Solved

Migrating from Exchange Server 2003 to Exchange 2010

Posted on 2013-11-13
16
609 Views
Last Modified: 2013-11-21
Hello all - I have a series of steps that I need to go through in order to implement Exchange 2010 into our domain and am looking for your expert assistance.  First and foremost, I will describe my existing domain to give a bit of a background.  Our domain started out with a single server running SBS2003, but currently, we've grown a bit, so right now the SBS2003 server is our domain controller and is also still running Exchange 2003.  We have a new server on the network that is currently only acting as a file server, but we want IT to be our email server instead, and we want it to run Exchange 2010 as we have already purchased Exchange 2010.  In regards to licensing, initially we only had 35 Small Business Server CAL's installed on our domain (since the SBS box was the only server we had for a very long time), however, I do not believe our domain is currently actively using the SBS Cal's.  We have another server on the network that functions as a file server that is running Windows Server 2008 R2, and that particular server has 50 Server 2008 CAL's installed on it.  I believe that our domain is pretty much using those CAL's for everything, but I"m not sure how to tell what I need to install on the 'new' server that will be running Exchange.  I also have already purchased the necessary Exchange CAL's, but so far we have done nothing with the Exchange software (2010) or the associated Exchange licenses.  Can you guys help me to perform a step by step "crossover" from the old SBS2003 Exchange 2003 box to the 'new' Exchange 2010 Box?   There will not be any fancy setup nor will there be any front-end/back-end Exchange setup, we are simply moving this entire Exchange setup to the new server.   Another thing to note is that at some point in the near future, (after the Exchange migration), we will also be decommissioning the Small Business Server for good and will also be implementing a new domain controller, actually a pair of them.  There will be a physical Windows 2008 R2 server functioning as the primary domain controller, and a secondary virtual server will function as a secondary domain controller.   Any and all help is very much appreciated in advance.  Thanks, guys!
0
Comment
Question by:zagnutttt4
  • 7
  • 5
  • 4
16 Comments
 
LVL 9

Accepted Solution

by:
bill_lynch earned 450 total points
Comment Utility
Greetings,

This by all means isn't every single step involved.  Here is the document I put together in preparation for an upgrade.  The first step (prereq) is very important!  Good Luck!


Exchange Upgrade – Phase 1 (Coexistence)
1. Prereq – Make sure no one is using Outlook 2003
2. 1.  Build VM – Install Exch 2010 Typical Install (Mailbox, Hub Transport and Client Access Server Roles) – Install Exch 2010 SP3
      
3.  Install 2008R2 Exchange 2010 PreReqs:
a. Number 3 - http://technet.microsoft.com/en-US/library/bb691354(v=exchg.141)

4.   Get new certificate for External DNS (mail, autodiscover and legacy DNS names)
a. Ensure all dns records are configured to the appropriate places
External DNS
IP (external)
Ports
smtp.contoso.com - external spam filter IP

