Upgrade exchange 2003 to 2010, 2003 has no internet facing server (no mobile access)

Posted on 2014-11-09
Last Modified: 2014-11-10
I'm planning an exchange 2003 to 2010 coexistence to full migration.
I currently have no mobile/internet users. I have just exchange 2003 and exchange smtp delivery gateways. I have no front end server for my internal owa users (yes, you can actually have that configuration and still use owa, it's some kind of loophole in Exchange 2003).
I assume internet facing exchange will be required for 2010.
How should I proceed, and which roles should I install first?
I have my sans certificate from Digicert ready but unpopulated.
Question by:challBOE
  • 2
  • 2
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 200 total points
ID: 40431328
"no front end server for my internal owa users (yes, you can actually have that configuration and still use owa, it's some kind of loophole in Exchange 2003)."

It isn't a loophole.
A frontend server was never required. You would only deploy one if you had multiple backend servers.

Are you planning to have the roles on separate servers? If so, then you are going against best practise. I haven't separated the roles out for over five years, never on Exchange 2010. I see no point. Best practise is all roles on all servers, with the servers configured as identically as possible.

Therefore just install your first Exchange server, configure the SSL certificate as appropriate, replicate the public folders then do a standard migration.
If you are going to coexist, with Exchange 2003 users using OWA and ActiveSync then you will need a legacy URL for Exchange 2003, with the Exchange 2003 server directly exposed to the internet.

LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 300 total points
ID: 40431439

Author Comment

ID: 40432423
I have three user mailbox servers and 5 (little) just-smtp-delivery servers ( redundancy over 2 locations and two ips providers). A third (party spamsoap) filters and delivers mail incoming. It's the only thing allowed into the LAN. Outgoing mail connects to internet directly through exchange smtp services, but outgoing only. I have no user mailboxes on those gateways.
You all expose mailbox servers to the internet? No DMZ connection to a cal server then authenticate then get access to a mailbox server?
Am I overthinking this?
Thanks for your answers.
(I have 700 users. 300 perms and 400 temps who come and go).

Author Closing Comment

ID: 40432433
Thank you both. Gareth provided a more detailed reference so got the majority of points
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40432434
A DMZ doesn't improve your network security.
Furthermore the only role supported in a DMZ is Edge, which is for SMTP traffic, no other roles are supported in a perimeter network.
I have no problem with exposing Exchange servers straight to the internet. You only need two ports open - 443 and 125. As long as you enforce decent network security on the server and keep it patched then you are fine.

Keep everything very simple. All roles on all servers. If you want redundancy then look at a DAG, an internal load balancer and perhaps a cloud based load balancer for incoming traffic.


Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Find out what you should include to make the best professional email signature for your organization.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question