}” -User:”Discovery Management” -AccessRights:”FullAccess”
shall i try the setup again now?
9. THIS ONE looks promising (replace volcanosurfboards.com with your domain)
A) Disable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7
B) Enable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7
B) Add-MailboxPermission -Identity:"volcanosurfboar
shall i try the setup again now?
if the above succeeded from powershell - then yes
ASKER
it did i will try now. all checks out from the other list. 10 mins i will let you know.
ASKER
mailbox role has failed this time with a different error, this role must be unpacked before it can be configured
Did you re-run the setup from SP2 or SP1? if everything else in your Exchange 2010 environment is now SP2 you need to install the Mailbox roll from the SP2 setup.
ASKER
wherever you run it from it automatically launches the SP2 upgrade and thats where i ran it from. I believe the issue with the role needs to be unpacked is after deleting the registry key?
can't hurt to try. you are pretty much in uncharted waters now, googling that error does not return many results.
bed time. chat tomorrow
ASKER
cheers thanks
ASKER
hi after trying everything i think it may be time to wipe the server and start again, remove the server then follow this article.
http://www.headcrash.us/blog/2011/06/removing-an-exchange-2010-server-that-no-longer-exists/
what do you think?
http://www.headcrash.us/blog/2011/06/removing-an-exchange-2010-server-that-no-longer-exists/
what do you think?
ASKER
got it installed :-)
To get it to work i deleted the registry entry as per this article:
4. This post suggests (backup first) deleting this registry key http://forums.techarena.in/technology-internet/1370349.htm
"HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Exchang eServer\v1 4\MailboxR ole"
And then manually created the entries with the relevent registry entries from here,
http://social.technet.microsoft.com/Forums/en-US/exchangesoftwareupdate/thread/bb8459fc-2f21-4a4d-a46d-0dd02d2a8620/
the entries used where .
this server upgrade ended with success as well (according to GUI installer). But ExBPA says that the MailboxRole is configured partially.
registry shows this
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Exchang eServer\v1 4\MailboxR ole]
"ConfiguredVersion"="14.0. 639.21"
"UnpackedVersion"="14.1.21 8.15"
"Action"="BuildToBuildUpgr ade"
"Watermark"="MailboxServic eControlLa st___05b3b bd421504e0 c93fefa6d5 d1ae590"
and this action:
For this one I cleaned (as a test) following records in registry
"Action"="BuildToBuildUpgr ade"
"Watermark"="MailboxServic eControlLa st___05b3b bd421504e0 c93fefa6d5 d1ae590"
And changed ConfiguredVersion to "14.1.218.15"
i then run the upgrade which failed due to the federatedmailbox in AD\uses being enabled.
I disabled this account and the upgrade went through ok.
now back to the actually document of migrating.
To get it to work i deleted the registry entry as per this article:
4. This post suggests (backup first) deleting this registry key http://forums.techarena.in/technology-internet/1370349.htm
"HKEY_LOCAL_MACHINE\SOFTWA
And then manually created the entries with the relevent registry entries from here,
http://social.technet.microsoft.com/Forums/en-US/exchangesoftwareupdate/thread/bb8459fc-2f21-4a4d-a46d-0dd02d2a8620/
the entries used where .
this server upgrade ended with success as well (according to GUI installer). But ExBPA says that the MailboxRole is configured partially.
registry shows this
[HKEY_LOCAL_MACHINE\SOFTWA
"ConfiguredVersion"="14.0.
"UnpackedVersion"="14.1.21
"Action"="BuildToBuildUpgr
"Watermark"="MailboxServic
and this action:
For this one I cleaned (as a test) following records in registry
"Action"="BuildToBuildUpgr
"Watermark"="MailboxServic
And changed ConfiguredVersion to "14.1.218.15"
i then run the upgrade which failed due to the federatedmailbox in AD\uses being enabled.
I disabled this account and the upgrade went through ok.
now back to the actually document of migrating.
ASKER
Hi, i have just moved my mailbox which appeared to happen no issue. When i launched outlook i received a certificate error. But i am off to bed now so any suggestions appreciated.
Thanks
Thanks
Awesome work!
Certificate error is normal. I recommend buying a publicslly signed 5 domain ucc cert from godaddy. If you don't want to spend the money you can create a private cert, but then you will have to install it manually on all computers.
