Upgrade exchange 2003 to 2010, 2003 has no internet facing server (no mobile access)

Posted on 2014-11-09
Last Modified: 2014-11-10
I'm planning an exchange 2003 to 2010 coexistence to full migration.
I currently have no mobile/internet users. I have just exchange 2003 and exchange smtp delivery gateways. I have no front end server for my internal owa users (yes, you can actually have that configuration and still use owa, it's some kind of loophole in Exchange 2003).
I assume internet facing exchange will be required for 2010.
How should I proceed, and which roles should I install first?
I have my sans certificate from Digicert ready but unpopulated.
Question by:challBOE
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 200 total points
ID: 40431328
"no front end server for my internal owa users (yes, you can actually have that configuration and still use owa, it's some kind of loophole in Exchange 2003)."

It isn't a loophole.
A frontend server was never required. You would only deploy one if you had multiple backend servers.

Are you planning to have the roles on separate servers? If so, then you are going against best practise. I haven't separated the roles out for over five years, never on Exchange 2010. I see no point. Best practise is all roles on all servers, with the servers configured as identically as possible.

Therefore just install your first Exchange server, configure the SSL certificate as appropriate, replicate the public folders then do a standard migration.
If you are going to coexist, with Exchange 2003 users using OWA and ActiveSync then you will need a legacy URL for Exchange 2003, with the Exchange 2003 server directly exposed to the internet.

LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 300 total points
ID: 40431439

Author Comment

ID: 40432423
I have three user mailbox servers and 5 (little) just-smtp-delivery servers ( redundancy over 2 locations and two ips providers). A third (party spamsoap) filters and delivers mail incoming. It's the only thing allowed into the LAN. Outgoing mail connects to internet directly through exchange smtp services, but outgoing only. I have no user mailboxes on those gateways.
You all expose mailbox servers to the internet? No DMZ connection to a cal server then authenticate then get access to a mailbox server?
Am I overthinking this?
Thanks for your answers.
(I have 700 users. 300 perms and 400 temps who come and go).

Author Closing Comment

ID: 40432433
Thank you both. Gareth provided a more detailed reference so got the majority of points
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40432434
A DMZ doesn't improve your network security.
Furthermore the only role supported in a DMZ is Edge, which is for SMTP traffic, no other roles are supported in a perimeter network.
I have no problem with exposing Exchange servers straight to the internet. You only need two ports open - 443 and 125. As long as you enforce decent network security on the server and keep it patched then you are fine.

Keep everything very simple. All roles on all servers. If you want redundancy then look at a DAG, an internal load balancer and perhaps a cloud based load balancer for incoming traffic.


Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question