Solved

Migrate Exchange 2010 to Exchange 2013

Posted on 2013-05-13
20
999 Views
Last Modified: 2013-05-22
Hello to all ,

I am in the middle of a migration from an Exchange 2010 installation to 2013. Both exchange are in the same domain . Also are full updated so they can support coexistance.

So i have finish the installation of Exchange 2013 and when i open the EMC console i see also exchange 2010 databases , accounts etc.

My main concern is about moving the certificates. Moving databases and mailboxes is easy.

Any ideas about the certificates ? Also when all finishes successfully is there a procedure for the removal of exchange 2010 ?


Thanks a lot
0
Comment
Question by:Anestis Psomas
  • 7
  • 7
  • 3
  • +2
20 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
Comment Utility
I would recommend requesting new certificates from your provider.  Create a new CSR and ask them to regenerate which, because it's the same address, shouldn't be a problem.

That's what I have done.
0
 
LVL 8

Expert Comment

by:teomcam
Comment Utility
Since you are using same domain, normally most of certificates can be updated at no cost from your certificate provider. Certificate from Exchange 2010 to 2013 cannot be done. You need to request a new certificate for the new one.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
You don't need new certificates.
Just export the old ones from Exchange 2010 and import them in to Exchange 2013. No need to go through a new CSR unless you are changing the host names.

Simon.
0
 
LVL 18

Expert Comment

by:Peter Hutchison
Comment Utility
You would only need new certificates if the certificate's Alt Subject Names include server FQDNs. Then you would need to add the new server FQDNs and that requires a new certificate.

You can export the certificate (you must include the private certificate part as well) using the Certificates MMC for the Local machine and then import them onto the new servers. Remember to import the Trusted Root CA certs as well.
0
 
LVL 12

Expert Comment

by:Imtiaz Hasham
Comment Utility
Wouldn't it be easier to request a new cert using the CSR?  I usually end up doing that it works fine for me.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
Easier? In what way? It takes 30 seconds to export and then 30 seconds to import. You may have to import an intemediate and that would need to be done with a new certificate.

New certificate request - run through wizard, login to web page, go through cert request, go through authenticaiton, wait, then import (as per second stage of above).

Simon.
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Thanks all for your answers !

Im a little newbie with certificates . So , i can just export them and its over? The FQDN of the exchange 2010 server is different from the fqdn of the 2013 server. Is this a problem ?

Hostname will remain the same , mail.domain.com .

Thanks
0
 
LVL 12

Expert Comment

by:Imtiaz Hasham
Comment Utility
Although I concede with Sembee2 about the speed of the cert import & export, if you are not quite familiar with how SSL Certs work, I would recommend regenerating the cert with your provider.

I have exported & reimported certs but you need to know how the intermediate certificate works for any SSL certificate.
0
 
LVL 18

Expert Comment

by:Peter Hutchison
Comment Utility
Yes, is the FQDN of the 2010 server included in the certificate?
The server name is used by the transport services (TLS/SSL smtp) and UM services.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
Need to take a step back here.
SSL certificates are closely tied to the host names involved, that includes both INTERNAL and EXTERNAL.

Therefore you need to look at what you are doing very carefully as part of the overal migration. You cannot treat them as just a single step that needs to be done to move on to the next one, because if you do, you will probably break a lot of functionality.

What is your migration plan for the data? Staged or big bang? Do you need to keep access to OWA, Activesync and Outlook Anywhere throughout?

As such, both answers, using a new certificate and exporting the existing one are correct, but only in the right circumstances.

Simon.
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 

Author Comment

by:Anestis Psomas
Comment Utility
Hello ,

Thanks all for your answers ,

Sembee2 ,

My migration plan for the data is big bang ;) I have about 50GB of data. It's not much so i will move the mailboxes all together at once.
I don't need to keep access to OWA , activesync and outlook anywhere. I will do the migration at low traffic hours so it's not a problem with that.

So , do you thing that best is to re-issue the certificates?

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
If you are doing a big bang, then I don't see the point in reissuing the SSL certificate. Kick everyone out, move the DNS/firewall entries and then move the content.
A certificate reissue just complicates matters. If you get the certificate rekeyed then you have a 24 hour window before the old certificate stops working, you just don't need that headache as well.

Simon.
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Thanks simon,

I did exactly what you said yesterday and it works great.The migration finish successfully and mail flow now working from exchange 2013.   My only issue know is how to decommission the old Exchange 2010. I have unmounted and delete the old database. I just now uninstall the old exchange ? Do i have to also delete the public folder database ?

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
I would delete the old public folder database before you start to remove Exchange 2010. If there is something that stops it from being dropped it will tell you.
Likewise, removing Exchange correctly using add/remove programs will tell you if there is something wrong or not.

Simon.
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Hello ,

I follow a guide to remove the public folder database and now im stuck in a way that i cant delete it . Database is dismounted , i have delete all files and logs , trying to mount the database so that will generate a new one and then delete it but i get an error

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
Failed to mount database 'Public Folder Database 1291603032'.

Public Folder Database 1291603032
Failed
Error:
Couldn't mount the database that you specified. Specified database: Public Folder Database 1291603032; Error code: An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Database: Public Folder Database 1291603032, Server: EXCHANGE.interworks.eu].

An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Database: Public Folder Database 1291603032, Server: xxxxxxxxxxxxxxxxxx]

An Active Manager operation failed with a transient error. Please retry the operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Server: xxxxxxxxxxxxxxxxxxxx]

An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'.

An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'.

Any way so i can force delete it ?

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
The problem was deleting the files.
Were you unable to delete it before removing the files? Resolving that issue would probably have been best.
The only option available to you now is to remove the database using adsiedit.

http://exchangeserverpro.com/exchange-2010-remove-public-folder-database/

For anyone else reading this question - ADSIEDIT method should only be used when all other options are exhausted. Do not use it as a shortcut instead of replicating content off and doing it properly!

Simon.
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Hello simon ,

I have managed to delete it with the guide you send me and then i uninstall the old exchange installation ! Thanks a lot !

And now my last problem ;)

From outside everything is working perfect , autodiscovery , owa , ecp .

From inside again everything works perfect except when i open outlook i take a security alert that says that the name of the security certificate is invalid or does not match the name of the site. If i press yes to procceed everything works great and i have connectivity .

Any ideas ? The certificate in the subject alternative name don't have the internal hostname of the server. Do you thing that i must add it ?

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
Have you changed all references in Exchange to match?
I presume you have a split DNS in place so that the external name resolves internally?

I don't have a version for Exchange 2013 yet, but this is the Exchange 2010 version of my article on what to change:
http://semb.ee/hostnames

They are the same names etc, just in different places.

Simon.
0
 

Author Comment

by:Anestis Psomas
Comment Utility
I will go by your guide and i'll let you know

Thanks again
0
 

Author Comment

by:Anestis Psomas
Comment Utility
Hello ,

Simon i follow your guide and it works perfect !! Thanks a lot for all your help , the migration to Exchange 2013 finish successfully .
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now