Smtp
mail.contoso.com
(Exchange 2010 external IP)
http, https, imap, pop3, secure imap, secure pop3
autodiscover.contoso.com
(Exchange 2010 external IP)
http, https
legacy.contoso.com
External IP for Exchange 2003
http, https
b. Ensure RDNS and MX are synched with public IP
5. Per the Pre-Deployment wizard, enable Link State Suppression on the Exchange 2003 server via registry – HKLM/system/CurrentControlSet/Services/RESvc/Parameters, Right click – New DWord SuppressionStateChanges= decimal 1  
6. Use Microsoft Deployment Assistance
7. Once 2010 is installed enable anonymous access on the receive connectors.
8. Enable Outlook Anywhere
9. Configure OAB and Web Services Virtual
a. EMC / Org config / Mailbox / OAB tab / properties / distribution / enable web based, enable public folder, cick move, browse, find 2010 server, OK
10. Create Send Connector on 2010 Server
11. OWA and ActiveSync – Adjust Authentication for the virtual directory to allow integrated windows authentication
a. ECM / Server Config / OWA tab / owa and as policies / owa properties / auth tab / integrated windows.
12.  Delete SMTP Connector on 2003 Server
13.  Move Mailboxes to 2010
 EMC / Recipient Config / Mailbox / Add Column for Database
New Local Move request 2k10 server
Powershell example New-Moverequest –Identity ‘tdummy@contoso.com’ –TargetDatabase “DBNAME”
e. Get-user –organizatoinalunit IT | New-Moverequest –TargetDatabase “DBname”
f. Get-moverequest
14.  Move Public Folders from 2003 to 2010
a. Create replica for day or 2
b. EMC / ORG Config / Mailbox / DB Mgmt / New PF DB / 2k10PF / browse to 2k10server – creates pfdb
c. EMC / Toolboxc / PFMC / right click properties / replication tab / replicate content to these pf databases / Add / 2k10 server pfdb / replication always run
d. Connect to server 2k10 – update hierarchy
15.  Verify Install
16.  New Certificate Request Wizard
17. To configure Outlook Anywhere – EMC / Server Config / Client Access / External host name
18. Configure OAB and Web Services Virtual
a. Configure External URL for offline Address book
i. Set-OABVirtualDirectory -Identity "CAS01\OAB (Default Web Site)" -ExternalUrl https://mail.contoso.com/OAB -RequireSSL:$true
b. Configure External URL for Exchange Web Services
i. Set-WebServicesVirtualDirectory -Identity "CAS01\EWS (Default Web Site)" -ExternalUrl https://mail.contoso.com/EWS/Exchange.asmx -BasicAuthentication:$True
c. Check to see if it works
i. Get-OABVirtualDirectory -Identity "CAS01\OAB (Default Web Site)"
ii. Get-WebServicesVirtualDirectory -Identity "CAS01\EWS (Default Web Site)"
19. Configure Virtual Directory Settings
a. Server Config / Client Access
b. Click on Each of the tabs to configure (OWA, ECP, EAS) / Properties
i. External URL
ii. Configure Exchange2003URL parameter to co-exist
iii. Set-OWAVirtualDirectory -Identity "CASServer\owa (Default Web Site)" -Exchange2003URL https://legacymail.contoso.com/exchange
20. Exchange 2003 ActiveSync Authentication
a. Download and install hotfix for Exchange 2003 – 2010 coexistance
21. Change OAB Generation Server
a. EMC / Organization Configuration / Mailbox / Offline Address Book Tab
b. Move / Move Offline Address Book / Browse / Selection 2010 Server
22. Create Sent Connector  on 2010 Server
a. EMC / ORG Config / Hub Transport / Send Connectors / New Send Connector
b. Name / Address Space * / Configure Smart Host
23. Delete Exchange 2003 SMTP Connect
a. ESM / Organization Node / Admin Groups / Routing Groups / Connector / Right click / Delete
24. EMC / Recipient Configuration / Mailbox / New Local Move Request / Select Mailbox
25. EMC / Toolbox / PF MGMT Console / Default PF / Expand System Public Folders / Click Offline Address Book or Schedule+ Free Busy / Right click PF to be replicated to Exchange 2010 click properties / Replication tab / Add / Select 2010 PF, click OK.
26. Get-ExchangeServer cmdlet to verify install was successful / Enter Product Key / Test / Test / Test
a. Move mailboxes – test; does active sync work?
b. Best practices analyzer
27. http://technet.microsoft.com/en-us/library/bb232130(v=exchg.141).aspx
a. Use that link to migrate room mailboxes to 2010 and to upgrade their auto accept to the new room mailbox type in 2010
28. Create DBs – naming convention? – 100GB recommended size for each db.  Get up to 100 with enterprise exchange
29. Active Sync – allow non-provisional devices
a. Server config / client access / exchange active sync tab / properties
30. Outlook anywhere – enable it
a. Server config / CAS / Enable OA / mail.contoso.com / NTLM_Auth
31. CAS Secruity and SSL Certs
a. Configure the certs in IIS
b. EMC / Server Config – New SSL Certificate / Assign the services SMTP and IIS to certificate
32. Double check send / receive connectors on 2010 server
a. EMC / org config / Hub Transport / Send Connectors
i. Create send connector to Baracuda / Internet / * / scoped send connector / route to smart host
b. EMC / server config / Hub Transport Receive Connectors
i. Receive connector properties / turn on anonymous access
33. Register Filterpack Ifilters
a. Registermicrosoftfilterpack.ps1
34.

Tools for troubleshooting
1.  EMC / Tool Box / Queue Viewer; Mailflow troubleshooter
2. Microsoft Best Practices Analyzer
3. EMS powershell test commands
a. Test-mailflow
b. Test-servicehealth
c. Test-mapiconnectivity
d. Test-assistanthealth
e. Get-mailboxstatistics –server
f. Get-mailboxfolderstatistics
g. Get-transportpipeline
h. Get-mailboxdatabase
*After mailboxes are moved to exchange 2010, do we worry about reconfiguring everything to the new box or create a alias dns record for 2003 pointing to the new box?
0
 
LVL 4

Expert Comment

by:FutureTechSysDOTcom
Comment Utility
The above is a fantastic and detailed summary.

