• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 261
  • Last Modified:

exchange 2003/2010 coexitence Design

I would like to get some guidelines from an expert who have practically designed  and configured coexisting exchange2003/2010, especially in areas of  DNS /OWA /Front end server, and NATting.

for instance what Public DNS records need to be at the Registrar?
What needs to be NAtted?
what needs to be configured at the CAS server, in order to the CAS server to be able to determine if the access requested is to be redirected to Front End server or to Exchange 2010 mailboxes.

I have read some articles online , but they are not really clear about that

Thank you
  • 11
  • 4
  • 2
6 Solutions
Malli BoppeCommented:
You probably would already had a  webmail.domain.com pointing to exchange 2003.
You need to the following records in the public  dns. when exchange 2010 and exchange 2003 servers are in co-existance

webmail.domain.com  pointing to exchange2010 CAS
Autodiscover.domain.com pointing the exchange 2010 CAS
Legacy.domain.com pointing to exchange 2003  frontend server.

Once these records are created you need to make the NAT changes on your firewall .

You need to have 2 Public IP addresses for the above configuration to work.
Also you need a SAN certificate   with the following domain names for the exchange 2010
jskfanAuthor Commented:
<<<webmail.domain.com  pointing to exchange2010 CAS
Autodiscover.domain.com pointing the exchange 2010 CAS
Legacy.domain.com pointing to exchange 2003  front end server.>>>

which of the records will be in both public and internal DNS?

when a user that has mailbox in 2003 tries to access it from OWA, how does he get directed to exchange 2003 instead of exchange 2010 and vice versa ? can you please describe the route process ?
Malli BoppeCommented:
You need to have the above records in both internal and external DNS .
Also you need to have a SSL certificate for  legacy.domain.com

You have run the powershell commands on the Exchange 2010 for the OWA redirection to work
Below link guide about how to redirect the OWA for exchange 2003
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

jskfanAuthor Commented:
The dark spot is, how does CAS server know the user trying to access the email has mailbox in Exchange2003 or Exchange 2010 ?

I guess the following are the steps, correct me where I am wrong:

- users type https://mail.domain.com  on the browser....
-external DNS will know that mail.com is an Exchange server as it has MX record
- they hit the firewall , and the NAT will translate traffic coming on port 25 to the IP address of CAS array...(Virtual IP address of multiple CAS server)
-From CAS onwards, I am not sure how it will know, if it will redirect the request to the Front end server if user has mailbox in exchange 2003 or directly to Exchange 2010 mailbox
jskfanAuthor Commented:
I guess this link explains it a bit better:

jskfanAuthor Commented:
on this line:
<<<4--Since the user's mailbox is located on Exchange 2003, CAS2010 will then silently redirect the user's browser session to https://legacy.contoso.com/exchange >>>

I wonder if they mean that the request will be redirected to the external DNS again ?
jskfanAuthor Commented:
I did some reading on the link I posted above, What I understood regarding OWA was :

-when users type mail.domainname.com,then username and password.
 their request will be redirected to the Firewall,
-firewall will see that it is an SMTP traffic, it will NAT the IP to CAS server IP, the CAS will query the Active Directory for user mailbox location, if it is in Exchange 2003 then the request will be redirected to legacy.domain.com that is pointing to Front End server...
The front end server will know which of the exchange 2003 servers the user mailbox is on, and will redirect the user to that server mailbox.

Even If I am understanding it right, it is still a big loop to me.

---To me as long as CAS can query AD and determine where the user mailbox is, why should not just redirect the user request to that server mailbox as it does with users that have their mailboxes in 2010, instead of sending them back to https://legacy.domainname.com,
at least it should send them to legacy.domainname.com (Not the URL), legacy.domainname.com in internal DNS should be pointing to the IP of FE..

Any expert out there to clear up the confusion??

