Exchange migration from 2007 to 2010

I'm following this article on how to migrate from sbs08 to server 08 r2 and all ok until I come to move the mailboxes.
I thought I would just have to copy the mailbox folder from exchange 7 to the new exchange 10 but doesn't seem to be.

Can anyone help.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
The fact that it is SBS as the source doesn't mean anything is different. You are doing a standard migration of Exchange.
That basically means installing Exchange on the new server, then moving the mailboxes using the Move Mailbox wizards.
You haven't said what the actual problem is, so it isn't really possible to say much more than that. The process is documented on TechNet - just look for the Exchange 2007 to Exchange 2010/2013 migration guides.

When you say "Copy the mailbox folder" - that confuses me a bit.  Are you in Windows Explorer trying to copy the mailbox folder?  If so, that's not the way to do it.

Go into the Exchange console, right-click a mailbox and select move (For the 25,000' overview.)
Get Blueprints for Increased Customer Retention

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Gareth_PointonAuthor Commented:
Ok so there is a move feature.

Yes I was in explorer and just copied the mail box file over to the other server.

Will take a look at the suggested.

Will SzymkowskiSenior Solution ArchitectCommented:
There is much more involved than simply moving the mailboxes to the new Exchange server. You need to plan for availibility of Services for Exchange 2010 and also how you are going to provide access to mailboxes on the legacy Exchange Server (2007). You will also require new Certs for this as well. If you haven't already, I would plan out the services and also certs before you start.

Typically for your certs you will need the following...

You will also need to modify your virtual directories for OWA, EWS, EAS, etc with the URL. You can use as the URL for your Exchange 2007 services.

This is required in order for users to find there mailboxes when they still reside on the Exchange 2007 server.

Gareth_PointonAuthor Commented:

This is a new server.

I have joined it to the domain and have installed exchange 2010 on and can see the users in there.

I need to move over the mailbox storage for the users from the SBS08 to the Server 08R2 server.

I understand the need for certs and also need to know the process for this.

I have already setup the remote access for the new exchange server and can connect to that using ok but there is then an error due to not having the data store for the users.

I don't want the users to access the old server once I have the new one up as I will be changing all users email access anyway.

Ideally I would like to have this done over the weekend and ready for the Monday returning in to work.

Since it sounds like you basically know the process, my recommendation is to move one account over and test.  Things like OWA and ActiveSync won't work; what you're testing at this point is to make sure you can send and receive emails, both internal and external.

For a certificate, do you have a third-party certificate on your existing server (Such as GoDaddy or RapidSSL, etc.?)  Or are you using the built-in SBS certificate?  If you have an existing cert and it's setup correctly (Has and, you should be able to export that over to the new server.  If you're using a self-signed/SBS cert that came on the box (And you get warnings until you manually go through the process of accepting the cert), you'll want to get a new cert.  Needs to be a UCC/SAN cert, and I highly recommend GoDaddy for this.  Get as many years as you can afford so you're not renewing and spending time on this again in a year.

That should get you started.  If you don't have a lot of users (I'm assuming not being SBS - hope you're not at 72 users) and they're don't have a lot of data, then I would move one user that is currently using ActiveSync on Friday night (Or any time off-hours that you can do this) and change your firewall to point to the new server (Once you have your cert on the server.)  Once the firewall is pointing to the new server, test OWA and ActiveSync.  If those are good, start moving everyone.

Also, you should be able to "start" the move of all of the users Friday night/Sat morning, but check the box to hold the copy at the end (I don't have the verbage in front of me currently.)  This will cause Exchange to move 99% of the mailbox to the new server, but users can still work on the old server.

Once this part is done (This is what will take 99% of the time in terms of moving), you can then come back and take that hold off.  Exchange will finish moving the mailbox and any items that have come in since the copy started.  At this point, you'll do the final cutover of your firewall to the new server and the users will experience a few minutes of downtime.  Works really well.

Biggest thing I can stress is test!  Like I said, move a test account and make sure you can send/receive.  If all is good, get your cert lined up.  Then do another test off-hours by repointing the firewall to the new server.  Test OWA and ActiveSync.  If all good, change your NAT rule back to the SBS box and start the first part of the copy.  When that's done, "finish" the copy in Exchange and repoint the firewall a final time.  And you should be good.