I personally had to do an in-place upgrade and it was awful.  A separate box is definitely going to make your life easier.

In addition to bill's fantastic post I'd like to add to manage not only your end users' expectations, but your own as well.

I like to tell people on a project like this, assuming its done on the weekend, "When you come in Monday morning, your historical email will be there, and you will be able to send and receive emails.  You may notice some little quirks here and there, so please let me know if you notice anything out of place".

It not only helps them relax, but it is also a nice way to let them know "Hey, you may notice something different, but I'll fix it".

I also like to make sure I'm there before everyone else that morning, and that my budget for them includes 1-2 days of "handholding" where I literally just watch them open and use outlook for a few minutes, especially if they're going from Outlook 2003 to 2013 :-)

And manage your own expectations.  It's going to be a long, stressful nightmare, that will hopefully end with you waking up to a functioning server.  Don't be afraid to reach out here or elsewhere to get help.

Hope this helps.

Regards,
Chris M
0
 

Author Comment

by:zagnutttt4
Comment Utility
Guys, thank you very much for your assistance!  So far I have installed Exchange 2010 on the new server along w/ Service Pack 3.  I have not done anything yet on the 2003 box.  To move forward w/ the co-existence scenario, what is my very next step?   One thing to note is that we have never utilized SSL before - we've never even owned a certificate.
0
 
LVL 4

Expert Comment

by:FutureTechSysDOTcom
Comment Utility
I'll let Bill take the hard question :-)

The easy question is the certificate.  Or easier anyhow.  I got mine through digicert.com.

I want to say we paid around $100 for it, give or take, but yours might be cheaper; we had multiple domains and hostnames and put it on our Cisco VPN box as well.  Basically do step #16 above.  The certificate request is pretty easy.  Then you copy and paste it in at digicert or whomever you go with, and it will generate what you need.

If you make a mistake, it isn't a huge deal on that part because digicert will re-issue the cert with correct names and stuff.

My next step would be to take a backup of everybody's mailboxes, and take it off site.  As for the migration, Bill seems more knowledgeable so I'll defer to him on that.

Regards,
Chris M.
0
 

Author Comment

by:zagnutttt4
Comment Utility
Chris - thanks!  Our primary WAN link has been down for a couple of days, so today I should be able to finally move forward with the Certificate.  I have already backed up everybody's mailboxes and do have them stored offsite.
0
 

Author Comment

by:zagnutttt4
Comment Utility
Just a quick "add-on" question - Should I purchase a new SSL certificate "just" for my MX record?   Our main domain that is used for email is "externaldomain.com", with the IP of our firewall resolving to "mail.externaldomain.com" via DNS, and the MX record points incoming mail to Postini, our outside filtering service, first.
0
 

Author Comment

by:zagnutttt4
Comment Utility
Just a quick update - I am almost complete with the installation.  I'm preparing the server to send outbound email through a smarthost as we use Postini for our Outbound filtering as well.  Does anyone have any experience w/ this?  Also, when adding services to my 3rd party SSL certificate - I have added IIS, which did get ActiveSync working.  However, do I need to add SMTP?   I'm a bit confused on how the SSL certficate applies, if at all, to the outgoing smtp connector (send connector).
0
 
LVL 9

Assisted Solution

by:bill_lynch
bill_lynch earned 450 total points
Comment Utility
The first next step is hopefully you've made sure that no one is using Outlook 2003.  Everyone should be on at least 2007 version of Outlook
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 9

Expert Comment

by:bill_lynch
Comment Utility
then start at number 3 and work your way down.  An upgrade...well migration is pretty hectic.  I had to reach out to Microsoft and open two tickets myself...
0
 
LVL 9

Assisted Solution

by:bill_lynch
bill_lynch earned 450 total points
Comment Utility
look at number 4.  There are 3 different DNS records.  All of which could typically require https, i.e. a certificate.  Mail would typically be your MX record and will be where your end users log into OWA.  Autodiscover is if you want people on the Internet to be able to use OUtlook without a VPN and even create a new profile on their outlook without a VPN.  This record is a SRV (service) DNS record.  Legacy is the DNS entry for your old MX i.e. point to the 2003 OWA site..
0
 
