Exchange migration 2003 to 2010 next step

Hello everyone,

I am currently in the process of migrating exchange 2003 to 2010. my Exchange 2010 environment consists of 2 Exchange servers with all roles installed.

I have one DAG with 2 mailbox servers and 5 databases copied over the two mailbox servers.

I have migrated one Mailbox from the legacy server to the new server and it worked fine. I created send and receiver connector and it seems that incoming and outgoing emails are working.

I would like to know what's the next step that I can do now?

A friend of mine said that I have to update all the DNS records to Exchange 2010 and Exchange will handle the redirection of OWA site. but what about the CAS request for those who are still on Exchange 2003? would Exchange also redirect them too?

and what  about Moving the OAB ? if I moved it would it affect the legacy mailbox users?
What about Upgrading Email Address Policies and Address lists ? would that affect anyone too?

Any notes to take on Moving Public Folders from Exchange? do I do them in a specific time?

Do I need to remove the Recipient Update Services after migrating all the users?

I would appreciate any comments.

Thanks a lot
LVL 24
Mohammed HamadaSenior IT ConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Answers are below...

1. redirection takes place on the Exchange 2010 cas array (or single cas if that's all your using). When users use OWA that have a mailbox on Exchange 2010 they will be presented with the exchange 2010 login page. If the mailbox still resides on the Exchange 2003 server they will be redirected to the old server. You need to make sure that your certificates are correct on your Exchange 2010 cas server. You need to make sure that you have the following names in your SAN cert...
You will then need to import the cert into your exchange 2010 and 2003 cas/front end servers. You will then need to change the virtual directories on Exchange 2010 to the original URL which are present on Exchange 2003 and then change your virtual directories on exchange 2003 with the When user use OWA they will be redirected depending on where their mailbox is located.

2.OAB will need to be create on the CAS server and generation server will be on a Exchange 2010 mailbox server. this is required as new Outlook clients use EWS (exchange web services) to retrieve mailbox free/busy info. This is backward compatible with Exchange 2003. You need to make sure that your are using public folder distribution and Web Services distribution.

3. For public folders you will need to move replica's you Exchange 2010 servers and then when you have moved all replica's you can then remove them from Exchange 2003. Once this is completed you will be able to move the public folder hierarchy to Exchange 2010 server.

4.In order to update email address policies and address lists you will need to convert them from ldap to opath and this is backward compatible with Exchange 2003 when it is still in the environment.

5. Recipient Update Service should not be removed until all of the mailboxes have been migrated. Once they are moved to exchange 2010 it is safe to remove the RUS as Exchange 2003 only uses this service.

Update email address policy -

Public Folder Migrate -


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simon Butler (Sembee)ConsultantCommented:
Are you following any of the migration guides?
I suspect not, because they answer your questions - everything is documented on TechNet.

For Exchange 2003 and 2010 coexistence you need a second URL for the Exchange 2003 server. This is called a legacy URL. All traffic goes to Exchange 2010, then it is redirected.

I would start here:

As for public folders, replicate those to Exchange 2010 (So they are on both servers). Move the mailboxes, then use the Move All Replicas command to remove them from Exchange 2003.

Everything else should be done after the mailboxes have been moved.

Have you configured a CAS Array? If not, do so now.

Mohammed HamadaSenior IT ConsultantAuthor Commented:
Hello Guys, thanks for your reply,

I have configured the redirection for the OWA and it worked perfectly. I replicated Public folder using the powershell script and it replicated also fine.

Now i'm moving couple of mailboxes to see what would happen. and then I will move them all at once.

I would like to know do I move the OAB after moving all the mailboxes? and regarding the Mailbox public policy .? When does it come as well?

Get Blueprints for Increased Customer Retention

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Will SzymkowskiSenior Solution ArchitectCommented:
Once you have your CAS and a Mailbox server up and running I would create the new OAB generation point. This will work with both 2003 mailboxes and also 2010. You need to make sure that you have enabled OAB for Public Folders and Web Services distribution.

Refere to answer # 2 i have posted in my previous comment.

Mohammed HamadaSenior IT ConsultantAuthor Commented:
Hi Will,
I'm sorry I haven't had enough time to play with the OAB as I got stuck with client's requirements.

They want to use the new OWA without /owa, so instead of writing they want to write and get automatically directed to https and owa. and if there's an e-mail siding on the Exch 2003 it will redirect to the legacy FQDN.

