DNS confusion for Exchange 2003 to 2010 migration

Posted on 2015-02-15
Medium Priority
Last Modified: 2015-02-16
I am currently attempting to migrate from SBS2003 to Server 2012 R2 Hyper-V host with several Server 2012 R2 VMs and Exchange 2013. I understand that there is no direct migration of Exchange 2003 to 2013. I have setup a VM running Server 2008 and installed Exchange 2010.

I have been reading a bunch of guides on this process and have become confused about the appropriate setup of DNS.

The current setup is this: we have a website hosted by a third party; let's say www.company.org. All external incoming email (sent to anyone@comany.org) goes to the web-host and is then redirected immediately to our Head Office external IP address.
The public address of our current server (i.e. the SBS2003 box) is:  local.company.org
So, this is used for Remote Desktop Connections, OWA, etc.

It seems that to get Exchange 2010 working, I need to change my DNS settings to something like this:

local.company.org > - IP address of SBS 2003 box (including Exchange 2003)

NEW setup:
legacy.company.org > - IP address of SBS 2003 box (including Exchange 2003)
local.company.org  > - IP address of Exchange 2010
autodiscover.company.org > - IP address of Exchange 2010

We have an SSL123 certificate for local.company.org and it is installed on the SBS box.

I was following this guide:


 and I am supposed to configure a new Forward Lookup Zone for company.org, with the above settings. Obviously as soon as I did this I could no longer get to www.company.org.

So, I am not sure how I get out of this.

I am told that I should have a UC/SAN certificate for Exchange 2010 that I can then reuse for Exchange 2013 when I migrate over to there.

Can I configure DNS so that only www.company.org goes to the web-host and everything else comes here?
Question by:gregmiller4it
LVL 20

Expert Comment

by:Satya Pathak
ID: 40611553
follow the belo KB it might be help you .


Author Comment

ID: 40611585
I've looked at that KB article before and I have just looked at it again. I am no further ahead.

What I would like to know is, have I got something conceptually wrong in the original setup?
Woudl a better way to go be to have our public address set to company.org (instead of local.company.org) and then configure DNS on our DC to redirect traffic back to www.company.org at the IP of the web-host?
I can't setup a forward lookup zone for company.org without breaking our connection to www.company.org.

I need something more specific than just a link to a 40 page KB article
LVL 31

Accepted Solution

Gareth Gudger earned 1600 total points
ID: 40611690
and I am supposed to configure a new Forward Lookup Zone for company.org, with the above settings. Obviously as soon as I did this I could no longer get to www.company.org.

Hey Greg,

Yes you would create a forward lookup zone on your internal DNS servers for company.org.

Then you would create these records in that new internal copy of your external zone.

legacy > - IP address of SBS 2003 box (including Exchange 2003)
 local  > - IP address of Exchange 2010
 autodiscover > - IP address of Exchange 2010
www > - IP address of your wherever your website is hosted.

If you don't have that IP, ping www.company.org to get it. Then plug it in your new internal DNS zone. If you have anything else hosted out on the web you may need to create those DNS records as well.
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.


Author Comment

ID: 40611699
ok, did that and it didn't work. I got the ip address by pinging our website and put that IP address into the www DNS record.
After that I checked www.company.org and it couldn't find the webpage. So I put in the IP address that i got and it brought up the page of the web-host...maybe I need to talk to them
LVL 13

Assisted Solution

by:Guy Lidbetter
Guy Lidbetter earned 400 total points
ID: 40611938
Hi Greg,

The reason you got the web-host using the IP is that they will be using host headers to provide your website on a shared IP.
Without the www.company.org bit you would hit their default redirect which  would be the hosts website.
You would have to pay for a dedicated IP in order for the above solution to work.

As you use the local.company.org namespace internally i don't see the need for the split brain.

To get your new solution to work effectively with OWA etc:

Assuming the 192 addresses you provided are external facing IP's and you have configured 2003/2010 to be coexistent...
read this article.. it helps with co-existence configuration and legacy namespaces and certificates)
http://exchangeserverpro.com/exchange-2003-2010-coexistence/ = External Facing 2010 CAS Array IP
I'll use for internal 2010 CAS Array.

Externally you would have these DNS Records:
(A) Company.org > (Same as it always was)
(A) legacy.company.org >
(A) AutoDiscover.company.org >
(A) mail.company.org > (access to OWA would then be mail.company.org/owa)
(MX) company.org > mail.company.org (This way mail comes straight to you not via the web host)

Internally your domain is local.company.org so would have these DNS Records
(A) Company.org > (However you had this configured as it was working)
(A) AutoDiscover.local.company.org >
(A) mail.local.company.org >

You then configure the internal and external URL's in EX2010 to match what is published above.
and on the Set-owavirtualdirectory commadn you configure -exchange2003url to the legacy.company.org URL for redirection.

HTH - at least a bit...

LVL 11

Expert Comment

ID: 40612990
I still don't get why some people complicate things this hard.

Your 2003 will be the main Exchange server until you change it to something else.

Once you have finalized your 2010 installation, updates, certificates etc. you are ready to make it your default exchange server.  How you do this??? just change on your firewall the address to point to your new server's internal IP, on you DNS change your MX record to point to your new server's internal IP and make sure you have a new DNS record for your external and internal domain pointing to your new server's IP.  2010 exchange recommends to have the same names for external and internal use.

Test mail flow by sending and receiving email from one internal account and one external account to the internal, like gmail or Hotmail.

If you follow all the step to the swing-migration your mail should flow from the exchange 2010 to the 2003 if not here are other links that can help you better:

From 2003 to 2010:  http://www.petenetlive.com/KB/Article/0000234.htm

From 2010 to 2013:  http://www.petenetlive.com/KB/Article/0000788.htm

Good Luck!!!

Author Comment

ID: 40613096
So, thanks for all this guys. It seems that Guy was pretty close to the money when he said:
The reason you got the web-host using the IP is that they will be using host headers to provide your website on a shared IP.
Without the www.company.org bit you would hit their default redirect which  would be the hosts website.
You would have to pay for a dedicated IP in order for the above solution to work.
I have spoken to Tech Support at the Web host and that is exactly the case: the IP address is static and goes to their Apache server which hosts multiple customers' websites. Which explains what I was seeing.
But as it turns out I did configure DNS exactly right, the way Gareth had explained. The reason I couldn't see our website was that there is a propagation delay! When I got home, I exchanged a few emails with the host Tech Support and they said it should all work, there might just be a delay. So I remoted into one of the computers at the office and the website opened as it should.
Problem solved. I just had to wait for DNS to propagate.

LVL 31

Expert Comment

by:Gareth Gudger
ID: 40613366
Glad to help Greg. Forgot all about propagation.

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Microsoft has decided to launch the Exchange Server 2019 this year for its on-premise users. What’s new now Microsoft is going to serve its users? How good is it going to be on the current Exchange Server 2016? This blog is going to answer all queri…
How to import Outlook calendar to MS Exchange Server. A Calendar stores user appointments, meetings details to manage work. Moving Outlook Calendar to a new or already existing Exchange Server become complex process if Admin needs to import Calendar…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

568 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question