Migrating from Exchange Server 2003 to Exchange 2010
Hello all - I have a series of steps that I need to go through in order to implement Exchange 2010 into our domain and am looking for your expert assistance. First and foremost, I will describe my existing domain to give a bit of a background. Our domain started out with a single server running SBS2003, but currently, we've grown a bit, so right now the SBS2003 server is our domain controller and is also still running Exchange 2003. We have a new server on the network that is currently only acting as a file server, but we want IT to be our email server instead, and we want it to run Exchange 2010 as we have already purchased Exchange 2010. In regards to licensing, initially we only had 35 Small Business Server CAL's installed on our domain (since the SBS box was the only server we had for a very long time), however, I do not believe our domain is currently actively using the SBS Cal's. We have another server on the network that functions as a file server that is running Windows Server 2008 R2, and that particular server has 50 Server 2008 CAL's installed on it. I believe that our domain is pretty much using those CAL's for everything, but I"m not sure how to tell what I need to install on the 'new' server that will be running Exchange. I also have already purchased the necessary Exchange CAL's, but so far we have done nothing with the Exchange software (2010) or the associated Exchange licenses. Can you guys help me to perform a step by step "crossover" from the old SBS2003 Exchange 2003 box to the 'new' Exchange 2010 Box? There will not be any fancy setup nor will there be any front-end/back-end Exchange setup, we are simply moving this entire Exchange setup to the new server. Another thing to note is that at some point in the near future, (after the Exchange migration), we will also be decommissioning the Small Business Server for good and will also be implementing a new domain controller, actually a pair of them. There will be a physical Windows 2008 R2 server functioning as the primary domain controller, and a secondary virtual server will function as a secondary domain controller. Any and all help is very much appreciated in advance. Thanks, guys!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Guys, thank you very much for your assistance! So far I have installed Exchange 2010 on the new server along w/ Service Pack 3. I have not done anything yet on the 2003 box. To move forward w/ the co-existence scenario, what is my very next step? One thing to note is that we have never utilized SSL before - we've never even owned a certificate.
I'll let Bill take the hard question :-)
The easy question is the certificate. Or easier anyhow. I got mine through digicert.com.
I want to say we paid around $100 for it, give or take, but yours might be cheaper; we had multiple domains and hostnames and put it on our Cisco VPN box as well. Basically do step #16 above. The certificate request is pretty easy. Then you copy and paste it in at digicert or whomever you go with, and it will generate what you need.
If you make a mistake, it isn't a huge deal on that part because digicert will re-issue the cert with correct names and stuff.
My next step would be to take a backup of everybody's mailboxes, and take it off site. As for the migration, Bill seems more knowledgeable so I'll defer to him on that.
Regards,
Chris M.
The easy question is the certificate. Or easier anyhow. I got mine through digicert.com.
I want to say we paid around $100 for it, give or take, but yours might be cheaper; we had multiple domains and hostnames and put it on our Cisco VPN box as well. Basically do step #16 above. The certificate request is pretty easy. Then you copy and paste it in at digicert or whomever you go with, and it will generate what you need.
If you make a mistake, it isn't a huge deal on that part because digicert will re-issue the cert with correct names and stuff.
My next step would be to take a backup of everybody's mailboxes, and take it off site. As for the migration, Bill seems more knowledgeable so I'll defer to him on that.
Regards,
Chris M.
ASKER
Chris - thanks! Our primary WAN link has been down for a couple of days, so today I should be able to finally move forward with the Certificate. I have already backed up everybody's mailboxes and do have them stored offsite.
ASKER
Just a quick "add-on" question - Should I purchase a new SSL certificate "just" for my MX record? Our main domain that is used for email is "externaldomain.com", with the IP of our firewall resolving to "mail.externaldomain.com" via DNS, and the MX record points incoming mail to Postini, our outside filtering service, first.
ASKER
Just a quick update - I am almost complete with the installation. I'm preparing the server to send outbound email through a smarthost as we use Postini for our Outbound filtering as well. Does anyone have any experience w/ this? Also, when adding services to my 3rd party SSL certificate - I have added IIS, which did get ActiveSync working. However, do I need to add SMTP? I'm a bit confused on how the SSL certficate applies, if at all, to the outgoing smtp connector (send connector).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
then start at number 3 and work your way down. An upgrade...well migration is pretty hectic. I had to reach out to Microsoft and open two tickets myself...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Guys - thanks for all of the helpful comments so far! So far, I have everything working correctly EXCEPT incoming email from Postini. I have a send connector on the 2010 box and it's properly sending outbound email and the outbound email is being properly filtered, then delivered, through Postini. I haven't decommisioned the 2003 box yet and it is still trying to receive email via the SMTP virtual server. When I point my firewall at 2010 so that the new server "tries" to receive incoming email (also filtered through Postini), I get nothing. I do get undeliverables eventuall stating that the email was bouncing back and forth between the two servers. I guess my questions at this point are:
1.) The certificate is now installed correctly on 2010 and ActiveSync and OWA work properly. Do I need to do anything extra to "receive" on the 2010 box or simply point inbound mail towards it at port 25?
