Solved

Exchange migration from 2007 to 2010

Posted on 2013-12-30
53
275 Views
Last Modified: 2014-01-18
I'm following this article on how to migrate from sbs08 to server 08 r2 and all ok until I come to move the mailboxes.
I thought I would just have to copy the mailbox folder from exchange 7 to the new exchange 10 but doesn't seem to be.

Can anyone help.
0
Comment
Question by:Gareth_Pointon
  • 28
  • 10
  • 10
  • +2
53 Comments
 

Author Comment

by:Gareth_Pointon
ID: 39745868
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39745890
The fact that it is SBS as the source doesn't mean anything is different. You are doing a standard migration of Exchange.
That basically means installing Exchange on the new server, then moving the mailboxes using the Move Mailbox wizards.
You haven't said what the actual problem is, so it isn't really possible to say much more than that. The process is documented on TechNet - just look for the Exchange 2007 to Exchange 2010/2013 migration guides.

Simon.
0
 
LVL 9

Expert Comment

by:dipersp
ID: 39745899
When you say "Copy the mailbox folder" - that confuses me a bit.  Are you in Windows Explorer trying to copy the mailbox folder?  If so, that's not the way to do it.

Go into the Exchange console, right-click a mailbox and select move (For the 25,000' overview.)
0
 

Author Comment

by:Gareth_Pointon
ID: 39745906
Ok so there is a move feature.

Yes I was in explorer and just copied the mail box file over to the other server.

Will take a look at the suggested.

Thanks
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39746144
There is much more involved than simply moving the mailboxes to the new Exchange server. You need to plan for availibility of Services for Exchange 2010 and also how you are going to provide access to mailboxes on the legacy Exchange Server (2007). You will also require new Certs for this as well. If you haven't already, I would plan out the services and also certs before you start.

Typically for your certs you will need the following...
- autodiscover.domain.com
- mail.domain.com
- legacy.domain.com

You will also need to modify your virtual directories for OWA, EWS, EAS, etc with the mail.domain.com URL. You can use legacy.domain.com as the URL for your Exchange 2007 services.


This is required in order for users to find there mailboxes when they still reside on the Exchange 2007 server.

Will.
0
 

Author Comment

by:Gareth_Pointon
ID: 39746876
Hi,

This is a new server.

I have joined it to the domain and have installed exchange 2010 on and can see the users in there.

I need to move over the mailbox storage for the users from the SBS08 to the Server 08R2 server.

I understand the need for certs and also need to know the process for this.

I have already setup the remote access for the new exchange server and can connect to that using mail.domain.com ok but there is then an error due to not having the data store for the users.

I don't want the users to access the old server once I have the new one up as I will be changing all users email access anyway.

Ideally I would like to have this done over the weekend and ready for the Monday returning in to work.

Thanks
0
 
LVL 9

Accepted Solution

by:
dipersp earned 500 total points
ID: 39746892
Since it sounds like you basically know the process, my recommendation is to move one account over and test.  Things like OWA and ActiveSync won't work; what you're testing at this point is to make sure you can send and receive emails, both internal and external.

For a certificate, do you have a third-party certificate on your existing server (Such as GoDaddy or RapidSSL, etc.?)  Or are you using the built-in SBS certificate?  If you have an existing cert and it's setup correctly (Has mail.domain.com and autodiscover.domain.com), you should be able to export that over to the new server.  If you're using a self-signed/SBS cert that came on the box (And you get warnings until you manually go through the process of accepting the cert), you'll want to get a new cert.  Needs to be a UCC/SAN cert, and I highly recommend GoDaddy for this.  Get as many years as you can afford so you're not renewing and spending time on this again in a year.

That should get you started.  If you don't have a lot of users (I'm assuming not being SBS - hope you're not at 72 users) and they're don't have a lot of data, then I would move one user that is currently using ActiveSync on Friday night (Or any time off-hours that you can do this) and change your firewall to point to the new server (Once you have your cert on the server.)  Once the firewall is pointing to the new server, test OWA and ActiveSync.  If those are good, start moving everyone.

