Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Migrate Exchange 2010 to Exchange 2013
Hello to all ,
I am in the middle of a migration from an Exchange 2010 installation to 2013. Both exchange are in the same domain . Also are full updated so they can support coexistance.
So i have finish the installation of Exchange 2013 and when i open the EMC console i see also exchange 2010 databases , accounts etc.
My main concern is about moving the certificates. Moving databases and mailboxes is easy.
Any ideas about the certificates ? Also when all finishes successfully is there a procedure for the removal of exchange 2010 ?
Thanks a lot
I am in the middle of a migration from an Exchange 2010 installation to 2013. Both exchange are in the same domain . Also are full updated so they can support coexistance.
So i have finish the installation of Exchange 2013 and when i open the EMC console i see also exchange 2010 databases , accounts etc.
My main concern is about moving the certificates. Moving databases and mailboxes is easy.
Any ideas about the certificates ? Also when all finishes successfully is there a procedure for the removal of exchange 2010 ?
Thanks a lot
Who is Participating?
I would recommend requesting new certificates from your provider. Create a new CSR and ask them to regenerate which, because it's the same address, shouldn't be a problem.
That's what I have done.
That's what I have done.
Since you are using same domain, normally most of certificates can be updated at no cost from your certificate provider. Certificate from Exchange 2010 to 2013 cannot be done. You need to request a new certificate for the new one.
You don't need new certificates.
Just export the old ones from Exchange 2010 and import them in to Exchange 2013. No need to go through a new CSR unless you are changing the host names.
Simon.
Just export the old ones from Exchange 2010 and import them in to Exchange 2013. No need to go through a new CSR unless you are changing the host names.
Simon.
You would only need new certificates if the certificate's Alt Subject Names include server FQDNs. Then you would need to add the new server FQDNs and that requires a new certificate.
You can export the certificate (you must include the private certificate part as well) using the Certificates MMC for the Local machine and then import them onto the new servers. Remember to import the Trusted Root CA certs as well.
You can export the certificate (you must include the private certificate part as well) using the Certificates MMC for the Local machine and then import them onto the new servers. Remember to import the Trusted Root CA certs as well.
Wouldn't it be easier to request a new cert using the CSR? I usually end up doing that it works fine for me.
Easier? In what way? It takes 30 seconds to export and then 30 seconds to import. You may have to import an intemediate and that would need to be done with a new certificate.
New certificate request - run through wizard, login to web page, go through cert request, go through authenticaiton, wait, then import (as per second stage of above).
Simon.
New certificate request - run through wizard, login to web page, go through cert request, go through authenticaiton, wait, then import (as per second stage of above).
Simon.
Thanks all for your answers !
Im a little newbie with certificates . So , i can just export them and its over? The FQDN of the exchange 2010 server is different from the fqdn of the 2013 server. Is this a problem ?
Hostname will remain the same , mail.domain.com .
Thanks
Im a little newbie with certificates . So , i can just export them and its over? The FQDN of the exchange 2010 server is different from the fqdn of the 2013 server. Is this a problem ?
Hostname will remain the same , mail.domain.com .
Thanks
Although I concede with Sembee2 about the speed of the cert import & export, if you are not quite familiar with how SSL Certs work, I would recommend regenerating the cert with your provider.
I have exported & reimported certs but you need to know how the intermediate certificate works for any SSL certificate.
I have exported & reimported certs but you need to know how the intermediate certificate works for any SSL certificate.
Yes, is the FQDN of the 2010 server included in the certificate?
The server name is used by the transport services (TLS/SSL smtp) and UM services.
The server name is used by the transport services (TLS/SSL smtp) and UM services.
Hello ,
Thanks all for your answers ,
Sembee2 ,
My migration plan for the data is big bang ;) I have about 50GB of data. It's not much so i will move the mailboxes all together at once.
I don't need to keep access to OWA , activesync and outlook anywhere. I will do the migration at low traffic hours so it's not a problem with that.
So , do you thing that best is to re-issue the certificates?
Thanks
Thanks all for your answers ,
Sembee2 ,
My migration plan for the data is big bang ;) I have about 50GB of data. It's not much so i will move the mailboxes all together at once.
I don't need to keep access to OWA , activesync and outlook anywhere. I will do the migration at low traffic hours so it's not a problem with that.
So , do you thing that best is to re-issue the certificates?
Thanks
If you are doing a big bang, then I don't see the point in reissuing the SSL certificate. Kick everyone out, move the DNS/firewall entries and then move the content.
A certificate reissue just complicates matters. If you get the certificate rekeyed then you have a 24 hour window before the old certificate stops working, you just don't need that headache as well.
Simon.
A certificate reissue just complicates matters. If you get the certificate rekeyed then you have a 24 hour window before the old certificate stops working, you just don't need that headache as well.
Simon.
Thanks simon,
I did exactly what you said yesterday and it works great.The migration finish successfully and mail flow now working from exchange 2013. My only issue know is how to decommission the old Exchange 2010. I have unmounted and delete the old database. I just now uninstall the old exchange ? Do i have to also delete the public folder database ?
Thanks
I did exactly what you said yesterday and it works great.The migration finish successfully and mail flow now working from exchange 2013. My only issue know is how to decommission the old Exchange 2010. I have unmounted and delete the old database. I just now uninstall the old exchange ? Do i have to also delete the public folder database ?
