Upgrade exchange 2003 to 2010, 2003 has no internet facing server (no mobile access)

Posted on 2014-11-09
Medium Priority
Last Modified: 2014-11-10
I'm planning an exchange 2003 to 2010 coexistence to full migration.
I currently have no mobile/internet users. I have just exchange 2003 and exchange smtp delivery gateways. I have no front end server for my internal owa users (yes, you can actually have that configuration and still use owa, it's some kind of loophole in Exchange 2003).
I assume internet facing exchange will be required for 2010.
How should I proceed, and which roles should I install first?
I have my sans certificate from Digicert ready but unpopulated.
Question by:challBOE
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 800 total points
ID: 40431328
"no front end server for my internal owa users (yes, you can actually have that configuration and still use owa, it's some kind of loophole in Exchange 2003)."

It isn't a loophole.
A frontend server was never required. You would only deploy one if you had multiple backend servers.

Are you planning to have the roles on separate servers? If so, then you are going against best practise. I haven't separated the roles out for over five years, never on Exchange 2010. I see no point. Best practise is all roles on all servers, with the servers configured as identically as possible.

Therefore just install your first Exchange server, configure the SSL certificate as appropriate, replicate the public folders then do a standard migration.
If you are going to coexist, with Exchange 2003 users using OWA and ActiveSync then you will need a legacy URL for Exchange 2003, with the Exchange 2003 server directly exposed to the internet.

LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 1200 total points
ID: 40431439

Author Comment

ID: 40432423
I have three user mailbox servers and 5 (little) just-smtp-delivery servers ( redundancy over 2 locations and two ips providers). A third (party spamsoap) filters and delivers mail incoming. It's the only thing allowed into the LAN. Outgoing mail connects to internet directly through exchange smtp services, but outgoing only. I have no user mailboxes on those gateways.
You all expose mailbox servers to the internet? No DMZ connection to a cal server then authenticate then get access to a mailbox server?
Am I overthinking this?
Thanks for your answers.
(I have 700 users. 300 perms and 400 temps who come and go).

Author Closing Comment

ID: 40432433
Thank you both. Gareth provided a more detailed reference so got the majority of points
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40432434
A DMZ doesn't improve your network security.
Furthermore the only role supported in a DMZ is Edge, which is for SMTP traffic, no other roles are supported in a perimeter network.
I have no problem with exposing Exchange servers straight to the internet. You only need two ports open - 443 and 125. As long as you enforce decent network security on the server and keep it patched then you are fine.

Keep everything very simple. All roles on all servers. If you want redundancy then look at a DAG, an internal load balancer and perhaps a cloud based load balancer for incoming traffic.


Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month10 days, 14 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question