Solved

exchange 2003/2010 coexitence Design

Posted on 2013-05-19
18
199 Views
Last Modified: 2013-06-25
I would like to get some guidelines from an expert who have practically designed  and configured coexisting exchange2003/2010, especially in areas of  DNS /OWA /Front end server, and NATting.

for instance what Public DNS records need to be at the Registrar?
What needs to be NAtted?
what needs to be configured at the CAS server, in order to the CAS server to be able to determine if the access requested is to be redirected to Front End server or to Exchange 2010 mailboxes.

I have read some articles online , but they are not really clear about that

Thank you
0
Comment
Question by:jskfan
  • 11
  • 4
  • 2
18 Comments
 
LVL 23

Assisted Solution

by:Malli Boppe
Malli Boppe earned 333 total points
ID: 39180181
You probably would already had a  webmail.domain.com pointing to exchange 2003.
You need to the following records in the public  dns. when exchange 2010 and exchange 2003 servers are in co-existance

webmail.domain.com  pointing to exchange2010 CAS
Autodiscover.domain.com pointing the exchange 2010 CAS
Legacy.domain.com pointing to exchange 2003  frontend server.

Once these records are created you need to make the NAT changes on your firewall .

You need to have 2 Public IP addresses for the above configuration to work.
Also you need a SAN certificate   with the following domain names for the exchange 2010
webmail.domain.com
Autodiscover.domain.com
exchangeservername.domain.com
0
 

Author Comment

by:jskfan
ID: 39181782
<<<webmail.domain.com  pointing to exchange2010 CAS
Autodiscover.domain.com pointing the exchange 2010 CAS
Legacy.domain.com pointing to exchange 2003  front end server.>>>

which of the records will be in both public and internal DNS?

when a user that has mailbox in 2003 tries to access it from OWA, how does he get directed to exchange 2003 instead of exchange 2010 and vice versa ? can you please describe the route process ?
0
 
LVL 23

Assisted Solution

by:Malli Boppe
Malli Boppe earned 333 total points
ID: 39182892
You need to have the above records in both internal and external DNS .
Also you need to have a SSL certificate for  legacy.domain.com



You have run the powershell commands on the Exchange 2010 for the OWA redirection to work
Below link guide about how to redirect the OWA for exchange 2003
http://msexchangetips.blogspot.com.au/2012/04/exchange-2003-migration-to-exchange.html
0
 

Author Comment

by:jskfan
ID: 39187050
The dark spot is, how does CAS server know the user trying to access the email has mailbox in Exchange2003 or Exchange 2010 ?

I guess the following are the steps, correct me where I am wrong:

- users type https://mail.domain.com  on the browser....
-external DNS will know that mail.com is an Exchange server as it has MX record
- they hit the firewall , and the NAT will translate traffic coming on port 25 to the IP address of CAS array...(Virtual IP address of multiple CAS server)
-From CAS onwards, I am not sure how it will know, if it will redirect the request to the Front end server if user has mailbox in exchange 2003 or directly to Exchange 2010 mailbox
0
 

Author Comment

by:jskfan
ID: 39187055
I guess this link explains it a bit better:

http://blogs.technet.com/b/exchange/archive/2009/12/02/3408921.aspx
0
 

Author Comment

by:jskfan
ID: 39187065
on this line:
<<<4--Since the user's mailbox is located on Exchange 2003, CAS2010 will then silently redirect the user's browser session to https://legacy.contoso.com/exchange >>>

I wonder if they mean that the request will be redirected to the external DNS again ?
0
 

Author Comment

by:jskfan
ID: 39188656
I did some reading on the link I posted above, What I understood regarding OWA was :

-when users type mail.domainname.com,then username and password.
 their request will be redirected to the Firewall,
-firewall will see that it is an SMTP traffic, it will NAT the IP to CAS server IP, the CAS will query the Active Directory for user mailbox location, if it is in Exchange 2003 then the request will be redirected to legacy.domain.com that is pointing to Front End server...
The front end server will know which of the exchange 2003 servers the user mailbox is on, and will redirect the user to that server mailbox.

Even If I am understanding it right, it is still a big loop to me.

---To me as long as CAS can query AD and determine where the user mailbox is, why should not just redirect the user request to that server mailbox as it does with users that have their mailboxes in 2010, instead of sending them back to https://legacy.domainname.com,
at least it should send them to legacy.domainname.com (Not the URL), legacy.domainname.com in internal DNS should be pointing to the IP of FE..