Thanks
I would delete the old public folder database before you start to remove Exchange 2010. If there is something that stops it from being dropped it will tell you.
Likewise, removing Exchange correctly using add/remove programs will tell you if there is something wrong or not.
Simon.
Likewise, removing Exchange correctly using add/remove programs will tell you if there is something wrong or not.
Simon.
Hello ,
I follow a guide to remove the public folder database and now im stuck in a way that i cant delete it . Database is dismounted , i have delete all files and logs , trying to mount the database so that will generate a new one and then delete it but i get an error
--------------------------
Microsoft Exchange Error
--------------------------
Failed to mount database 'Public Folder Database 1291603032'.
Public Folder Database 1291603032
Failed
Error:
Couldn't mount the database that you specified. Specified database: Public Folder Database 1291603032; Error code: An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Database: Public Folder Database 1291603032, Server: EXCHANGE.interworks.eu].
An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Database: Public Folder Database 1291603032, Server: xxxxxxxxxxxxxxxxxx]
An Active Manager operation failed with a transient error. Please retry the operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Server: xxxxxxxxxxxxxxxxxxxx]
An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'.
An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'.
Any way so i can force delete it ?
Thanks
I follow a guide to remove the public folder database and now im stuck in a way that i cant delete it . Database is dismounted , i have delete all files and logs , trying to mount the database so that will generate a new one and then delete it but i get an error
--------------------------
Microsoft Exchange Error
--------------------------
Failed to mount database 'Public Folder Database 1291603032'.
Public Folder Database 1291603032
Failed
Error:
Couldn't mount the database that you specified. Specified database: Public Folder Database 1291603032; Error code: An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Database: Public Folder Database 1291603032, Server: EXCHANGE.interworks.eu].
An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Database: Public Folder Database 1291603032, Server: xxxxxxxxxxxxxxxxxx]
An Active Manager operation failed with a transient error. Please retry the operation. Error: An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'. [Server: xxxxxxxxxxxxxxxxxxxx]
An error occurred while preparing to mount database 'Public Folder Database 1291603032'. Error: An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'.
An I/O error occurred while attempting to enumerate log files. Error 0x3 (The system cannot find the path specified) from Windows API 'FindFirstFile'.
Any way so i can force delete it ?
Thanks
The problem was deleting the files.
Were you unable to delete it before removing the files? Resolving that issue would probably have been best.
The only option available to you now is to remove the database using adsiedit.
http://exchangeserverpro.com/exchange-2010-remove-public-folder-database/
For anyone else reading this question - ADSIEDIT method should only be used when all other options are exhausted. Do not use it as a shortcut instead of replicating content off and doing it properly!
Simon.
Were you unable to delete it before removing the files? Resolving that issue would probably have been best.
The only option available to you now is to remove the database using adsiedit.
http://exchangeserverpro.com/exchange-2010-remove-public-folder-database/
For anyone else reading this question - ADSIEDIT method should only be used when all other options are exhausted. Do not use it as a shortcut instead of replicating content off and doing it properly!
Simon.
Hello simon ,
I have managed to delete it with the guide you send me and then i uninstall the old exchange installation ! Thanks a lot !
And now my last problem ;)
From outside everything is working perfect , autodiscovery , owa , ecp .
From inside again everything works perfect except when i open outlook i take a security alert that says that the name of the security certificate is invalid or does not match the name of the site. If i press yes to procceed everything works great and i have connectivity .
Any ideas ? The certificate in the subject alternative name don't have the internal hostname of the server. Do you thing that i must add it ?
Thanks
I have managed to delete it with the guide you send me and then i uninstall the old exchange installation ! Thanks a lot !
And now my last problem ;)
From outside everything is working perfect , autodiscovery , owa , ecp .
From inside again everything works perfect except when i open outlook i take a security alert that says that the name of the security certificate is invalid or does not match the name of the site. If i press yes to procceed everything works great and i have connectivity .
Any ideas ? The certificate in the subject alternative name don't have the internal hostname of the server. Do you thing that i must add it ?
Thanks
Have you changed all references in Exchange to match?
I presume you have a split DNS in place so that the external name resolves internally?
I don't have a version for Exchange 2013 yet, but this is the Exchange 2010 version of my article on what to change:
http://semb.ee/hostnames
They are the same names etc, just in different places.
Simon.
I presume you have a split DNS in place so that the external name resolves internally?
I don't have a version for Exchange 2013 yet, but this is the Exchange 2010 version of my article on what to change:
http://semb.ee/hostnames
They are the same names etc, just in different places.
Simon.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month10 days, 17 hours left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
SSL certificates are closely tied to the host names involved, that includes both INTERNAL and EXTERNAL.
Therefore you need to look at what you are doing very carefully as part of the overal migration. You cannot treat them as just a single step that needs to be done to move on to the next one, because if you do, you will probably break a lot of functionality.
What is your migration plan for the data? Staged or big bang? Do you need to keep access to OWA, Activesync and Outlook Anywhere throughout?
As such, both answers, using a new certificate and exporting the existing one are correct, but only in the right circumstances.
Simon.