[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Exchange 2003 to 2010 Transition questions

Posted on 2014-01-02
Medium Priority
Last Modified: 2014-01-07

I have dove headfirst into a Exchange 2003/2010 transition. I have read some guides, dozens of blogs etc.

- Currently using Exchange 2003 SP2 (EX2003.domain.lan)
- 2003 native mode AD (running on Windows Server 2008 R2)
- 120+ users with mix of Outlook (2003 - 2010) and Entourage (2004-2008)
- A couple of RPC over HTTP users
- Lots of OWA users
- Lots of ActiveSync users (mostly Apple devices + a couple of Android devices)
- Internal domain name: domain.lan
- External domain name: domain.com.au

I have installed Exchange Server 2010 SP2 (EX2010.domain.lan) onto a new Windows Server 2008 R2 domain member server. It is installed into the same Exchange Organization.

I want to have the 2 servers exist in co-existence for a month or so until we can migrate everyone across.

The current OWA address for EX2003 is mail.domain.com.au. We have a 3rd party certificate on this server etc. All is working perfectly.

Now that I have put the 2010 server in, I have questions.

Because of the potential issue with our internal AD domain name, I have configured the CAS services OWA, ActiveSync, ECP, OAB with the external domain name, eg "ex2010.domain.com.au". My first question here is, do I need to go the legacy route? ie should I buy a SAN/UCC certificate with the common name "mail.domain.com.au" and add the SAN's of "legacy.domain.com.au" and "autodiscover.domain.com.au";
can I buy a SAN/UCC certificate with the common name "ex2010.domain.com.au" and add the SAN of "autodiscover.domain.com.au".
**DISCLAIMER: I have already done the second option without realising I may need to backtrack and go the first option**

I have continued with the second option to see if I can get everything working anyway.

I have moved my own mailbox across to the new EX2010 server. It all came up OK in Outlook. Outlook correctly identified where my new mailbox was. I can send emails out to the internet and can receive internet emails. I can also send emails to other users within the Exchange organization, and I can receive them.

Outlook Web Access is working correctly without any SSL issues both internally and externally. All the DNS, firewall rules etc are setup correctly.

The MRCA tests come back clean for both ActiveSync and Autodiscover.

I do have an issue though while using Outlook. I am getting the "0x8004010f" error when trying to download the OAB. I have run the Email Auto-Configuration Test from Outlook. There doesn't appear to be any errors. It says the OAB URL for both RPC and HTTP tests is "Public Folder". Out of Office works correctly, as does the Free/Busy Schedule.

Also, from within my Outlook, there are no Public Folders, so I'm sure the 2 problems are related.

Under EMC, I have checked "Org config...Mailbox Database Properties...Client Settings" and have added the "Default Offline Address List".

What I'm failing to understand at the moment is how I should setup the Public Folder replication between EX2003 and EX2010.

And I'll ask the question again from the top, am I setting myself up for failure if I don't go the Legacy route, or this just a convenience so users don't have to learn a new OWA address and setup their phones again for activesync.


Question by:StevenAhmet
  • 4
  • 3
LVL 53

Accepted Solution

Will Szymkowski earned 750 total points
ID: 39752861
Answers are below...
1. Using your external URL internall and externally for OWA is completely fine. Typically if you wanted to continue to use the same URL you did for exchange 2003 as 2010 you would generate a new CSR from the exchange 2010 CAS server and add legacy.domain.com, autodiscover.domain.com and mail.domain.com. This way your end users don't have to remember a new URL once they have been moved to the new exchange server.

By you using a new URL users will need to use this new one once they have been moved over. When you add a new exchange server (new version) into your environment CAS redirects clients that are still on the old exchange to legacy.domain.com automatically.

2. As for your error message regarding OAB have you setup a distribution source server for this? You will also need to enable web distribution as well to ensure you are getting OAB info Exchange 2003 uses public folder to distribute this info. Exchange 2010 can use both methods. This setting is under EMC>Org config>Mailbox>Offline address book. Look at the properties and make sure you have Web distribution enabled.


Author Comment

ID: 39752881
Thanks Will. In regards to the OAB, the generation server is still my old EX2003 server, hence web-based distribution is greyed out.

How do I change it to EX2010 and will this affect my users still on the Exchange 2003 server, and/or clients with Outlook 2003?


LVL 53

Expert Comment

by:Will Szymkowski
ID: 39752886
In the EMC location I specified in my first post simply create a OAB on the mailbox server and select a distribution point (CAS) server. You then set this as default OAB make sure that public folder and web distribution is enabled and this will work legacy and 2010 exchange. No issue should arise creating the OAB on exchange 2010.

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Assisted Solution

dsnegi_25dec earned 750 total points
ID: 39752993
follow below article to enable the OAB settings in exchange 2010.


for question : Yes you need the legacy certificate also for silent redirection

Author Comment

ID: 39752998
I've created a new OAB called "New Offline Address List" and set those options and made it the default. I am no longer getting that error. So as far as I can tell, that's working. The Global Address List looks intact. I haven't tested though adding a new user to AD and making sure it appears in the GAL.

Am I safe to delete the old "Default Offline Address List", or do I need to leave it for the Exchange 2003 mailbox users?

In regards to the Public Folders, I ran the two commands;

.\AddReplicaToPFRecursive.ps1 -TopPublicFolder "\" -ServerToAdd "ex2010"
.\MoveAllReplicas.ps1 -Server "ex2003" -NewServer "ex2010"

I didn't see anything for a while, but then all the Public Folders now show in my Outlook. I need to test to make sure that if I add anything for example in the Public Folders, that my Exchange 2003 users can see it and vice versa. Is there any replication that needs to be setup?

Lastly, and I forgot to mention, autodiscovery is not working externally while I'm setting up email on my iPhone (iOS7). I put in my email address and password, but it still prompts for server name, username and password. It all works after I put the details in manually, but I would like to get this working. Autodiscovery tests on MRCA website all come back OK. I've got an A record pointing to the external IP address of the EX2010 server on our external DNS server for "domain.com.au". I've got a SRV record for _autodiscovery, _tcp, port 443 etc pointing to the internal IP address on our internal DNS server for "domain.lan".

I'm not sure if I need to muck around with the basic authentication settings on the autodiscovery virtual directory in IIS. At the moment, I have "DOMAIN" as the default domain for this setting.

Author Comment

ID: 39753011
To dsnegi_25dec;

Thanks...I saw that link. Applying that command didn't work, as the generation server was still the old Exchange 2003 server. I had to create a new address list as spec01 suggested.

And I guess the question I was asking was, if I don't use the legacy option, will everything else fail. At the moment, I'm find the answer to that question as "no".

I'm not bothered if I need let everyone know that there is a new OWA address as I migrate people across to the new server. And if I can get autodiscovery working, then I can just get people to re-setup their phones for their email for the people that need it.
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39753474
As stated in above posts you only need to have the generation server for OAB on exchange 2010. It is backward compatible as is uses public folders as well as web distribution.

And you do not need to use legacy but your users will now have to remember a new owa address when their mailbox is moved to the new exchange 2010 environment.


Author Comment

ID: 39756569
Autodiscover wasn't working on my own account I was testing with as my SAMAccountName does not match the prefix of my email address. I created a test user where the account name and first part of email address matched, and autodiscover worked as expected.

Luckily, the above scenario is the minority for the company rather than the majority.

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question