Solved

Exchange 2003 to 2010 Transition questions

Posted on 2014-01-02
8
354 Views
Last Modified: 2014-01-07
Hi,

I have dove headfirst into a Exchange 2003/2010 transition. I have read some guides, dozens of blogs etc.

- Currently using Exchange 2003 SP2 (EX2003.domain.lan)
- 2003 native mode AD (running on Windows Server 2008 R2)
- 120+ users with mix of Outlook (2003 - 2010) and Entourage (2004-2008)
- A couple of RPC over HTTP users
- Lots of OWA users
- Lots of ActiveSync users (mostly Apple devices + a couple of Android devices)
- Internal domain name: domain.lan
- External domain name: domain.com.au

I have installed Exchange Server 2010 SP2 (EX2010.domain.lan) onto a new Windows Server 2008 R2 domain member server. It is installed into the same Exchange Organization.

I want to have the 2 servers exist in co-existence for a month or so until we can migrate everyone across.

The current OWA address for EX2003 is mail.domain.com.au. We have a 3rd party certificate on this server etc. All is working perfectly.

Now that I have put the 2010 server in, I have questions.

Because of the potential issue with our internal AD domain name, I have configured the CAS services OWA, ActiveSync, ECP, OAB with the external domain name, eg "ex2010.domain.com.au". My first question here is, do I need to go the legacy route? ie should I buy a SAN/UCC certificate with the common name "mail.domain.com.au" and add the SAN's of "legacy.domain.com.au" and "autodiscover.domain.com.au";
OR
can I buy a SAN/UCC certificate with the common name "ex2010.domain.com.au" and add the SAN of "autodiscover.domain.com.au".
**DISCLAIMER: I have already done the second option without realising I may need to backtrack and go the first option**

I have continued with the second option to see if I can get everything working anyway.

I have moved my own mailbox across to the new EX2010 server. It all came up OK in Outlook. Outlook correctly identified where my new mailbox was. I can send emails out to the internet and can receive internet emails. I can also send emails to other users within the Exchange organization, and I can receive them.

Outlook Web Access is working correctly without any SSL issues both internally and externally. All the DNS, firewall rules etc are setup correctly.

The MRCA tests come back clean for both ActiveSync and Autodiscover.

I do have an issue though while using Outlook. I am getting the "0x8004010f" error when trying to download the OAB. I have run the Email Auto-Configuration Test from Outlook. There doesn't appear to be any errors. It says the OAB URL for both RPC and HTTP tests is "Public Folder". Out of Office works correctly, as does the Free/Busy Schedule.

Also, from within my Outlook, there are no Public Folders, so I'm sure the 2 problems are related.

Under EMC, I have checked "Org config...Mailbox Database Properties...Client Settings" and have added the "Default Offline Address List".

What I'm failing to understand at the moment is how I should setup the Public Folder replication between EX2003 and EX2010.

And I'll ask the question again from the top, am I setting myself up for failure if I don't go the Legacy route, or this just a convenience so users don't have to learn a new OWA address and setup their phones again for activesync.

Thanks.

Steve
0
Comment
Question by:StevenAhmet
  • 4
  • 3
8 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 250 total points
Comment Utility
Answers are below...
1. Using your external URL internall and externally for OWA is completely fine. Typically if you wanted to continue to use the same URL you did for exchange 2003 as 2010 you would generate a new CSR from the exchange 2010 CAS server and add legacy.domain.com, autodiscover.domain.com and mail.domain.com. This way your end users don't have to remember a new URL once they have been moved to the new exchange server.

By you using a new URL users will need to use this new one once they have been moved over. When you add a new exchange server (new version) into your environment CAS redirects clients that are still on the old exchange to legacy.domain.com automatically.

2. As for your error message regarding OAB have you setup a distribution source server for this? You will also need to enable web distribution as well to ensure you are getting OAB info Exchange 2003 uses public folder to distribute this info. Exchange 2010 can use both methods. This setting is under EMC>Org config>Mailbox>Offline address book. Look at the properties and make sure you have Web distribution enabled.

Will.
0
 

Author Comment

by:StevenAhmet
Comment Utility
Thanks Will. In regards to the OAB, the generation server is still my old EX2003 server, hence web-based distribution is greyed out.

How do I change it to EX2010 and will this affect my users still on the Exchange 2003 server, and/or clients with Outlook 2003?

Thanks.

Steve
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
In the EMC location I specified in my first post simply create a OAB on the mailbox server and select a distribution point (CAS) server. You then set this as default OAB make sure that public folder and web distribution is enabled and this will work legacy and 2010 exchange. No issue should arise creating the OAB on exchange 2010.

Will.
0
 
LVL 7

Assisted Solution

by:dsnegi_25dec
dsnegi_25dec earned 250 total points
Comment Utility
follow below article to enable the OAB settings in exchange 2010.

http://exchangeserverpro.com/unable-to-enable-offline-address-book-for-web-distribution/

for question : Yes you need the legacy certificate also for silent redirection
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:StevenAhmet
Comment Utility
I've created a new OAB called "New Offline Address List" and set those options and made it the default. I am no longer getting that error. So as far as I can tell, that's working. The Global Address List looks intact. I haven't tested though adding a new user to AD and making sure it appears in the GAL.

Am I safe to delete the old "Default Offline Address List", or do I need to leave it for the Exchange 2003 mailbox users?

In regards to the Public Folders, I ran the two commands;

.\AddReplicaToPFRecursive.ps1 -TopPublicFolder "\" -ServerToAdd "ex2010"
.\MoveAllReplicas.ps1 -Server "ex2003" -NewServer "ex2010"

I didn't see anything for a while, but then all the Public Folders now show in my Outlook. I need to test to make sure that if I add anything for example in the Public Folders, that my Exchange 2003 users can see it and vice versa. Is there any replication that needs to be setup?

Lastly, and I forgot to mention, autodiscovery is not working externally while I'm setting up email on my iPhone (iOS7). I put in my email address and password, but it still prompts for server name, username and password. It all works after I put the details in manually, but I would like to get this working. Autodiscovery tests on MRCA website all come back OK. I've got an A record pointing to the external IP address of the EX2010 server on our external DNS server for "domain.com.au". I've got a SRV record for _autodiscovery, _tcp, port 443 etc pointing to the internal IP address on our internal DNS server for "domain.lan".

I'm not sure if I need to muck around with the basic authentication settings on the autodiscovery virtual directory in IIS. At the moment, I have "DOMAIN" as the default domain for this setting.
0
 

Author Comment

by:StevenAhmet
Comment Utility
To dsnegi_25dec;

Thanks...I saw that link. Applying that command didn't work, as the generation server was still the old Exchange 2003 server. I had to create a new address list as spec01 suggested.

And I guess the question I was asking was, if I don't use the legacy option, will everything else fail. At the moment, I'm find the answer to that question as "no".

I'm not bothered if I need let everyone know that there is a new OWA address as I migrate people across to the new server. And if I can get autodiscovery working, then I can just get people to re-setup their phones for their email for the people that need it.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
As stated in above posts you only need to have the generation server for OAB on exchange 2010. It is backward compatible as is uses public folders as well as web distribution.

And you do not need to use legacy but your users will now have to remember a new owa address when their mailbox is moved to the new exchange 2010 environment.


Will.
0
 

Author Comment

by:StevenAhmet
Comment Utility
Autodiscover wasn't working on my own account I was testing with as my SAMAccountName does not match the prefix of my email address. I created a test user where the account name and first part of email address matched, and autodiscover worked as expected.

Luckily, the above scenario is the minority for the company rather than the majority.
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now