Any expert out there to clear up the confusion??

thanks
0
 
LVL 23

Assisted Solution

by:Malli Boppe
Malli Boppe earned 333 total points
ID: 39189467
Exchange 2010 CAS servers are not able to communicate with exchange 2003 backed servers. This is by design. So any request for exchange 2003 mailboxes would be redirected to exchange 2003 frontend server and they would send the request the relevant mailbox servers.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:jskfan
ID: 39189639
when is the record:
legacy.domainname.com in internal or external DNS comes into play ?
0
 
LVL 23

Assisted Solution

by:Malli Boppe
Malli Boppe earned 333 total points
ID: 39189642
External legacy.domainname.com  is never used unless someone wants to use the webmail directly for a exchange 2003 mailbox from internet. like htps://legacy.domainname.com /exchange

But when using mail.domain.com to access the  exchange 2003 mailbox, it always the internal legacy.domain.com that is used. But you still a SSL certifcate for  legacy.domain.com when using mail.domain.com from internet.
0
 

Author Comment

by:jskfan
ID: 39195310
I see what you are saying, but the DNS configuration needs some clarification.
for instance:

External DNS:
mail.domain.com= 72.72.72.72
Legacy.domain.com=62.62.62.62

Internal DNS:
mail.domain.com=10.10.10.10 (IP address of the CAS internet facing)
legacy.domain.com= 10.10.10.20 (IP address of Exchange 2003 Front End Server)

What you are saying is :
when user types mail.domain.com on the browser , they will hit 72.72.72.72 one of the public IP address of the firewall, the firewall will NAT it to 10.10.10.10 (IP of the CAS server), the CAS will query Active directory and determine the location of the user mailbox, if it is on exchange 2003 it will redirect the query to the legacy.domain.com host record in Internal DNS which will be resolved to 10.10.10.20, which redirects the query to exchange 2003 FE.

so the legacy.domain.com on the external DNS will never be used...which does not make sense, since Microsoft recommends that the legacy record needs to be ALSO in external DNS...

another record that I do not see the purpose of its usage  is the mail.domain.com in the internal DNS, seeing that OWA users when they type mail.domain.com, it will always hit the external DNS which redirected the request to 72.72.72.72 then will be NATted to 10.10.10.10 (CAS server) and will take the route as I described it previously....


Can you please just , explain each record on the external and internal DNS usage with respect to the OWA road map ?

Thanks
0
 

Author Comment

by:jskfan
ID: 39196543
I guess the confusion is when users (that have mailboxes in Exchange 2003)use OWA while they are inside the Network and while outside is different.

While they are outside (internet), they type mail.domain.com (72.72.72.72), they make it all the way to the CAS server and CAS will always send them back to the public IP address of https://legacy.domain.com (62.62.62.62), and they will come back to Exchange2003 FE(10.10.10.20), after getting Natted.
it sounds odd though, instead of CAS redirecting them to the internal DNS record that has the FE ip address at the first place...(Short distance)

While they are inside the Network, they type mail.domain.com, it will use the internal DNS record (10.10.10.10) and CAS will redirect them to FE(10.10.10.20).....ODD...why this time it will redirect them to FE 10.10.10.20...and not the first time when they come in from internet...


This is just my guessing...it could be totally wrong guess
0
 
LVL 41

Assisted Solution

by:Amit
Amit earned 167 total points
ID: 39199582
What is your confusion? Would you put it again here. Which area you need clarification.
0
 

Author Comment

by:jskfan
ID: 39248380
SORRY for the DELAY

The confusion is on the Legacy.domain.com record on the Public DNS...Why it is there while we have the same record in the Internal DNS ? As I described the route of the OWA access below, the Legacy.domain.com in the Public DNS will never be used....

when a user is inside the network and wants to use OWA,  they will type https://mail.domain.com, then type user name and password, they reach the CAS sever, which in turns looks for the user mailbox location, if it is in Exchange 2003 , it will redirect the request to legacy.domain.com as specified in the INTERNAL DNS record.
the legacy.domain.com record points to Front End exchange 2003 server...
Correct ??
===================================

if a user is outside the network and wants to use OWA, they will type :
https://mail.domain.com, then type user name and password, the request will be redirected to Public DNS then to the public IP of mail.domain.com, as the protocol is 25 (SMTP) the firewall will redirect the request to the internal IP address of CAS server, which in turns looks for the user mailbox location, IF IT IS IN EXCHANGE 2003, Would the request be redirected to the External IP address of Legacy.domain.com (located in the public DNS record ) OR to the Internal IP address of legacy.domain.com (located in the internal DNS record).??
If it will be redirected to the Internal DNS to resolve legacy.domain.com, it means that the external legacy.domain.com will never be used....
if it will be redirected to the external DNS  to resolve legacy.domain.com, it means that it does not make sense, while the request made it all the way to the internal network , then it should make sense to use the internal DNS to resolve the legacy.domain.com... inh stead of being redirected to the external DNS record legacy.domain.com

To my understanding the Legacy.domain.com in the public DNS, is of No Use....

please let me know if my confusion is not understood
0
 
LVL 41

Accepted Solution

by:
Amit earned 167 total points
ID: 39248396
0
 

Author Comment

by:jskfan
ID: 39248596
can you please, just paste the needed part ?
I cannot find what I was looking for
0
 

Author Closing Comment

by:jskfan
ID: 39275308
Thanks
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now