Also, you should be able to "start" the move of all of the users Friday night/Sat morning, but check the box to hold the copy at the end (I don't have the verbage in front of me currently.)  This will cause Exchange to move 99% of the mailbox to the new server, but users can still work on the old server.

Once this part is done (This is what will take 99% of the time in terms of moving), you can then come back and take that hold off.  Exchange will finish moving the mailbox and any items that have come in since the copy started.  At this point, you'll do the final cutover of your firewall to the new server and the users will experience a few minutes of downtime.  Works really well.

Biggest thing I can stress is test!  Like I said, move a test account and make sure you can send/receive.  If all is good, get your cert lined up.  Then do another test off-hours by repointing the firewall to the new server.  Test OWA and ActiveSync.  If all good, change your NAT rule back to the SBS box and start the first part of the copy.  When that's done, "finish" the copy in Exchange and repoint the firewall a final time.  And you should be good.

Keep in mind, SBS must be the FSMO master on the domain.  If you're decommissioning SBS, you get 21 days (If you ran the hotfix they have for this, otherwise I think 7 days?)  IF you're keeping SBS around though and just moving Exchange off for some reason, you're fine.  

Hope that helps.
0
 
LVL 9

Assisted Solution

by:dipersp
dipersp earned 500 total points
ID: 39746895
Also, here's a good guide if you need to create a new cert. . .

http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
0
 

Author Comment

by:Gareth_Pointon
ID: 39749772
Hi and Happy New Year.

I have yet got to fully setup the send and receive connectors and accepted domains on the new Exchange 2010 server but I can see the users in the Recipients Configuration/Mailbox section.

I'm not 100% sure on this process you are referring to on moving the users on a hold setting and then releasing it?

I have a deal where I can have 5 SSLs using RapidSSL but they are individual SSLs not Wildcard SSLs.

Can I install the individual SSLs on the exchange for the mail. audodiscover. and any other I need? If so how?

THanks
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39749779
You can install individual certs on your Exchange server. This create a bit more management work but it can be done. UCC/SAN is recommended method. Wildcard certs are not recommended for Exchange.

Will.
0
 

Author Comment

by:Gareth_Pointon
ID: 39749790
I see now regarding the Certs. I have also seen its configured the send and receive connectors from the old server also.

I just need more clarification on this test method you are referring to on testing a user individually and then using the running migration process while people are still using the old server please.

Thanks
0
 

Author Comment

by:Gareth_Pointon
ID: 39749803
I have seen this example of script move for a user but not sure how to do the active monitoring move to keep it up to date.
0
 
LVL 9

Assisted Solution

by:dipersp
dipersp earned 500 total points
ID: 39749830
On moving a single user, that's easy - just right-click the user, select move.  You should be able to take most of the defaults in the move wizard, and you'll see the checkbox on suspending the final piece of the move.  

Once the single user is moved, send and receive email for that user (Both internal and external domains) and see if all is well.   If it is, you're good for connectors and such.

Here's a good article on this piece.

http://exchangeserverpro.com/exchange-2010-online-mailbox-moves/

Then off-hours, change the nat/port forward of your router for https/443 to point to the new server where the test user is.  Then make sure they can access OWA and ActiveSync (Highly recommend testing with https://testconnectivity.microsoft.com/ in addition to just doing live tests of OWA and ActiveSync.)  If all is good, set nat/port forward of https/443 back.

Then all you have to do is complete the move for all the rest of your users, set your firewall back to the new server for 443 and you're set.

