Exchange 2003 to 2010 Transition questions


I have dove headfirst into a Exchange 2003/2010 transition. I have read some guides, dozens of blogs etc.

- Currently using Exchange 2003 SP2 (EX2003.domain.lan)
- 2003 native mode AD (running on Windows Server 2008 R2)
- 120+ users with mix of Outlook (2003 - 2010) and Entourage (2004-2008)
- A couple of RPC over HTTP users
- Lots of OWA users
- Lots of ActiveSync users (mostly Apple devices + a couple of Android devices)
- Internal domain name: domain.lan
- External domain name:

I have installed Exchange Server 2010 SP2 (EX2010.domain.lan) onto a new Windows Server 2008 R2 domain member server. It is installed into the same Exchange Organization.

I want to have the 2 servers exist in co-existence for a month or so until we can migrate everyone across.

The current OWA address for EX2003 is We have a 3rd party certificate on this server etc. All is working perfectly.

Now that I have put the 2010 server in, I have questions.

Because of the potential issue with our internal AD domain name, I have configured the CAS services OWA, ActiveSync, ECP, OAB with the external domain name, eg "". My first question here is, do I need to go the legacy route? ie should I buy a SAN/UCC certificate with the common name "" and add the SAN's of "" and "";
can I buy a SAN/UCC certificate with the common name "" and add the SAN of "".
**DISCLAIMER: I have already done the second option without realising I may need to backtrack and go the first option**

I have continued with the second option to see if I can get everything working anyway.

I have moved my own mailbox across to the new EX2010 server. It all came up OK in Outlook. Outlook correctly identified where my new mailbox was. I can send emails out to the internet and can receive internet emails. I can also send emails to other users within the Exchange organization, and I can receive them.

Outlook Web Access is working correctly without any SSL issues both internally and externally. All the DNS, firewall rules etc are setup correctly.

The MRCA tests come back clean for both ActiveSync and Autodiscover.

I do have an issue though while using Outlook. I am getting the "0x8004010f" error when trying to download the OAB. I have run the Email Auto-Configuration Test from Outlook. There doesn't appear to be any errors. It says the OAB URL for both RPC and HTTP tests is "Public Folder". Out of Office works correctly, as does the Free/Busy Schedule.

Also, from within my Outlook, there are no Public Folders, so I'm sure the 2 problems are related.

Under EMC, I have checked "Org config...Mailbox Database Properties...Client Settings" and have added the "Default Offline Address List".

What I'm failing to understand at the moment is how I should setup the Public Folder replication between EX2003 and EX2010.

And I'll ask the question again from the top, am I setting myself up for failure if I don't go the Legacy route, or this just a convenience so users don't have to learn a new OWA address and setup their phones again for activesync.


Who is Participating?
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
Answers are below...
1. Using your external URL internall and externally for OWA is completely fine. Typically if you wanted to continue to use the same URL you did for exchange 2003 as 2010 you would generate a new CSR from the exchange 2010 CAS server and add, and This way your end users don't have to remember a new URL once they have been moved to the new exchange server.

By you using a new URL users will need to use this new one once they have been moved over. When you add a new exchange server (new version) into your environment CAS redirects clients that are still on the old exchange to automatically.

2. As for your error message regarding OAB have you setup a distribution source server for this? You will also need to enable web distribution as well to ensure you are getting OAB info Exchange 2003 uses public folder to distribute this info. Exchange 2010 can use both methods. This setting is under EMC>Org config>Mailbox>Offline address book. Look at the properties and make sure you have Web distribution enabled.

StevenAhmetAuthor Commented:
Thanks Will. In regards to the OAB, the generation server is still my old EX2003 server, hence web-based distribution is greyed out.

How do I change it to EX2010 and will this affect my users still on the Exchange 2003 server, and/or clients with Outlook 2003?


Will SzymkowskiSenior Solution ArchitectCommented:
In the EMC location I specified in my first post simply create a OAB on the mailbox server and select a distribution point (CAS) server. You then set this as default OAB make sure that public folder and web distribution is enabled and this will work legacy and 2010 exchange. No issue should arise creating the OAB on exchange 2010.

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

dsnegi_25decConnect With a Mentor Commented:
follow below article to enable the OAB settings in exchange 2010.

for question : Yes you need the legacy certificate also for silent redirection
StevenAhmetAuthor Commented:
I've created a new OAB called "New Offline Address List" and set those options and made it the default. I am no longer getting that error. So as far as I can tell, that's working. The Global Address List looks intact. I haven't tested though adding a new user to AD and making sure it appears in the GAL.

Am I safe to delete the old "Default Offline Address List", or do I need to leave it for the Exchange 2003 mailbox users?

In regards to the Public Folders, I ran the two commands;

.\AddReplicaToPFRecursive.ps1 -TopPublicFolder "\" -ServerToAdd "ex2010"
.\MoveAllReplicas.ps1 -Server "ex2003" -NewServer "ex2010"

I didn't see anything for a while, but then all the Public Folders now show in my Outlook. I need to test to make sure that if I add anything for example in the Public Folders, that my Exchange 2003 users can see it and vice versa. Is there any replication that needs to be setup?

Lastly, and I forgot to mention, autodiscovery is not working externally while I'm setting up email on my iPhone (iOS7). I put in my email address and password, but it still prompts for server name, username and password. It all works after I put the details in manually, but I would like to get this working. Autodiscovery tests on MRCA website all come back OK. I've got an A record pointing to the external IP address of the EX2010 server on our external DNS server for "". I've got a SRV record for _autodiscovery, _tcp, port 443 etc pointing to the internal IP address on our internal DNS server for "domain.lan".

I'm not sure if I need to muck around with the basic authentication settings on the autodiscovery virtual directory in IIS. At the moment, I have "DOMAIN" as the default domain for this setting.
StevenAhmetAuthor Commented:
To dsnegi_25dec;

Thanks...I saw that link. Applying that command didn't work, as the generation server was still the old Exchange 2003 server. I had to create a new address list as spec01 suggested.

And I guess the question I was asking was, if I don't use the legacy option, will everything else fail. At the moment, I'm find the answer to that question as "no".

I'm not bothered if I need let everyone know that there is a new OWA address as I migrate people across to the new server. And if I can get autodiscovery working, then I can just get people to re-setup their phones for their email for the people that need it.
Will SzymkowskiSenior Solution ArchitectCommented:
As stated in above posts you only need to have the generation server for OAB on exchange 2010. It is backward compatible as is uses public folders as well as web distribution.

And you do not need to use legacy but your users will now have to remember a new owa address when their mailbox is moved to the new exchange 2010 environment.

StevenAhmetAuthor Commented:
Autodiscover wasn't working on my own account I was testing with as my SAMAccountName does not match the prefix of my email address. I created a test user where the account name and first part of email address matched, and autodiscover worked as expected.

Luckily, the above scenario is the minority for the company rather than the majority.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.