LVL 4

Assisted Solution

by:FutureTechSysDOTcom
FutureTechSysDOTcom earned 50 total points
Comment Utility
I would look at creating SPF records for the postini stuff:

https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

https://kb.mediatemple.net/questions/658/How+can+I+create+an+SPF+record+for+my+domain%3F#gs

https://support.google.com/a/answer/33786?hl=en

http://www.spfwizard.net/

Many of us have to adjust these things over time.  A combination of proper SPF records, proper MX records, and forward and reverse DNS settings will do wonders for making sure that you don't get flagged as a spammer, and just in general make your email setup much better.
0
 

Author Comment

by:zagnutttt4
Comment Utility
Guys - thanks for all of the helpful comments so far!  So far, I have everything working correctly EXCEPT incoming email from Postini.  I have a send connector on the 2010 box and it's properly sending outbound email and the outbound email is being properly filtered, then delivered, through Postini.  I haven't decommisioned the 2003 box yet and it is still trying to receive email via the SMTP virtual server.  When I point my firewall at 2010 so that the new server "tries" to receive incoming email (also filtered through Postini), I get nothing.  I do get undeliverables eventuall stating that the email was bouncing back and forth between the two servers.  I guess my questions at this point are:

1.)  The certificate is now installed correctly on 2010 and ActiveSync and OWA work properly.  Do I need to do anything extra to "receive" on the 2010 box or simply point inbound mail towards it at port 25?

2.)  I have a few more mailboxes to move but they are high priority boxes and they are still on the 2003 box, sending as receiving as usual.  When I'm on the 2010 box, internal email works perfectly between mailboxes that are already ON the 2010 box.  Is this normal behavior?  And if so - I guess I'm still hesitant as to what my next step is concerning incoming mail (from the outside world) and what I need to do next with both servers.

3.)  My MX records point to Postini, but my mail A record (i.e. mail.externaldomain.com) point properly towards my external (WAN) IP address.   (we only have a single WAN IP Address).  

4.)  I initially thought that I had chosen to "not" coexist the two servers, until I noticed that the old (2003) server has a routing group connector pointing over to the 2010 box.  Is this normal?

5.)  Clients connecting via Outlook 2010 and 2007 (I have decommisioned all pre-2007 Outlook clients) do connect via Auto-Discovery properly to the new 2010 box, however, they get a certificate popup each and every time, even when I properly acknowledge and install the certificate on the client.

Thanks, guys, and I think I'm getting closer!!!
0
 
LVL 4

Expert Comment

by:FutureTechSysDOTcom
Comment Utility
Can you sanitize and post the bounce messages?  Did you add postini on the 2010 box as an allowed sender?
0
 
LVL 9

Expert Comment

by:bill_lynch
Comment Utility
Yes it coexists by default so that the mailboxes on 2003 can still receive email.  Although there is some manual effort needed.  I believe you need to create a routing group connector on the 2003 box to the 2010 box.  This is where I needed to call Microsoft because the coexistence for us didn't work right away and it was needed for us.  Depending on the number of mailboxes it may be more beneficial for you to just hurry up to move all mailboxes to 2010 so that coexistence isn't a barrier.  Or if it is something you need it may be worth the 250 bucks to give them a buzz...
0
 

Author Comment

by:zagnutttt4
Comment Utility
Hello FutureTechSysDOTcom...  Actually, yes, I can post one of the bounced messages.  I will do so shortly.  I did not add Postini on the 2010 box as an allowed Sender.  I will do that now after doing a little bit of research.

Bill..  Coexistence isn't really an issue for me, I would move ALL of the rest of the mailboxes over to 2010 right now if I could get the 2010 box to receive email from the outside world.  It appears that on the 2003 box, a routing connector already exists between it and the 2010 box, although I did not manually create it - I believe it was created directly during the 2010 Exchange install.  Does the mere act of having the mail directed at the SMTP port (25) on the 2003 box make the 2010 box "know" that it should not be able to receive email from the outside world?   In otherwords.. if I go on the 2003 box and delete the SMTP connector, will that force the 2010 box to begin accepting email from the outside world?
0
 

Author Comment

by:zagnutttt4
Comment Utility
Bill, also - which receive connector does the 2010 box use to grab mail by default from the outside world as it comes in?   I have 2 connectors - one is Client and one is Default.  One is listening on port 25 but the other is listening on port 587, which I think may (not sure) be part of my problem as well.  Thanks again.
0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now