Keep in mind, SBS must be the FSMO master on the domain.  If you're decommissioning SBS, you get 21 days (If you ran the hotfix they have for this, otherwise I think 7 days?)  IF you're keeping SBS around though and just moving Exchange off for some reason, you're fine.  

Hope that helps.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Also, here's a good guide if you need to create a new cert. . .
Gareth_PointonAuthor Commented:
Hi and Happy New Year.

I have yet got to fully setup the send and receive connectors and accepted domains on the new Exchange 2010 server but I can see the users in the Recipients Configuration/Mailbox section.

I'm not 100% sure on this process you are referring to on moving the users on a hold setting and then releasing it?

I have a deal where I can have 5 SSLs using RapidSSL but they are individual SSLs not Wildcard SSLs.

Can I install the individual SSLs on the exchange for the mail. audodiscover. and any other I need? If so how?

Will SzymkowskiSenior Solution ArchitectCommented:
You can install individual certs on your Exchange server. This create a bit more management work but it can be done. UCC/SAN is recommended method. Wildcard certs are not recommended for Exchange.

Gareth_PointonAuthor Commented:
I see now regarding the Certs. I have also seen its configured the send and receive connectors from the old server also.

I just need more clarification on this test method you are referring to on testing a user individually and then using the running migration process while people are still using the old server please.

Gareth_PointonAuthor Commented:
I have seen this example of script move for a user but not sure how to do the active monitoring move to keep it up to date.
On moving a single user, that's easy - just right-click the user, select move.  You should be able to take most of the defaults in the move wizard, and you'll see the checkbox on suspending the final piece of the move.  

Once the single user is moved, send and receive email for that user (Both internal and external domains) and see if all is well.   If it is, you're good for connectors and such.

Here's a good article on this piece.

Then off-hours, change the nat/port forward of your router for https/443 to point to the new server where the test user is.  Then make sure they can access OWA and ActiveSync (Highly recommend testing with in addition to just doing live tests of OWA and ActiveSync.)  If all is good, set nat/port forward of https/443 back.

Then all you have to do is complete the move for all the rest of your users, set your firewall back to the new server for 443 and you're set.

Obviously this is a very high overview, but if you're managing Exchange already, you should be able to fill in some of these gaps.
Gareth_PointonAuthor Commented:
So am I best doing this on the new Server (2010) or the old (2007).
Doing what?
Gareth_PointonAuthor Commented:
Also on the 2007 exchange it doesn't have a suspend option for the move.
Gareth_PointonAuthor Commented:
Using the Move wizard.
You would do the move from the 2010 box. If the suspend option isn't there or greyes out, you're not at SP2 on your 2007 box.
Gareth_PointonAuthor Commented:
OK Great thats done..  I have changed the HOST file to point mail.domain to the local 2010 server and I can see the login page. When I login it then redirects me to the remote.domain with is the current old 2007 exchange server.

Any reason and ideas?
Gareth_PointonAuthor Commented:
Also how do I know when the move is complete?
Gareth_PointonAuthor Commented:
Ignore that last one I can see in info for the move request.

Just the issue on the redirecting to the ...

Also why is the new server linking in with the old 2007 server on the Send Connectors?
Gareth_PointonAuthor Commented:
Could anyone please advise.
Gareth GudgerSolution ArchitectCommented:
Why and what HOST file are you modifying? A normal 2007 to 2010 migrations should not require HOST file modification.
Gareth_PointonAuthor Commented:

Ignore the fact that I have midified the HOST file as that was just for internal testing.

The issue I'm having on test is when changing the port on the firewall from the current 2007 over to 2010 I'm getting "530 5.7.1 Client was not authenticated" returned.

I have tested this on a test user by completing the user inport over to the 2010 server and this is not working.
Can you please help

Gareth_PointonAuthor Commented:
Please ignore that last one as i realised the Anonymouse was not ticked on the receive connector.

This the last question is:

The users on Office2003 currently point to the sbs.local on the exchange setup. If I do the move will this change the users automatically to point to the new server or will I have to change them manually?

Gareth_PointonAuthor Commented:
Oh and how do I load the autodiscover SSL on to work on the exchange server.

