Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Migrate Exchange 2010 to Exchange 2013

Posted on 2013-05-13
20
Medium Priority
?
1,050 Views
Last Modified: 2013-05-22
Hello to all ,

I am in the middle of a migration from an Exchange 2010 installation to 2013. Both exchange are in the same domain . Also are full updated so they can support coexistance.

So i have finish the installation of Exchange 2013 and when i open the EMC console i see also exchange 2010 databases , accounts etc.

My main concern is about moving the certificates. Moving databases and mailboxes is easy.

Any ideas about the certificates ? Also when all finishes successfully is there a procedure for the removal of exchange 2010 ?


Thanks a lot
0
Comment
Question by:Anestis Psomas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
  • 3
  • +2
20 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 39160729
I would recommend requesting new certificates from your provider.  Create a new CSR and ask them to regenerate which, because it's the same address, shouldn't be a problem.

That's what I have done.
0
 
LVL 8

Expert Comment

by:teomcam
ID: 39160824
Since you are using same domain, normally most of certificates can be updated at no cost from your certificate provider. Certificate from Exchange 2010 to 2013 cannot be done. You need to request a new certificate for the new one.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39160933
You don't need new certificates.
Just export the old ones from Exchange 2010 and import them in to Exchange 2013. No need to go through a new CSR unless you are changing the host names.

Simon.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 20

Expert Comment

by:Peter Hutchison
ID: 39161215
You would only need new certificates if the certificate's Alt Subject Names include server FQDNs. Then you would need to add the new server FQDNs and that requires a new certificate.

You can export the certificate (you must include the private certificate part as well) using the Certificates MMC for the Local machine and then import them onto the new servers. Remember to import the Trusted Root CA certs as well.
0
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 39161221
Wouldn't it be easier to request a new cert using the CSR?  I usually end up doing that it works fine for me.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39161240
Easier? In what way? It takes 30 seconds to export and then 30 seconds to import. You may have to import an intemediate and that would need to be done with a new certificate.

New certificate request - run through wizard, login to web page, go through cert request, go through authenticaiton, wait, then import (as per second stage of above).

Simon.
0
 

Author Comment

by:Anestis Psomas
ID: 39161341
Thanks all for your answers !

Im a little newbie with certificates . So , i can just export them and its over? The FQDN of the exchange 2010 server is different from the fqdn of the 2013 server. Is this a problem ?

Hostname will remain the same , mail.domain.com .

Thanks
0
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 39161352
Although I concede with Sembee2 about the speed of the cert import & export, if you are not quite familiar with how SSL Certs work, I would recommend regenerating the cert with your provider.

I have exported & reimported certs but you need to know how the intermediate certificate works for any SSL certificate.
0
 
LVL 20

Expert Comment

by:Peter Hutchison
ID: 39161360
Yes, is the FQDN of the 2010 server included in the certificate?
The server name is used by the transport services (TLS/SSL smtp) and UM services.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39161461
Need to take a step back here.
SSL certificates are closely tied to the host names involved, that includes both INTERNAL and EXTERNAL.

Therefore you need to look at what you are doing very carefully as part of the overal migration. You cannot treat them as just a single step that needs to be done to move on to the next one, because if you do, you will probably break a lot of functionality.

What is your migration plan for the data? Staged or big bang? Do you need to keep access to OWA, Activesync and Outlook Anywhere throughout?

As such, both answers, using a new certificate and exporting the existing one are correct, but only in the right circumstances.

Simon.
0
 

Author Comment

by:Anestis Psomas
ID: 39167199
Hello ,

Thanks all for your answers ,

Sembee2 ,

My migration plan for the data is big bang ;) I have about 50GB of data. It's not much so i will move the mailboxes all together at once.
I don't need to keep access to OWA , activesync and outlook anywhere. I will do the migration at low traffic hours so it's not a problem with that.

So , do you thing that best is to re-issue the certificates?

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39174600
If you are doing a big bang, then I don't see the point in reissuing the SSL certificate. Kick everyone out, move the DNS/firewall entries and then move the content.
A certificate reissue just complicates matters. If you get the certificate rekeyed then you have a 24 hour window before the old certificate stops working, you just don't need that headache as well.

Simon.
0
 

Author Comment

by:Anestis Psomas
ID: 39177200
Thanks simon,

I did exactly what you said yesterday and it works great.The migration finish successfully and mail flow now working from exchange 2013.   My only issue know is how to decommission the old Exchange 2010. I have unmounted and delete the old database. I just now uninstall the old exchange ? Do i have to also delete the public folder database ?

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39178387
I would delete the old public folder database before you start to remove Exchange 2010. If there is something that stops it from being dropped it will tell you.
Likewise, removing Exchange correctly using add/remove programs will tell you if there is something wrong or not.

Simon.
0
 

Author Comment

by:Anestis Psomas
ID: 39180193
Hello ,

I follow a guide to remove the public folder database and now im stuck in a way that i cant delete it . Database is dismounted , i have delete all files and logs , trying to mount the database so that will generate a new one and then delete it but i get an error

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
Failed to mount database 'Public Folder Database 1291603032'.

Public Folder Database 1291603032
Failed
Error:
Couldn't mount the database that you specified. Specified database: Public Folder Database 1291603032; Error code: An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Database: Public Folder Database 1291603032, Server: EXCHANGE.interworks.eu].

An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Database: Public Folder Database 1291603032, Server: xxxxxxxxxxxxxxxxxx]

An Active Manager operation failed with a transient error. Please retry the operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Server: xxxxxxxxxxxxxxxxxxxx]

An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'.

An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'.

Any way so i can force delete it ?

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39180282
The problem was deleting the files.
Were you unable to delete it before removing the files? Resolving that issue would probably have been best.
The only option available to you now is to remove the database using adsiedit.

http://exchangeserverpro.com/exchange-2010-remove-public-folder-database/

For anyone else reading this question - ADSIEDIT method should only be used when all other options are exhausted. Do not use it as a shortcut instead of replicating content off and doing it properly!

Simon.
0
 

Author Comment

by:Anestis Psomas
ID: 39181257
Hello simon ,

I have managed to delete it with the guide you send me and then i uninstall the old exchange installation ! Thanks a lot !

And now my last problem ;)

From outside everything is working perfect , autodiscovery , owa , ecp .

From inside again everything works perfect except when i open outlook i take a security alert that says that the name of the security certificate is invalid or does not match the name of the site. If i press yes to procceed everything works great and i have connectivity .

Any ideas ? The certificate in the subject alternative name don't have the internal hostname of the server. Do you thing that i must add it ?

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39181595
Have you changed all references in Exchange to match?
I presume you have a split DNS in place so that the external name resolves internally?

I don't have a version for Exchange 2013 yet, but this is the Exchange 2010 version of my article on what to change:
http://semb.ee/hostnames

They are the same names etc, just in different places.

Simon.
0
 

Author Comment

by:Anestis Psomas
ID: 39181917
I will go by your guide and i'll let you know

Thanks again
0
 

Author Comment

by:Anestis Psomas
ID: 39186732
Hello ,

Simon i follow your guide and it works perfect !! Thanks a lot for all your help , the migration to Exchange 2013 finish successfully .
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question