2.) I have a few more mailboxes to move but they are high priority boxes and they are still on the 2003 box, sending as receiving as usual. When I'm on the 2010 box, internal email works perfectly between mailboxes that are already ON the 2010 box. Is this normal behavior? And if so - I guess I'm still hesitant as to what my next step is concerning incoming mail (from the outside world) and what I need to do next with both servers.
3.) My MX records point to Postini, but my mail A record (i.e. mail.externaldomain.com) point properly towards my external (WAN) IP address. (we only have a single WAN IP Address).
4.) I initially thought that I had chosen to "not" coexist the two servers, until I noticed that the old (2003) server has a routing group connector pointing over to the 2010 box. Is this normal?
5.) Clients connecting via Outlook 2010 and 2007 (I have decommisioned all pre-2007 Outlook clients) do connect via Auto-Discovery properly to the new 2010 box, however, they get a certificate popup each and every time, even when I properly acknowledge and install the certificate on the client.
Thanks, guys, and I think I'm getting closer!!!
1.) The certificate is now installed correctly on 2010 and ActiveSync and OWA work properly. Do I need to do anything extra to "receive" on the 2010 box or simply point inbound mail towards it at port 25?
2.) I have a few more mailboxes to move but they are high priority boxes and they are still on the 2003 box, sending as receiving as usual. When I'm on the 2010 box, internal email works perfectly between mailboxes that are already ON the 2010 box. Is this normal behavior? And if so - I guess I'm still hesitant as to what my next step is concerning incoming mail (from the outside world) and what I need to do next with both servers.
3.) My MX records point to Postini, but my mail A record (i.e. mail.externaldomain.com) point properly towards my external (WAN) IP address. (we only have a single WAN IP Address).
4.) I initially thought that I had chosen to "not" coexist the two servers, until I noticed that the old (2003) server has a routing group connector pointing over to the 2010 box. Is this normal?
5.) Clients connecting via Outlook 2010 and 2007 (I have decommisioned all pre-2007 Outlook clients) do connect via Auto-Discovery properly to the new 2010 box, however, they get a certificate popup each and every time, even when I properly acknowledge and install the certificate on the client.
Thanks, guys, and I think I'm getting closer!!!
Can you sanitize and post the bounce messages? Did you add postini on the 2010 box as an allowed sender?
Yes it coexists by default so that the mailboxes on 2003 can still receive email. Although there is some manual effort needed. I believe you need to create a routing group connector on the 2003 box to the 2010 box. This is where I needed to call Microsoft because the coexistence for us didn't work right away and it was needed for us. Depending on the number of mailboxes it may be more beneficial for you to just hurry up to move all mailboxes to 2010 so that coexistence isn't a barrier. Or if it is something you need it may be worth the 250 bucks to give them a buzz...
ASKER
Hello FutureTechSysDOTcom... Actually, yes, I can post one of the bounced messages. I will do so shortly. I did not add Postini on the 2010 box as an allowed Sender. I will do that now after doing a little bit of research.
Bill.. Coexistence isn't really an issue for me, I would move ALL of the rest of the mailboxes over to 2010 right now if I could get the 2010 box to receive email from the outside world. It appears that on the 2003 box, a routing connector already exists between it and the 2010 box, although I did not manually create it - I believe it was created directly during the 2010 Exchange install. Does the mere act of having the mail directed at the SMTP port (25) on the 2003 box make the 2010 box "know" that it should not be able to receive email from the outside world? In otherwords.. if I go on the 2003 box and delete the SMTP connector, will that force the 2010 box to begin accepting email from the outside world?
Bill.. Coexistence isn't really an issue for me, I would move ALL of the rest of the mailboxes over to 2010 right now if I could get the 2010 box to receive email from the outside world. It appears that on the 2003 box, a routing connector already exists between it and the 2010 box, although I did not manually create it - I believe it was created directly during the 2010 Exchange install. Does the mere act of having the mail directed at the SMTP port (25) on the 2003 box make the 2010 box "know" that it should not be able to receive email from the outside world? In otherwords.. if I go on the 2003 box and delete the SMTP connector, will that force the 2010 box to begin accepting email from the outside world?
ASKER
Bill, also - which receive connector does the 2010 box use to grab mail by default from the outside world as it comes in? I have 2 connectors - one is Client and one is Default. One is listening on port 25 but the other is listening on port 587, which I think may (not sure) be part of my problem as well. Thanks again.
I personally had to do an in-place upgrade and it was awful. A separate box is definitely going to make your life easier.
In addition to bill's fantastic post I'd like to add to manage not only your end users' expectations, but your own as well.
I like to tell people on a project like this, assuming its done on the weekend, "When you come in Monday morning, your historical email will be there, and you will be able to send and receive emails. You may notice some little quirks here and there, so please let me know if you notice anything out of place".
It not only helps them relax, but it is also a nice way to let them know "Hey, you may notice something different, but I'll fix it".
I also like to make sure I'm there before everyone else that morning, and that my budget for them includes 1-2 days of "handholding" where I literally just watch them open and use outlook for a few minutes, especially if they're going from Outlook 2003 to 2013 :-)
And manage your own expectations. It's going to be a long, stressful nightmare, that will hopefully end with you waking up to a functioning server. Don't be afraid to reach out here or elsewhere to get help.
Hope this helps.
Regards,
Chris M