If you mean will Outlook see the mailbox move automatically - yes, IF the old server is still online.  If you have users that don't open Outlook and you shut the old server off, then you will need to manually update their Outlook.

Not sure I follow you re: autodiscover ssl?
Gareth_PointonAuthor Commented:
OK, So at the moment all the emails to the test email address on the new exchange server are getting delivered through the old server.

If I turn it off and point the ports to the new server will this work?

Regarding the SSL I have figured out how to get the autodiscover.domain SSL inported also.
Turn "it" off?  As in the old server?  I wouldn't do that unless you've moved everyone over to it, obviously.

As a test, you can point port 25 from your firewall to the new server and test that emails are still reaching everyone.
Gareth GudgerSolution ArchitectCommented:
Hi Gareth,

If you have autodiscover configured the clients will automatically move over. Outlook 2007 and later look for autodiscover by design. If you go to Exchange Management Console and select Server Configuration then you will see the Certificates in the right pane. In the action pane you can select Generate a New Certificate Request. This will walk you through building the CSR request and telling you whether you need a UC SAN cert or not. The same screen is used for completed the certificate request and then assigning services (most notably IIS) to the new certificate.
Gareth GudgerSolution ArchitectCommented:
Gareth_PointonAuthor Commented:
OK I have the following errors.

Just tried to connect to my test account on Outlook2003 and got the following error error.
"Unable to open your default e-mailfolder. You must connect to your Exchange Server wight he current profile before you can synchronise your folder with your offline file folder"

I have then tried connection using Outlook 2010 and its saying the SSL name does not match for
EXCHANGE.Domain.Local instead of
and then does not match

I have installed both SSLs in the exchange console for and on the server.
Gareth GudgerSolution ArchitectCommented:
Did you reuse the certificate from 2007? Or did you get it rekeyed or purchase a new one?

It is basically saying the names on your certificate do not match those that you have configured in your InternalURL and ExternalURL settings on the CAS server.

Now you could reconfigure your InternalURL and ExternalURL to match those of your certificate.
Gareth_PointonAuthor Commented:

I have new domains as used different names and didn't have one for

I have checked both internal and external URLs and they are set to and auto

I just don't know where its getting the exchange.domain.local from. Could this be from the old server?
Gareth GudgerSolution ArchitectCommented:
Is that the name of the old server?
Gareth GudgerSolution ArchitectCommented:
You used a separate SSL for autodiscover and mail?

Which certificate did you assign IIS services too?

I don't think two separate SSLs will work (maybe other experts can correct me). Personally I have either done a UC SAN certificate which has multiple names on it. Or, I use one SSL certificate and point all my InternalURLs/ExternalURLs, including autodiscover, to point to the same name. In your case
Gareth_PointonAuthor Commented:
OK yes I have two domain SSLs.

I have:

I have now deleted the old SSL and then recreated it using the wizard and changed the names to and also used the legacy server as the old name of

I am no not getting email delivered through to the new server from the old server .. ?

I'm guessing its something to do with the Legacy server?
Gareth GudgerSolution ArchitectCommented:
Cool. Did you end up purchasing a SAN certificate then?

You may need to modify the Send Connector to also include the new server.

Open EMC. Then navigate to Organization Configuration -> Hub Transport -> Send Connectors. Right click your Send Connector and select Properties. Go to the Source Server tab and click Add and add in the NEW server. Click Apply.
Gareth_PointonAuthor Commented:
OK the situation I'm now having is that the messages are getting delayed for some reason.

Before all emails for the new server were going through the old server OK as thats where to firewall port is pointing to.

Now I'm getting delivery delays from the old server.

This message has not yet been delivered. Microsoft Exchange will continue to try delivering the message on your behalf.

Delivery of this message will be attempted until 09/01/2014 07:14:40 (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London. Microsoft Exchange will notify you if the message can't be delivered by that time.

Sent by Microsoft Exchange Server 2007

Final-Recipient: rfc822;
Action: delayed
Status: 4.4.7
Diagnostic-Code: smtp;400 4.4.7 Message delayed
Will-Retry-Until: Thu, 9 Jan 2014 07:14:40 +0000
X-Display-Name: Test
Gareth_PointonAuthor Commented:
Fixed this issue.

It was due to renaming the FQDN in the receive connectors.

