Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1052
  • Last Modified:

Migrate Exchange 2010 to Exchange 2013

Hello to all ,

I am in the middle of a migration from an Exchange 2010 installation to 2013. Both exchange are in the same domain . Also are full updated so they can support coexistance.

So i have finish the installation of Exchange 2013 and when i open the EMC console i see also exchange 2010 databases , accounts etc.

My main concern is about moving the certificates. Moving databases and mailboxes is easy.

Any ideas about the certificates ? Also when all finishes successfully is there a procedure for the removal of exchange 2010 ?


Thanks a lot
0
Anestis Psomas
Asked:
Anestis Psomas
  • 7
  • 7
  • 3
  • +2
1 Solution
 
Imtiaz HashamTechnical Director / IT ConsultantCommented:
I would recommend requesting new certificates from your provider.  Create a new CSR and ask them to regenerate which, because it's the same address, shouldn't be a problem.

That's what I have done.
0
 
teomcamCommented:
Since you are using same domain, normally most of certificates can be updated at no cost from your certificate provider. Certificate from Exchange 2010 to 2013 cannot be done. You need to request a new certificate for the new one.
0
 
Simon Butler (Sembee)ConsultantCommented:
You don't need new certificates.
Just export the old ones from Exchange 2010 and import them in to Exchange 2013. No need to go through a new CSR unless you are changing the host names.

Simon.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Peter HutchisonSenior Network Systems SpecialistCommented:
You would only need new certificates if the certificate's Alt Subject Names include server FQDNs. Then you would need to add the new server FQDNs and that requires a new certificate.

You can export the certificate (you must include the private certificate part as well) using the Certificates MMC for the Local machine and then import them onto the new servers. Remember to import the Trusted Root CA certs as well.
0
 
Imtiaz HashamTechnical Director / IT ConsultantCommented:
Wouldn't it be easier to request a new cert using the CSR?  I usually end up doing that it works fine for me.
0
 
Simon Butler (Sembee)ConsultantCommented:
Easier? In what way? It takes 30 seconds to export and then 30 seconds to import. You may have to import an intemediate and that would need to be done with a new certificate.

New certificate request - run through wizard, login to web page, go through cert request, go through authenticaiton, wait, then import (as per second stage of above).

Simon.
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Thanks all for your answers !

Im a little newbie with certificates . So , i can just export them and its over? The FQDN of the exchange 2010 server is different from the fqdn of the 2013 server. Is this a problem ?

Hostname will remain the same , mail.domain.com .

Thanks
0
 
Imtiaz HashamTechnical Director / IT ConsultantCommented:
Although I concede with Sembee2 about the speed of the cert import & export, if you are not quite familiar with how SSL Certs work, I would recommend regenerating the cert with your provider.

I have exported & reimported certs but you need to know how the intermediate certificate works for any SSL certificate.
0
 
Peter HutchisonSenior Network Systems SpecialistCommented:
Yes, is the FQDN of the 2010 server included in the certificate?
The server name is used by the transport services (TLS/SSL smtp) and UM services.
0
 
Simon Butler (Sembee)ConsultantCommented:
Need to take a step back here.
SSL certificates are closely tied to the host names involved, that includes both INTERNAL and EXTERNAL.

Therefore you need to look at what you are doing very carefully as part of the overal migration. You cannot treat them as just a single step that needs to be done to move on to the next one, because if you do, you will probably break a lot of functionality.

What is your migration plan for the data? Staged or big bang? Do you need to keep access to OWA, Activesync and Outlook Anywhere throughout?

As such, both answers, using a new certificate and exporting the existing one are correct, but only in the right circumstances.

Simon.
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Hello ,

Thanks all for your answers ,

Sembee2 ,

My migration plan for the data is big bang ;) I have about 50GB of data. It's not much so i will move the mailboxes all together at once.
I don't need to keep access to OWA , activesync and outlook anywhere. I will do the migration at low traffic hours so it's not a problem with that.

So , do you thing that best is to re-issue the certificates?

Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
If you are doing a big bang, then I don't see the point in reissuing the SSL certificate. Kick everyone out, move the DNS/firewall entries and then move the content.
A certificate reissue just complicates matters. If you get the certificate rekeyed then you have a 24 hour window before the old certificate stops working, you just don't need that headache as well.

Simon.
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Thanks simon,

I did exactly what you said yesterday and it works great.The migration finish successfully and mail flow now working from exchange 2013.   My only issue know is how to decommission the old Exchange 2010. I have unmounted and delete the old database. I just now uninstall the old exchange ? Do i have to also delete the public folder database ?

Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
I would delete the old public folder database before you start to remove Exchange 2010. If there is something that stops it from being dropped it will tell you.
Likewise, removing Exchange correctly using add/remove programs will tell you if there is something wrong or not.

Simon.
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Hello ,

I follow a guide to remove the public folder database and now im stuck in a way that i cant delete it . Database is dismounted , i have delete all files and logs , trying to mount the database so that will generate a new one and then delete it but i get an error

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
Failed to mount database 'Public Folder Database 1291603032'.

Public Folder Database 1291603032
Failed
Error:
Couldn't mount the database that you specified. Specified database: Public Folder Database 1291603032; Error code: An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Database: Public Folder Database 1291603032, Server: EXCHANGE.interworks.eu].

An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Database: Public Folder Database 1291603032, Server: xxxxxxxxxxxxxxxxxx]

An Active Manager operation failed with a transient error. Please retry the operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Server: xxxxxxxxxxxxxxxxxxxx]

An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'.

An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'.

Any way so i can force delete it ?

Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
The problem was deleting the files.
Were you unable to delete it before removing the files? Resolving that issue would probably have been best.
The only option available to you now is to remove the database using adsiedit.

http://exchangeserverpro.com/exchange-2010-remove-public-folder-database/

For anyone else reading this question - ADSIEDIT method should only be used when all other options are exhausted. Do not use it as a shortcut instead of replicating content off and doing it properly!

Simon.
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Hello simon ,

I have managed to delete it with the guide you send me and then i uninstall the old exchange installation ! Thanks a lot !

And now my last problem ;)

From outside everything is working perfect , autodiscovery , owa , ecp .

From inside again everything works perfect except when i open outlook i take a security alert that says that the name of the security certificate is invalid or does not match the name of the site. If i press yes to procceed everything works great and i have connectivity .

Any ideas ? The certificate in the subject alternative name don't have the internal hostname of the server. Do you thing that i must add it ?

Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
Have you changed all references in Exchange to match?
I presume you have a split DNS in place so that the external name resolves internally?

I don't have a version for Exchange 2013 yet, but this is the Exchange 2010 version of my article on what to change:
http://semb.ee/hostnames

They are the same names etc, just in different places.

Simon.
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
I will go by your guide and i'll let you know

Thanks again
0
 
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Hello ,

Simon i follow your guide and it works perfect !! Thanks a lot for all your help , the migration to Exchange 2013 finish successfully .
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 7
  • 7
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now