Obviously this is a very high overview, but if you're managing Exchange already, you should be able to fill in some of these gaps.
0
 

Author Comment

by:Gareth_Pointon
ID: 39750161
So am I best doing this on the new Server (2010) or the old (2007).
0
 
LVL 9

Expert Comment

by:dipersp
ID: 39750170
Doing what?
0
 

Author Comment

by:Gareth_Pointon
ID: 39750195
Also on the 2007 exchange it doesn't have a suspend option for the move.
0
 

Author Comment

by:Gareth_Pointon
ID: 39750215
Using the Move wizard.
0
 
LVL 9

Expert Comment

by:dipersp
ID: 39750216
You would do the move from the 2010 box. If the suspend option isn't there or greyes out, you're not at SP2 on your 2007 box.
0
 

Author Comment

by:Gareth_Pointon
ID: 39750220
OK Great thats done..  I have changed the HOST file to point mail.domain to the local 2010 server and I can see the login page. When I login it then redirects me to the remote.domain with is the current old 2007 exchange server.

Any reason and ideas?
0
 

Author Comment

by:Gareth_Pointon
ID: 39750236
Also how do I know when the move is complete?
0
 

Author Comment

by:Gareth_Pointon
ID: 39750246
Ignore that last one I can see in info for the move request.

Just the issue on the mail.domain.com redirecting to the remote.domain.com ...

Also why is the new server linking in with the old 2007 server on the Send Connectors?
0
 

Author Comment

by:Gareth_Pointon
ID: 39752383
Could anyone please advise.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39758330
Why and what HOST file are you modifying? A normal 2007 to 2010 migrations should not require HOST file modification.
0
 

Author Comment

by:Gareth_Pointon
ID: 39762072
Hi,

Ignore the fact that I have midified the HOST file as that was just for internal testing.

The issue I'm having on test is when changing the port on the firewall from the current 2007 over to 2010 I'm getting "530 5.7.1 Client was not authenticated" returned.

I have tested this on a test user by completing the user inport over to the 2010 server and this is not working.
Can you please help

Thanks
0
 

Author Comment

by:Gareth_Pointon
ID: 39762143
Please ignore that last one as i realised the Anonymouse was not ticked on the receive connector.

This the last question is:

The users on Office2003 currently point to the sbs.local on the exchange setup. If I do the move will this change the users automatically to point to the new server or will I have to change them manually?

Thanks
0
 

Author Comment

by:Gareth_Pointon
ID: 39762147
Oh and how do I load the autodiscover SSL on to work on the exchange server.

Thanks
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 9

Expert Comment

by:dipersp
ID: 39762160
If you mean will Outlook see the mailbox move automatically - yes, IF the old server is still online.  If you have users that don't open Outlook and you shut the old server off, then you will need to manually update their Outlook.

Not sure I follow you re: autodiscover ssl?
0
 

Author Comment

by:Gareth_Pointon
ID: 39762374
OK, So at the moment all the emails to the test email address on the new exchange server are getting delivered through the old server.

If I turn it off and point the ports to the new server will this work?

Regarding the SSL I have figured out how to get the autodiscover.domain SSL inported also.
0
 
LVL 9

Expert Comment

by:dipersp
ID: 39762455
Turn "it" off?  As in the old server?  I wouldn't do that unless you've moved everyone over to it, obviously.

As a test, you can point port 25 from your firewall to the new server and test that emails are still reaching everyone.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39762798
Hi Gareth,

If you have autodiscover configured the clients will automatically move over. Outlook 2007 and later look for autodiscover by design. If you go to Exchange Management Console and select Server Configuration then you will see the Certificates in the right pane. In the action pane you can select Generate a New Certificate Request. This will walk you through building the CSR request and telling you whether you need a UC SAN cert or not. The same screen is used for completed the certificate request and then assigning services (most notably IIS) to the new certificate.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39762806
.
0
 

Author Comment

by:Gareth_Pointon
ID: 39763189
OK I have the following errors.

Just tried to connect to my test account on Outlook2003 and got the following error error.
"Unable to open your default e-mailfolder. You must connect to your Exchange Server wight he current profile before you can synchronise your folder with your offline file folder"

I have then tried connection using Outlook 2010 and its saying the SSL name does not match for
EXCHANGE.Domain.Local instead of mail.domain.com
and then
autodiscover.domain.com does not match mail.domain.com.

