Learn how to a build a cloud-first strategyRegister Now


Exchange migration 2003 to 2010 next step

Posted on 2014-01-06
Medium Priority
Last Modified: 2014-01-11
Hello everyone,

I am currently in the process of migrating exchange 2003 to 2010. my Exchange 2010 environment consists of 2 Exchange servers with all roles installed.

I have one DAG with 2 mailbox servers and 5 databases copied over the two mailbox servers.

I have migrated one Mailbox from the legacy server to the new server and it worked fine. I created send and receiver connector and it seems that incoming and outgoing emails are working.

I would like to know what's the next step that I can do now?

A friend of mine said that I have to update all the DNS records to Exchange 2010 and Exchange will handle the redirection of OWA site. but what about the CAS request for those who are still on Exchange 2003? would Exchange also redirect them too?

and what  about Moving the OAB ? if I moved it would it affect the legacy mailbox users?
What about Upgrading Email Address Policies and Address lists ? would that affect anyone too?

Any notes to take on Moving Public Folders from Exchange? do I do them in a specific time?

Do I need to remove the Recipient Update Services after migrating all the users?

I would appreciate any comments.

Thanks a lot
Question by:Mohammed Hamada
  • 4
  • 3
LVL 53

Accepted Solution

Will Szymkowski earned 1332 total points
ID: 39760793
Answers are below...

1. redirection takes place on the Exchange 2010 cas array (or single cas if that's all your using). When users use OWA that have a mailbox on Exchange 2010 they will be presented with the exchange 2010 login page. If the mailbox still resides on the Exchange 2003 server they will be redirected to the old server. You need to make sure that your certificates are correct on your Exchange 2010 cas server. You need to make sure that you have the following names in your SAN cert...
- Mail.domain.com
- autodiscover.domain.com
- legacy.domain.com
You will then need to import the cert into your exchange 2010 and 2003 cas/front end servers. You will then need to change the virtual directories on Exchange 2010 to the original URL which are present on Exchange 2003 and then change your virtual directories on exchange 2003 with the legacy.domain.com. When user use OWA they will be redirected depending on where their mailbox is located.

2.OAB will need to be create on the CAS server and generation server will be on a Exchange 2010 mailbox server. this is required as new Outlook clients use EWS (exchange web services) to retrieve mailbox free/busy info. This is backward compatible with Exchange 2003. You need to make sure that your are using public folder distribution and Web Services distribution.

3. For public folders you will need to move replica's you Exchange 2010 servers and then when you have moved all replica's you can then remove them from Exchange 2003. Once this is completed you will be able to move the public folder hierarchy to Exchange 2010 server.

4.In order to update email address policies and address lists you will need to convert them from ldap to opath and this is backward compatible with Exchange 2003 when it is still in the environment.

5. Recipient Update Service should not be removed until all of the mailboxes have been migrated. Once they are moved to exchange 2010 it is safe to remove the RUS as Exchange 2003 only uses this service.

Update email address policy - http://technet.microsoft.com/en-us/library/cc164375.aspx

Public Folder Migrate - http://exchangeserverpro.com/migrate-public-folders-from-exchange-2003-to-exchange-server-2010/

LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 668 total points
ID: 39760799
Are you following any of the migration guides?
I suspect not, because they answer your questions - everything is documented on TechNet.

For Exchange 2003 and 2010 coexistence you need a second URL for the Exchange 2003 server. This is called a legacy URL. All traffic goes to Exchange 2010, then it is redirected.

I would start here:

As for public folders, replicate those to Exchange 2010 (So they are on both servers). Move the mailboxes, then use the Move All Replicas command to remove them from Exchange 2003.

Everything else should be done after the mailboxes have been moved.

Have you configured a CAS Array? If not, do so now.

LVL 24

Author Comment

by:Mohammed Hamada
ID: 39761825
Hello Guys, thanks for your reply,

I have configured the redirection for the OWA and it worked perfectly. I replicated Public folder using the powershell script and it replicated also fine.

Now i'm moving couple of mailboxes to see what would happen. and then I will move them all at once.

I would like to know do I move the OAB after moving all the mailboxes? and regarding the Mailbox public policy .? When does it come as well?

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

LVL 53

Expert Comment

by:Will Szymkowski
ID: 39761877
Once you have your CAS and a Mailbox server up and running I would create the new OAB generation point. This will work with both 2003 mailboxes and also 2010. You need to make sure that you have enabled OAB for Public Folders and Web Services distribution.

Refere to answer # 2 i have posted in my previous comment.

LVL 24

Author Comment

by:Mohammed Hamada
ID: 39763302
Hi Will,
I'm sorry I haven't had enough time to play with the OAB as I got stuck with client's requirements.

They want to use the new OWA without /owa, so instead of writing https://webmail.domain.com/owa they want to write
webmail.domain.com and get automatically directed to https and owa. and if there's an e-mail siding on the Exch 2003 it will redirect to the legacy FQDN.