Just need to sort the issue on SSLs
I don't know if you can use separate certs for autodiscover and owa.  If you can, it's probably a pain to do.  Save yourself the pain and get a SAN/UCC cert from GoDaddy.  Use, and (If you're going to have users on both servers - if you're going to move them all over a single weekend, no reason to setup legacy.)
Will SzymkowskiSenior Solution ArchitectCommented:
You can use individaul certs. It is more work but if you dont have the funds for a SAN/UCC cert this is an alternative method. Wildcard certs are not supported.

Gareth_PointonAuthor Commented:

I have orders a UCC Cert now.

This doesn't resolve the issues about the new server linking to the old and not now sending or receiving emails anymore..

I gather they are sharing the same Send Connectors but have their own Receive Connectors.

At firs all the emails went through the old server and got relayed over to the test mailbox's not he new. I now have my mailbox on the new and it was working but now its not.
Gareth_PointonAuthor Commented:
Just seen this error in the log files:

Log Name:      Application
Source:        MSExchangeMailSubmission
Date:          08/01/2014 13:13:54
Event ID:      1009
Task Category: MSExchangeMailSubmission
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      EXCHANGE.apwebb.local
The Microsoft Exchange Mail Submission service is currently unable to contact any Hub Transport servers in the local Active Directory site. The servers may be too busy to accept new connections at this time.
Gareth GudgerSolution ArchitectCommented:
Confirm with these tests.

Can a user still with a mailbox on 2007 email a user on 2010?
Can  a user on 2010 email a user still on 2007?
Can users on both 2007 and 2010 send outbound internet mail successfully?
Can users on both 2007 and 2010 receive inbound mail from the internet successfully?

I have seen occasions where any number of the above tests may or may not work.
Gareth_PointonAuthor Commented:
Please see below:

Can a user still with a mailbox on 2007 email a user on 2010? - NO
Can  a user on 2010 email a user still on 2007? - NO
Can users on both 2007 and 2010 send outbound internet mail successfully? ONLY 2007
Can users on both 2007 and 2010 receive inbound mail from the internet successfully? ONLY 2007

All my email in OWA on 2010 server are going to Drafts and not sending and not receiving from anywhere.
Gareth_PointonAuthor Commented:
I have move my mailbox back to the old server and I can now get emails again so this is something related to 2010 only.
Gareth_PointonAuthor Commented:
OK the latest is the new UCC is installed and working. But the name its trying to authenticate against the SSL is Exchange.domain.local not

What do I need to change?
Gareth GudgerSolution ArchitectCommented:
Check your Internal and External URLs in Exchange Management Console. They should all point to a name on that certificate. If not, you need to reconfigure them to do so.
Gareth_PointonAuthor Commented:
Check them where as I have checked the client access settings for the OWA and thus and this is set to the right domain.

In Outlook 2010 the server is set to Exchange.domain.local and I cannot change it there. How do I push the to the Outlook client?

Gareth GudgerSolution ArchitectCommented:
The Outlook client should update with the new address automatically.

I would run the tests on Autodiscover and Outlook Anywhere on the first tab.
On your 2010 server, run these powershell commands from Exchange Shell -

Get-ClientAccessServer | fl *uri
Get-WebServicesVirtualDirectory | fl *lurl
get-OabVirtualDirectory | fl *url

Some or all of these are probably pointing to exchange.domain.local and need to be changed to  To fix these, first record the results from above for backup purposes.  Then -

Set-ClientAccessServer -Identity [Exchange Netbios] -AutodiscoverServiceInternalUri https://mail.[DOMAIN].com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "[Exchange Netbios]\EWS (Default Web Site)" -InternalUrl https://mail.[DOMAIN].com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "[Exchange Netbios]\oab (Default Web Site)" -InternalUrl https://mail.[DOMAIN].com/oab

I set ALL of these (Internal and external) to as internally should be resolving to the internet IP of your mail server anyway.  Usually this is set correctly already for the externals, so the above commands (For set-web and set-oab) are only setting the internals.  If your externals are wrong, fix those as well.

Also check in Exchange Console that things are set correctly under Server Config\Client Access and then check each of the tabs at the bottom of the screen (OWA, ECP, ActiveSync, etc.) and make sure internal and external point to (Without altering the rest of the url, such as /owa /ecp, etc.)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.