Your ucc cert needs to have the following names
Server.domain.local (I.e the internal name)
Server.domain.com (I.e the external name)
Autodiscover.domain.com
Andy
Certificate error is normal. I recommend buying a publicslly signed 5 domain ucc cert from godaddy. If you don't want to spend the money you can create a private cert, but then you will have to install it manually on all computers.
Your ucc cert needs to have the following names
Server.domain.local (I.e the internal name)
Server.domain.com (I.e the external name)
Autodiscover.domain.com
Andy
ASKER
cheers Andy, just off to bed so i will get one in the morning. I will be on site in about 7hrs. The only poss issue is the internal domain was built years ago with a .co.uk should that be an issue.
and the domain is different internal to external. example domainpost.co.uk internal and domain.com external where post is the previous company name. and it was shortened when they changed management.
But the domain has always had the old domain name.
and the domain is different internal to external. example domainpost.co.uk internal and domain.com external where post is the previous company name. and it was shortened when they changed management.
But the domain has always had the old domain name.
that's fine, you just match everything up.
could be
bob.mydoman.co.uk (internal)
and
paula.wonderfulland.com.au (external)
does not matter what the names are as long as DNS works and the certificate has the correect names in it
could be
bob.mydoman.co.uk (internal)
and
paula.wonderfulland.com.au
does not matter what the names are as long as DNS works and the certificate has the correect names in it
ASKER
Morning Andy,
right I have purchased the 5 ucc cert from godaddy I assume it takes a while before I can set anything up?
Just do not seem to be able to configure as yet?
right I have purchased the 5 ucc cert from godaddy I assume it takes a while before I can set anything up?
Just do not seem to be able to configure as yet?
ASKER
the ssl tool fails when i try to put the domain name in? never set a cert up in my life.
ASKER
i am assuming that because i don't seem to now be able to get to https://mail.domainname.com/exchange that there is an issue will ssl and thats why it fails on Godaddy?
This is seriously going beyond the call of duty on one question!
https://mail.domainname.com/exchange is probably port forwarded to your old server
on the new server it will be https://mail.domainname.com/owa but you have to make sure your port forwards and DNS goes correctly.
Have you created the SSL request in IIS on your serevr, submitted it to godaddy, added the additional names, and processed the response on your server? if not you need to do this.
Then change the port forward to the new server, and make sure internal DNS is all going.
I am going away for 4 days from tonight so I think it would be nice, as you have succeffully added the exchange 2010 server to the domain and your mailbox works, for you to award points.
You can then open a new question with:
"I have installed a 2010 server into my domain and moved my bailbox to it, all works well, I have bought a UCC certificate from godaddy byt I am not sure if it is configured right" or somrthing along those lines.
Been nice working with you, I reckon you have done a great job.
https://mail.domainname.com/exchange is probably port forwarded to your old server
on the new server it will be https://mail.domainname.com/owa but you have to make sure your port forwards and DNS goes correctly.
Have you created the SSL request in IIS on your serevr, submitted it to godaddy, added the additional names, and processed the response on your server? if not you need to do this.
Then change the port forward to the new server, and make sure internal DNS is all going.
I am going away for 4 days from tonight so I think it would be nice, as you have succeffully added the exchange 2010 server to the domain and your mailbox works, for you to award points.
You can then open a new question with:
"I have installed a 2010 server into my domain and moved my bailbox to it, all works well, I have bought a UCC certificate from godaddy byt I am not sure if it is configured right" or somrthing along those lines.
Been nice working with you, I reckon you have done a great job.
ASKER
All I can say is a big thank you to aoakeley, he has gone well above and beyond for a single question. There are several interesting and useful posts and points in the thread, but the original suggestion is the perfect solution. Just that I ran into issues with the actual install. I would actual award 500 points on about 10 different subsections to this question if I could!
Hi,
Thanks Mate... Was awesome to see you get through it, the rest is just minor tweaking now and an understanding of DNS, port forwarding, and certificates.
Till next time.....
Andrew
Thanks Mate... Was awesome to see you get through it, the rest is just minor tweaking now and an understanding of DNS, port forwarding, and certificates.
Till next time.....
Andrew