Malli BoppeCommented:
Exchange 2010 CAS servers are not able to communicate with exchange 2003 backed servers. This is by design. So any request for exchange 2003 mailboxes would be redirected to exchange 2003 frontend server and they would send the request the relevant mailbox servers.
jskfanAuthor Commented:
when is the record:
legacy.domainname.com in internal or external DNS comes into play ?
Malli BoppeCommented:
External legacy.domainname.com  is never used unless someone wants to use the webmail directly for a exchange 2003 mailbox from internet. like htps://legacy.domainname.com /exchange

But when using mail.domain.com to access the  exchange 2003 mailbox, it always the internal legacy.domain.com that is used. But you still a SSL certifcate for  legacy.domain.com when using mail.domain.com from internet.
jskfanAuthor Commented:
I see what you are saying, but the DNS configuration needs some clarification.
for instance:

External DNS:

Internal DNS:
mail.domain.com= (IP address of the CAS internet facing)
legacy.domain.com= (IP address of Exchange 2003 Front End Server)

What you are saying is :
when user types mail.domain.com on the browser , they will hit one of the public IP address of the firewall, the firewall will NAT it to (IP of the CAS server), the CAS will query Active directory and determine the location of the user mailbox, if it is on exchange 2003 it will redirect the query to the legacy.domain.com host record in Internal DNS which will be resolved to, which redirects the query to exchange 2003 FE.

so the legacy.domain.com on the external DNS will never be used...which does not make sense, since Microsoft recommends that the legacy record needs to be ALSO in external DNS...

another record that I do not see the purpose of its usage  is the mail.domain.com in the internal DNS, seeing that OWA users when they type mail.domain.com, it will always hit the external DNS which redirected the request to then will be NATted to (CAS server) and will take the route as I described it previously....

Can you please just , explain each record on the external and internal DNS usage with respect to the OWA road map ?

jskfanAuthor Commented:
I guess the confusion is when users (that have mailboxes in Exchange 2003)use OWA while they are inside the Network and while outside is different.

While they are outside (internet), they type mail.domain.com (, they make it all the way to the CAS server and CAS will always send them back to the public IP address of https://legacy.domain.com (, and they will come back to Exchange2003 FE(, after getting Natted.
it sounds odd though, instead of CAS redirecting them to the internal DNS record that has the FE ip address at the first place...(Short distance)

While they are inside the Network, they type mail.domain.com, it will use the internal DNS record ( and CAS will redirect them to FE( this time it will redirect them to FE not the first time when they come in from internet...

This is just my guessing...it could be totally wrong guess
AmitIT ArchitectCommented:
What is your confusion? Would you put it again here. Which area you need clarification.
jskfanAuthor Commented:

The confusion is on the Legacy.domain.com record on the Public DNS...Why it is there while we have the same record in the Internal DNS ? As I described the route of the OWA access below, the Legacy.domain.com in the Public DNS will never be used....

when a user is inside the network and wants to use OWA,  they will type https://mail.domain.com, then type user name and password, they reach the CAS sever, which in turns looks for the user mailbox location, if it is in Exchange 2003 , it will redirect the request to legacy.domain.com as specified in the INTERNAL DNS record.
the legacy.domain.com record points to Front End exchange 2003 server...
Correct ??

if a user is outside the network and wants to use OWA, they will type :
https://mail.domain.com, then type user name and password, the request will be redirected to Public DNS then to the public IP of mail.domain.com, as the protocol is 25 (SMTP) the firewall will redirect the request to the internal IP address of CAS server, which in turns looks for the user mailbox location, IF IT IS IN EXCHANGE 2003, Would the request be redirected to the External IP address of Legacy.domain.com (located in the public DNS record ) OR to the Internal IP address of legacy.domain.com (located in the internal DNS record).??
If it will be redirected to the Internal DNS to resolve legacy.domain.com, it means that the external legacy.domain.com will never be used....
if it will be redirected to the external DNS  to resolve legacy.domain.com, it means that it does not make sense, while the request made it all the way to the internal network , then it should make sense to use the internal DNS to resolve the legacy.domain.com... inh stead of being redirected to the external DNS record legacy.domain.com

To my understanding the Legacy.domain.com in the public DNS, is of No Use....

please let me know if my confusion is not understood
jskfanAuthor Commented:
can you please, just paste the needed part ?
I cannot find what I was looking for
jskfanAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 11
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now