I have installed both SSLs in the exchange console for Mail.domain.com and autodiscover.domain.com on the server.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39763284
Did you reuse the certificate from 2007? Or did you get it rekeyed or purchase a new one?

It is basically saying the names on your certificate do not match those that you have configured in your InternalURL and ExternalURL settings on the CAS server.

Now you could reconfigure your InternalURL and ExternalURL to match those of your certificate.
0
 

Author Comment

by:Gareth_Pointon
ID: 39763295
Hi,

I have new domains as used different names and didn't have one for autodiscover.domain.com

I have checked both internal and external URLs and they are set to mail.domain.com and auto discover.domain.com

I just don't know where its getting the exchange.domain.local from. Could this be from the old server?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39763299
Is that the name of the old server?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39763314
You used a separate SSL for autodiscover and mail?

Which certificate did you assign IIS services too?

I don't think two separate SSLs will work (maybe other experts can correct me). Personally I have either done a UC SAN certificate which has multiple names on it. Or, I use one SSL certificate and point all my InternalURLs/ExternalURLs, including autodiscover, to point to the same name. In your case mail.domain.com.
0
 

Author Comment

by:Gareth_Pointon
ID: 39763413
OK yes I have two domain SSLs.

I have:
mail.domain
autodiscover.domain

I have now deleted the old SSL and then recreated it using the wizard and changed the names to mail.domain.com and also used the legacy server as the old name of remote.domain.com

I am no not getting email delivered through to the new server from the old server .. ?

I'm guessing its something to do with the Legacy server?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39763735
Cool. Did you end up purchasing a SAN certificate then?

You may need to modify the Send Connector to also include the new server.

Open EMC. Then navigate to Organization Configuration -> Hub Transport -> Send Connectors. Right click your Send Connector and select Properties. Go to the Source Server tab and click Add and add in the NEW server. Click Apply.
0
 

Author Comment

by:Gareth_Pointon
ID: 39764595
OK the situation I'm now having is that the messages are getting delayed for some reason.

Before all emails for the new server were going through the old server OK as thats where to firewall port is pointing to.

Now I'm getting delivery delays from the old server.

This message has not yet been delivered. Microsoft Exchange will continue to try delivering the message on your behalf.

Delivery of this message will be attempted until 09/01/2014 07:14:40 (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London. Microsoft Exchange will notify you if the message can't be delivered by that time.

Sent by Microsoft Exchange Server 2007

Final-Recipient: rfc822;test@domain.co.uk
Action: delayed
Status: 4.4.7
Diagnostic-Code: smtp;400 4.4.7 Message delayed
Will-Retry-Until: Thu, 9 Jan 2014 07:14:40 +0000
X-Display-Name: Test
0
 

Author Comment

by:Gareth_Pointon
ID: 39764798
Fixed this issue.

It was due to renaming the FQDN in the receive connectors.

Just need to sort the issue on SSLs
0
 
LVL 9

Expert Comment

by:dipersp
ID: 39764905
I don't know if you can use separate certs for autodiscover and owa.  If you can, it's probably a pain to do.  Save yourself the pain and get a SAN/UCC cert from GoDaddy.  Use mail.domain.com, autodiscover.domain.com and legacy.domain.com (If you're going to have users on both servers - if you're going to move them all over a single weekend, no reason to setup legacy.)
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39764910
You can use individaul certs. It is more work but if you dont have the funds for a SAN/UCC cert this is an alternative method. Wildcard certs are not supported.

Will.
0
 

Author Comment

by:Gareth_Pointon
ID: 39764956
OK.

I have orders a UCC Cert now.

This doesn't resolve the issues about the new server linking to the old and not now sending or receiving emails anymore..

I gather they are sharing the same Send Connectors but have their own Receive Connectors.