I tried using the IIS to do so but to no avail. do I switch off the https and turn off the SSL bindings ? the redirection on the owa page doesn't seem to work if i simply redirect it to https://webmail.domain.com/owa nor http://webmail.domain.com/owa

The second thing is publishing the Exchange services e.g. ( activeSync, RPC Over http and Autodiscover) I have done this using TMG before and PFsense but never used Checkpoint firewall.

I have created a static NAT Rule that points my public IP to the CAS server. the Autodiscover seems to work as when I setup the mailbox on outlook it passes the settings but stops at the logging to the mail server part and says it can't connect to the exchange server and when I click OK  It shows a box with General tab showing the microsoft Exchange server's Internal FQDN. exch01.internaldomain.com
and Mailbox: =SMTP:kur@publicdomain.com

Is this something to do with the Reverse proxy or RPC over HTTP firewall publishing rules?
I'm attaching a photo of the settings.

I also have the same problem with the Active Sync, when I first setup my iphone with one account it finds the settings but it doesn't connect to the server nor it connects to the Legacy server's active sync.

On the Exchange event viewer I can see the following error message

An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case, Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization. 

--- Exception start ---
Exception type: Microsoft.Exchange.AirSync.AirSyncPermanentException
Exception message: A null value was received for the NTSD security descriptor of container CN=ExchangeActiveSyncDevices,CN=Kursat ARI,OU=Muhe,OU=HHT,DC=hema,DC=com.
Exception level: 0
HttpStatusCode: 500
AirSyncStatusCode: 110
This request does not contain a WBXML response.
Exception stack trace:    at Microsoft.Exchange.AirSync.ADDeviceManager.SetActiveSyncDeviceContainerPermissions(ActiveSyncDevices container)
   at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDeviceContainer(Boolean retryIfFailed)
   at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDevice(GlobalInfo globalInfo, ExDateTime syncStorageCreationTime, Boolean retryIfFailed)
   at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDevice(GlobalInfo globalInfo, ExDateTime syncStorageCreationTime)
   at Microsoft.Exchange.AirSync.Command.UpdateADDevice(GlobalInfo globalInfo)
   at Microsoft.Exchange.AirSync.Command.CompleteDeviceAccessProcessing()
   at Microsoft.Exchange.AirSync.Command.WorkerThread()
--- Exception end ---.

Open in new window

I would appreciate any input.

LVL 24

Author Comment

by:Mohammed Hamada
ID: 39763546
I have just noticed another thing with active sync, I tried removing my configured mailbox on iPhone and re-adding it and noticed these errors were generated on Exchange server.

Event code: 3008 
Event message: A configuration error has occurred. 
Event time: 1/8/2014 12:09:10 AM 
Event time (UTC): 1/7/2014 10:09:10 PM 
Event ID: dd7b52c3866f4736bf99e529e8f99114 
Event sequence: 2 
Event occurrence: 1 
Event detail code: 0 
Application information: 
    Application domain: /LM/W3SVC/1/ROOT-1-130336061504156613 
    Trust level: Full 
    Application Virtual Path: / 
    Application Path: C:\inetpub\wwwroot\ 
    Machine name: EXCH01 
Process information: 
    Process ID: 5908 
    Process name: w3wp.exe 
    Account name: IIS APPPOOL\DefaultAppPool 
Exception information: 
    Exception type: ConfigurationErrorsException 
    Exception message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS. (C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\owa\web.config line 37) 
Request information: 
    Request URL: https://webmail.domain.com:443/Exchange/default.aspx 
    Request path: /Exchange/default.aspx 
    User host address: 
    Is authenticated: False 
    Authentication Type:  
    Thread account name: IIS APPPOOL\DefaultAppPool 
Thread information: 
    Thread ID: 1 
    Thread account name: IIS APPPOOL\DefaultAppPool 
    Is impersonating: False 
    Stack trace:    at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
   at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
   at System.Web.Configuration.RuntimeConfig.GetSectionObject(String sectionName)
   at System.Web.Configuration.RuntimeConfig.GetSection(String sectionName, Type type, ResultsIndex index)
   at System.Web.Configuration.RuntimeConfig.get_Identity()
   at System.Web.HttpContext.SetImpersonationEnabled()
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
Custom event details: 

Open in new window

and also the error that I posted above as well.
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 1332 total points
ID: 39763659
To redirect your IIS page you can use the IIS manager to accomplish this.

OWA simple URL - http://technet.microsoft.com/en-us/library/aa998359(v=exchg.150).aspx

As for the external access you can check the link below which illustrates what needs to be done. Although it is demonstrating with ISA and TMG.


LVL 24

Author Comment

by:Mohammed Hamada
ID: 39773797
Thanks a lot Will and Simon

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question