Exchange 2003 to Exchange 2010 - DNS required changes question

llarava
llarava used Ask the Experts™
on
Hi,

We are migrating to Exchange 2010 from Exchange 2003.

We have 2 Exchange 2003 server in an active-passive cluster and 2 OWA servers. The people that built the OWA server didn't use NLB so they are independent and they can only provide webmail service one at the time.

The Exchange 2010 configuration is:

-We have combined the CAS and HT server in 2 servers so we have created 2 CAS/HT servers named CASHT01 and CASHT02. We have also created a CASRRAY potining to CASHT01 and CASHT02 (we use a LoadBalancer Solution)

-We also have 2 Mailbox servers with a single DAG.

We use Google Postini as Spam Filer so everything so our MX records are pointing to them and once our emails gets sanitized is being forwarded to our servers.  

We don't have ISA/TMG on the current env. and we will not use it for the Exchange 2010 either.

Currently for Exchange 2003 the public DNS and firewall are configured as follows:

mail.domain.com (Inbound SMTP/25) ->  1.1.1.1 Nated to -> 172.20.200.10 (Exchange 2003 cluster VIP)

webmail.domain.com -> 1.1.1.2  Nated to -> 172.20.200.11(OWA1)

With Exchange 2010 we are planning to change the public DNS and the firewall as follows:

mail.domain.com (inbound SMTP/25) -> 1.1.1.1 Nated to -> 172.20.200.38 CASARRAY (CASHT01/02 the Hub Transport servers with the receiving/sending connectors)

webmail.domain.com -> 1.1.1.2 Nated to -> 172.20.200.38 CASARRAY (CAS server hosting the WebApp, etc..)

Finally new additions to the public DNS and the firewall are

autodiscover.domain.com - > My understanding is that this record has to point to the CAS servers in our case it will be the CASARRAY – 172.20.200.38
 
legacy.domain.com -> My understanding is that this record has to point to an Exchange 2003 front end. In our scenario we are going to have to have to use a new public IP and use a NAT to the DMZ where the OWA server is sitting at.

sync.domain.com -> Point the record to CASARRAY 172.20.200.38

Questions:

Could someone please review the changes that we are planning to do and let us know if they are correct?

Here is my background information:

http://technet.microsoft.com/en-us/library/aa998186.aspx

Thank you
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Antonio VargasMicrosoft Senior Cloud Consultant

Commented:
autodiscover.domain.com - > My understanding is that this record has to point to the CAS servers in our case it will be the CASARRAY – 172.20.200.38
note: you need one autodiscover name for each primary smtp address you have on your exchange

sync.domain.com is for activesync? yes it needs to point to the casarray
legacy.domain.com should point to the 2003 front end.

basicly everything is correct. just make sure you configure both casservers with the same externalurl for all services. also make sure you configure them with the legacyexchangeurl

configure the hub transport servers to accept anonymous connections for you to be able to receive mail from postini, and bind those receive connectors to the postini ip ranges only, and to some internal IP addresses needed (the other hub transport server, servers needing to relay mail, etc)

check those for guidance:
http://technet.microsoft.com/en-us/library/ee332348.aspx
http://technet.microsoft.com/en-us/library/dd638103.aspx

Author

Commented:
Hi GreatVargas,

Sounds great. So I can use the public IP for example 1.1.1.1 (the one used currently by OWA2003) to advertise webmail (switched the old and use the new WebApp), sync and autodiscover? Then I have a different public IP for the SMTP (mail.domain.com) for example 1.1.1.2  and finally for the legacy I will use a new public IP that will point to OWA2k3 Front End.  

Does that make sense? or do I need to use different public IPs for each one of the records?

For example:

172.20.200.38 is the CASARRAY which is CAS and HT

webmail          domain.com      1.1.1.1      172.20.200.38      WebApp
mail                domain.com      1.1.1.2      172.20.200.38      SMTP
sync               domain.com      1.1.1.1      172.20.200.38      Active Sync
legacy            domain.com      1.1.1.3      172.30.1.1             Outlook 2003 mailboxes
autodiscover domain.com      1.1.1.1       172.20.200.38      profile auto configuration
Microsoft Senior Cloud Consultant
Commented:
yes that is correct..  because all services assigned to 1.1.1.1 are using the same port (443) on the same server (CAS).. you can use the same IP. If you had for example TMG even if the server was different you can use the same IP and separate the rules by public name. But it is not the case and the bottom line is that you can use the configuration above.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial