Solved

DNS confusion for Exchange 2003 to 2010 migration

Posted on 2015-02-15
8
238 Views
Last Modified: 2015-02-16
Hi,
I am currently attempting to migrate from SBS2003 to Server 2012 R2 Hyper-V host with several Server 2012 R2 VMs and Exchange 2013. I understand that there is no direct migration of Exchange 2003 to 2013. I have setup a VM running Server 2008 and installed Exchange 2010.

I have been reading a bunch of guides on this process and have become confused about the appropriate setup of DNS.

The current setup is this: we have a website hosted by a third party; let's say www.company.org. All external incoming email (sent to anyone@comany.org) goes to the web-host and is then redirected immediately to our Head Office external IP address.
The public address of our current server (i.e. the SBS2003 box) is:  local.company.org
So, this is used for Remote Desktop Connections, OWA, etc.

It seems that to get Exchange 2010 working, I need to change my DNS settings to something like this:

Existing:
local.company.org > 192.168.0.100 - IP address of SBS 2003 box (including Exchange 2003)

NEW setup:
legacy.company.org > 192.168.0.100 - IP address of SBS 2003 box (including Exchange 2003)
local.company.org  > 192.168.0.223 - IP address of Exchange 2010
autodiscover.company.org > 192.168.0.223 - IP address of Exchange 2010

We have an SSL123 certificate for local.company.org and it is installed on the SBS box.

I was following this guide:

https://supertekboy.com/2014/04/07/migrating-exchange-2003-2010-part-iii/

 and I am supposed to configure a new Forward Lookup Zone for company.org, with the above settings. Obviously as soon as I did this I could no longer get to www.company.org.

So, I am not sure how I get out of this.

I am told that I should have a UC/SAN certificate for Exchange 2010 that I can then reuse for Exchange 2013 when I migrate over to there.

Can I configure DNS so that only www.company.org goes to the web-host and everything else comes here?
0
Comment
Question by:gregmiller4it
8 Comments
 
LVL 20

Expert Comment

by:SatyaPathak
Comment Utility
follow the belo KB it might be help you .

http://www.petenetlive.com/KB/Article/0000234.htm
0
 

Author Comment

by:gregmiller4it
Comment Utility
I've looked at that KB article before and I have just looked at it again. I am no further ahead.

What I would like to know is, have I got something conceptually wrong in the original setup?
Woudl a better way to go be to have our public address set to company.org (instead of local.company.org) and then configure DNS on our DC to redirect traffic back to www.company.org at the IP of the web-host?
I can't setup a forward lookup zone for company.org without breaking our connection to www.company.org.

I need something more specific than just a link to a 40 page KB article
0
 
LVL 30

Accepted Solution

by:
Gareth Gudger earned 400 total points
Comment Utility
and I am supposed to configure a new Forward Lookup Zone for company.org, with the above settings. Obviously as soon as I did this I could no longer get to www.company.org.

Hey Greg,

Yes you would create a forward lookup zone on your internal DNS servers for company.org.

Then you would create these records in that new internal copy of your external zone.

legacy > 192.168.0.100 - IP address of SBS 2003 box (including Exchange 2003)
 local  > 192.168.0.223 - IP address of Exchange 2010
 autodiscover > 192.168.0.223 - IP address of Exchange 2010
www > 123.123.123.123 - IP address of your wherever your website is hosted.

If you don't have that IP, ping www.company.org to get it. Then plug it in your new internal DNS zone. If you have anything else hosted out on the web you may need to create those DNS records as well.
0
 

Author Comment

by:gregmiller4it
Comment Utility
ok, did that and it didn't work. I got the ip address by pinging our website and put that IP address into the www DNS record.
After that I checked www.company.org and it couldn't find the webpage. So I put in the IP address that i got and it brought up the page of the web-host...maybe I need to talk to them
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 13

Assisted Solution

by:Guy Lidbetter
Guy Lidbetter earned 100 total points
Comment Utility
Hi Greg,

The reason you got the web-host using the IP is that they will be using host headers to provide your website on a shared IP.
Without the www.company.org bit you would hit their default redirect which  would be the hosts website.
You would have to pay for a dedicated IP in order for the above solution to work.

As you use the local.company.org namespace internally i don't see the need for the split brain.

To get your new solution to work effectively with OWA etc:

Assuming the 192 addresses you provided are external facing IP's and you have configured 2003/2010 to be coexistent...
read this article.. it helps with co-existence configuration and legacy namespaces and certificates)
http://exchangeserverpro.com/exchange-2003-2010-coexistence/
192.168.0.223 = External Facing 2010 CAS Array IP
I'll use 10.10.10.10 for internal 2010 CAS Array.

Externally you would have these DNS Records:
(Type)....Record....IP\Host
(A) Company.org > 123.123.123.123 (Same as it always was)
(A) legacy.company.org > 192.168.0.100
(A) AutoDiscover.company.org > 192.168.0.223
(A) mail.company.org > 192.168.0.223 (access to OWA would then be mail.company.org/owa)
(MX) company.org > mail.company.org (This way mail comes straight to you not via the web host)

Internally your domain is local.company.org so would have these DNS Records
(A) Company.org > 123.123.123.123 (However you had this configured as it was working)
(A) AutoDiscover.local.company.org > 10.10.10.10
(A) mail.local.company.org > 10.10.10.10

You then configure the internal and external URL's in EX2010 to match what is published above.
and on the Set-owavirtualdirectory commadn you configure -exchange2003url to the legacy.company.org URL for redirection.

HTH - at least a bit...

Guy
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
I still don't get why some people complicate things this hard.

Your 2003 will be the main Exchange server until you change it to something else.

Once you have finalized your 2010 installation, updates, certificates etc. you are ready to make it your default exchange server.  How you do this??? just change on your firewall the address to point to your new server's internal IP, on you DNS change your MX record to point to your new server's internal IP and make sure you have a new DNS record for your external and internal domain pointing to your new server's IP.  2010 exchange recommends to have the same names for external and internal use.

Test mail flow by sending and receiving email from one internal account and one external account to the internal, like gmail or Hotmail.

If you follow all the step to the swing-migration your mail should flow from the exchange 2010 to the 2003 if not here are other links that can help you better:

From 2003 to 2010:  http://www.petenetlive.com/KB/Article/0000234.htm

From 2010 to 2013:  http://www.petenetlive.com/KB/Article/0000788.htm



Good Luck!!!
0
 

Author Comment

by:gregmiller4it
Comment Utility
So, thanks for all this guys. It seems that Guy was pretty close to the money when he said:
The reason you got the web-host using the IP is that they will be using host headers to provide your website on a shared IP.
Without the www.company.org bit you would hit their default redirect which  would be the hosts website.
You would have to pay for a dedicated IP in order for the above solution to work.
I have spoken to Tech Support at the Web host and that is exactly the case: the IP address is static and goes to their Apache server which hosts multiple customers' websites. Which explains what I was seeing.
But as it turns out I did configure DNS exactly right, the way Gareth had explained. The reason I couldn't see our website was that there is a propagation delay! When I got home, I exchanged a few emails with the host Tech Support and they said it should all work, there might just be a delay. So I remoted into one of the computers at the office and the website opened as it should.
Problem solved. I just had to wait for DNS to propagate.

Cheers,
Greg
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Glad to help Greg. Forgot all about propagation.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now