At firs all the emails went through the old server and got relayed over to the test mailbox's not he new. I now have my mailbox on the new and it was working but now its not.
0
 

Author Comment

by:Gareth_Pointon
ID: 39765131
Just seen this error in the log files:

Log Name:      Application
Source:        MSExchangeMailSubmission
Date:          08/01/2014 13:13:54
Event ID:      1009
Task Category: MSExchangeMailSubmission
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      EXCHANGE.apwebb.local
Description:
The Microsoft Exchange Mail Submission service is currently unable to contact any Hub Transport servers in the local Active Directory site. The servers may be too busy to accept new connections at this time.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39765692
Confirm with these tests.

Can a user still with a mailbox on 2007 email a user on 2010?
Can  a user on 2010 email a user still on 2007?
Can users on both 2007 and 2010 send outbound internet mail successfully?
Can users on both 2007 and 2010 receive inbound mail from the internet successfully?

I have seen occasions where any number of the above tests may or may not work.
0
 

Author Comment

by:Gareth_Pointon
ID: 39765828
Please see below:

Can a user still with a mailbox on 2007 email a user on 2010? - NO
Can  a user on 2010 email a user still on 2007? - NO
Can users on both 2007 and 2010 send outbound internet mail successfully? ONLY 2007
Can users on both 2007 and 2010 receive inbound mail from the internet successfully? ONLY 2007

All my email in OWA on 2010 server are going to Drafts and not sending and not receiving from anywhere.
0
 

Author Comment

by:Gareth_Pointon
ID: 39766050
I have move my mailbox back to the old server and I can now get emails again so this is something related to 2010 only.
0
 

Author Comment

by:Gareth_Pointon
ID: 39779582
OK the latest is the new UCC is installed and working. But the name its trying to authenticate against the SSL is Exchange.domain.local not mail.domain.com.

What do I need to change?
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39779621
Check your Internal and External URLs in Exchange Management Console. They should all point to a name on that certificate. If not, you need to reconfigure them to do so.
0
 

Author Comment

by:Gareth_Pointon
ID: 39779640
Check them where as I have checked the client access settings for the OWA and thus and this is set to the right domain.

In Outlook 2010 the server is set to Exchange.domain.local and I cannot change it there. How do I push the mail.domain.com to the Outlook client?

Thanks
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39779804
The Outlook client should update with the new address automatically.

I would run the tests on Autodiscover and Outlook Anywhere on the first tab.
https://testconnectivity.microsoft.com/
0
 
LVL 9

Assisted Solution

by:dipersp
dipersp earned 500 total points
ID: 39779909
On your 2010 server, run these powershell commands from Exchange Shell -

Get-ClientAccessServer | fl *uri
Get-WebServicesVirtualDirectory | fl *lurl
get-OabVirtualDirectory | fl *url

Some or all of these are probably pointing to exchange.domain.local and need to be changed to mail.domain.com.  To fix these, first record the results from above for backup purposes.  Then -

Set-ClientAccessServer -Identity [Exchange Netbios] -AutodiscoverServiceInternalUri https://mail.[DOMAIN].com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "[Exchange Netbios]\EWS (Default Web Site)" -InternalUrl https://mail.[DOMAIN].com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "[Exchange Netbios]\oab (Default Web Site)" -InternalUrl https://mail.[DOMAIN].com/oab

I set ALL of these (Internal and external) to mail.domain.com as mail.domain.com internally should be resolving to the internet IP of your mail server anyway.  Usually this is set correctly already for the externals, so the above commands (For set-web and set-oab) are only setting the internals.  If your externals are wrong, fix those as well.

Also check in Exchange Console that things are set correctly under Server Config\Client Access and then check each of the tabs at the bottom of the screen (OWA, ECP, ActiveSync, etc.) and make sure internal and external point to mail.domain.com (Without altering the rest of the url, such as /owa /ecp, etc.)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now