I tried using the IIS to do so but to no avail. do I switch off the https and turn off the SSL bindings ? the redirection on the owa page doesn't seem to work if i simply redirect it to nor

The second thing is publishing the Exchange services e.g. ( activeSync, RPC Over http and Autodiscover) I have done this using TMG before and PFsense but never used Checkpoint firewall.

I have created a static NAT Rule that points my public IP to the CAS server. the Autodiscover seems to work as when I setup the mailbox on outlook it passes the settings but stops at the logging to the mail server part and says it can't connect to the exchange server and when I click OK  It shows a box with General tab showing the microsoft Exchange server's Internal FQDN.
and Mailbox:

Is this something to do with the Reverse proxy or RPC over HTTP firewall publishing rules?
I'm attaching a photo of the settings.

I also have the same problem with the Active Sync, when I first setup my iphone with one account it finds the settings but it doesn't connect to the server nor it connects to the Legacy server's active sync.

On the Exchange event viewer I can see the following error message

An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case, Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization. 

--- Exception start ---
Exception type: Microsoft.Exchange.AirSync.AirSyncPermanentException
Exception message: A null value was received for the NTSD security descriptor of container CN=ExchangeActiveSyncDevices,CN=Kursat ARI,OU=Muhe,OU=HHT,DC=hema,DC=com.
Exception level: 0
HttpStatusCode: 500
AirSyncStatusCode: 110
This request does not contain a WBXML response.
Exception stack trace:    at Microsoft.Exchange.AirSync.ADDeviceManager.SetActiveSyncDeviceContainerPermissions(ActiveSyncDevices container)
   at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDeviceContainer(Boolean retryIfFailed)
   at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDevice(GlobalInfo globalInfo, ExDateTime syncStorageCreationTime, Boolean retryIfFailed)
   at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDevice(GlobalInfo globalInfo, ExDateTime syncStorageCreationTime)
   at Microsoft.Exchange.AirSync.Command.UpdateADDevice(GlobalInfo globalInfo)
   at Microsoft.Exchange.AirSync.Command.CompleteDeviceAccessProcessing()
   at Microsoft.Exchange.AirSync.Command.WorkerThread()
--- Exception end ---.

Open in new window

I would appreciate any input.

Mohammed HamadaSenior IT ConsultantAuthor Commented:
I have just noticed another thing with active sync, I tried removing my configured mailbox on iPhone and re-adding it and noticed these errors were generated on Exchange server.

Event code: 3008 
Event message: A configuration error has occurred. 
Event time: 1/8/2014 12:09:10 AM 
Event time (UTC): 1/7/2014 10:09:10 PM 
Event ID: dd7b52c3866f4736bf99e529e8f99114 
Event sequence: 2 
Event occurrence: 1 
Event detail code: 0 
Application information: 
    Application domain: /LM/W3SVC/1/ROOT-1-130336061504156613 
    Trust level: Full 
    Application Virtual Path: / 
    Application Path: C:\inetpub\wwwroot\ 
    Machine name: EXCH01 
Process information: 
    Process ID: 5908 
    Process name: w3wp.exe 
    Account name: IIS APPPOOL\DefaultAppPool 
Exception information: 
    Exception type: ConfigurationErrorsException 
    Exception message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS. (C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\owa\web.config line 37) 
Request information: 
    Request URL: 
    Request path: /Exchange/default.aspx 
    User host address: 
    Is authenticated: False 
    Authentication Type:  
    Thread account name: IIS APPPOOL\DefaultAppPool 
Thread information: 
    Thread ID: 1 
    Thread account name: IIS APPPOOL\DefaultAppPool 
    Is impersonating: False 
    Stack trace:    at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
   at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
   at System.Web.Configuration.RuntimeConfig.GetSectionObject(String sectionName)
   at System.Web.Configuration.RuntimeConfig.GetSection(String sectionName, Type type, ResultsIndex index)
   at System.Web.Configuration.RuntimeConfig.get_Identity()
   at System.Web.HttpContext.SetImpersonationEnabled()
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
Custom event details: 

Open in new window

and also the error that I posted above as well.
Will SzymkowskiSenior Solution ArchitectCommented:
To redirect your IIS page you can use the IIS manager to accomplish this.

OWA simple URL -

As for the external access you can check the link below which illustrates what needs to be done. Although it is demonstrating with ISA and TMG.

Mohammed HamadaSenior IT ConsultantAuthor Commented:
Thanks a lot Will and Simon
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.