Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 178
  • Last Modified:

Migrating Exchange from 2003 to 2010

Hi,
I am in the middle of migrating an old SBS2003 box to a new physical box running Server 2012 R2 as a hyper-V host with several Server 2012 R2 VMs. As part of the process I have to migrate Exchange 2003 to Exchange 2013. I understand that this is not possible in a single jump without 3rd party software. I have installed a VM running Server 2008R2 and Exch2010. I have been following this tutuorial;

https://supertekboy.com/2014/04/07/migrating-exchange-2003-2010-part-iii/

I am into part III, up to the Split-Brain DNS section part 14, and it tells me this:

"First though we need to open some ports on our firewall. For coexistence we will need two public IPs.

Our first public IP will continue to point to our Exchange 2003 server.
Our second public IP will point to our Exchange 2010 server.

We need to open ports 80 (HTTP) and 443 (HTTPS) to our Exchange 2010 server.

This process will vary based on the firewall you have."

This raises somequestions for me:

1. By 'Public IP' I am assuming we are talking about the external IP address that is provided by our ISP; the same one that we get when we go to http://www.whatsmyip.org/.

2. If this is the case do I need to contact our ISP to get them to provide a second one?

3. Do I even need co-existence beyond the time it takes to migrate from Exch2003 to Exch2010? If I do this out of hours there will be minimal impact on users, so I am happy to take the Exchange server offline to do the migration. Can't I just get Exch 2010 up and running, migrate the data, turn off Exch 2003 and let Exch 2010 take over?

I was hoping to get this done this weekend, but now it's Sunday afternoon and it is looking less promising...:(

Cheers,
Greg
0
gregmiller4it
Asked:
gregmiller4it
1 Solution
 
Gareth GudgerCommented:
Hey Greg,

1. By 'Public IP' I am assuming we are talking about the external IP address that is provided by our ISP; the same one that we get when we go to http://www.whatsmyip.org/.

Yes. External IP. Do you know how many IPs your ISP currently assigns to you? You can probably decipher this from your firewall by looking at the IP and subnet mask assigned to the external/WAN interface. You may have more than one IP. Unfortunately, whatismyip.com may not be a good judge of what you have. Unless you are sure you only have one IP from your ISP.

2. If this is the case do I need to contact our ISP to get them to provide a second one?

It may take some time for your ISP to get this to you. But there are alternatives which I will answer in question 3.

3. Do I even need co-existence beyond the time it takes to migrate from Exch2003 to Exch2010? If I do this out of hours there will be minimal impact on users, so I am happy to take the Exchange server offline to do the migration. Can't I just get Exch 2010 up and running, migrate the data, turn off Exch 2003 and let Exch 2010 take over?

If you don't need coexistence then you can get by with one IP. Of course, this means cutting everything over from 2003 to 2010 all in one go. Which means you will need to move all your users as well, or, they won't be able to access there mailbox externally (phones, Outlook, Outlook Web Access, etc). Internally they will be fine. Unfortunately, this doesn't give you any room for testing.

How many users do you have?
0
 
gregmiller4itAuthor Commented:
I'm pretty sure we only have one external IP address.
We probably have around 20 users, of which only about half (i.e. Head Office staff) are regular users; the others just check email occasionally.
0
 
Gareth GudgerCommented:
Ah ok. That's a fairly small amount of users. How large are there mailboxes? Sounds like you might just be able to move it all in one go without coexistence.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
gregmiller4itAuthor Commented:
I think there was a default 1GB mailbox quota in SBS2003....but a couple of users have had that extended. All up I wouldn't expect the mailboxes to total more than about 30GB.
0
 
Gareth GudgerCommented:
Yep that sounds like a fairly quick move. So, you might be able to get away with a quick cutover. Of course coexistence is safer if you want to check your firewall to see if you have more than one IP.
0
 
gregmiller4itAuthor Commented:
So, if I run with just one IP address, do I just skip that part on reconfiguring the firewall and charge onwards?
0
 
Gareth GudgerCommented:
Yes. Go ahead and get your certificate completed on your 2010 box (next section) as this can take some time. Then once that is all set, reconfigure your firewall to point ports 80/443 away from the 2003 server and towards the 2010 box.
0
 
gregmiller4itAuthor Commented:
Ok thanks heaps. I think I'll sort the certificate tomorrow and maybe do the migration tomorrow evening.
0
 
Hello WorldCommented:
Hi,

When you're upgrading your existing Microsoft Exchange Server 2003 organization to Exchange Server 2010, there's a period of time when both Exchange 2003 and Exchange 2010 will coexist within your organization.
Then you have to change the MX record and point to Exchange 2010,and register a new record for legacy Exchange server. Meanwhile, request the certificate from CA.
More details about Migration Guide from Exchange 2003 to Exchange 2010, please refer to:
https://gallery.technet.microsoft.com/exchange/Rapid-Migration-Guide-from-7ade7012
0
 
gregmiller4itAuthor Commented:
So, we own a Thawte certificate that we are currently using on the SBS 2003 server. Is that likely to be the same as what is needed for Exchange 2010? Can I just have that one re-issued for the new server or do we need to buy a new one/type.
If we can have the old one re-issued, will that break the current certificate that is use on SBS 2003?
Also, Exchange 2010 is not he end of the story...I am actually trying to get to Exchange 2013. Will we need to buy more new certificates to get to Exchange 2013?
0
 
Gareth GudgerCommented:
It is possible to reissue the same certificate to 2010. As long as you plan to use all the same name. So if you used mail.domain.com on 2003 you will need to make sure all your URLs on 2010 are configured as mail.domain.com. Both internal and external URLs. You will also need to configure autodiscover with SRV records, instead of a CNAME/A record. Getting a UC/SAN certificate can be a little easier and may be required if your DNS provider doesn't support SRV records.
0
 
gregmiller4itAuthor Commented:
So the current certificate would not be a UC/SAN certificate?
If I get one of them now, can we re-use it when we move to Exchange 2013?
0
 
Gareth GudgerCommented:
Right. Its doubtful the one for 2003 is a UC certificate. If you get a UC/SAN certificate for Exchange 2010 now you can reuse it for 2013 later.
0
 
gregmiller4itAuthor Commented:
I just checked; the current certificate in use on Exchange 2003 is an SSL123 certificate
0
 
hecgomrecCommented:
In my experience, you don't need an extra IP (it is recommended, but not necessary).

As soon as I installed my 2010 and finished the certificates and URLs  I made it  my default server.

When I said I made it my default server I just changed my firewall IP and internal DNS settings to point to the new server and then after I start migrating mailboxes to the 2010.

Once finished I repeat the process to get to 2013

Here are the links I used:

2003 to 2010:  http://www.petenetlive.com/KB/Article/0000234.htm

2010 to 2013:  http://www.petenetlive.com/KB/Article/0000788.htm

Good Luck!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now