Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


DNS confusion for Exchange 2003 to 2010 migration

Posted on 2015-02-15
Medium Priority
Last Modified: 2015-02-16
I am currently attempting to migrate from SBS2003 to Server 2012 R2 Hyper-V host with several Server 2012 R2 VMs and Exchange 2013. I understand that there is no direct migration of Exchange 2003 to 2013. I have setup a VM running Server 2008 and installed Exchange 2010.

I have been reading a bunch of guides on this process and have become confused about the appropriate setup of DNS.

The current setup is this: we have a website hosted by a third party; let's say www.company.org. All external incoming email (sent to anyone@comany.org) goes to the web-host and is then redirected immediately to our Head Office external IP address.
The public address of our current server (i.e. the SBS2003 box) is:  local.company.org
So, this is used for Remote Desktop Connections, OWA, etc.

It seems that to get Exchange 2010 working, I need to change my DNS settings to something like this:

local.company.org > - IP address of SBS 2003 box (including Exchange 2003)

NEW setup:
legacy.company.org > - IP address of SBS 2003 box (including Exchange 2003)
local.company.org  > - IP address of Exchange 2010
autodiscover.company.org > - IP address of Exchange 2010

We have an SSL123 certificate for local.company.org and it is installed on the SBS box.

I was following this guide:


 and I am supposed to configure a new Forward Lookup Zone for company.org, with the above settings. Obviously as soon as I did this I could no longer get to www.company.org.

So, I am not sure how I get out of this.

I am told that I should have a UC/SAN certificate for Exchange 2010 that I can then reuse for Exchange 2013 when I migrate over to there.

Can I configure DNS so that only www.company.org goes to the web-host and everything else comes here?
Question by:gregmiller4it
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 20

Expert Comment

by:Satya Pathak
ID: 40611553
follow the belo KB it might be help you .


Author Comment

ID: 40611585
I've looked at that KB article before and I have just looked at it again. I am no further ahead.

What I would like to know is, have I got something conceptually wrong in the original setup?
Woudl a better way to go be to have our public address set to company.org (instead of local.company.org) and then configure DNS on our DC to redirect traffic back to www.company.org at the IP of the web-host?
I can't setup a forward lookup zone for company.org without breaking our connection to www.company.org.

I need something more specific than just a link to a 40 page KB article
LVL 31

Accepted Solution

Gareth Gudger earned 1600 total points
ID: 40611690
and I am supposed to configure a new Forward Lookup Zone for company.org, with the above settings. Obviously as soon as I did this I could no longer get to www.company.org.

Hey Greg,

Yes you would create a forward lookup zone on your internal DNS servers for company.org.

Then you would create these records in that new internal copy of your external zone.

legacy > - IP address of SBS 2003 box (including Exchange 2003)
 local  > - IP address of Exchange 2010
 autodiscover > - IP address of Exchange 2010
www > - IP address of your wherever your website is hosted.

If you don't have that IP, ping www.company.org to get it. Then plug it in your new internal DNS zone. If you have anything else hosted out on the web you may need to create those DNS records as well.
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.


Author Comment

ID: 40611699
ok, did that and it didn't work. I got the ip address by pinging our website and put that IP address into the www DNS record.
After that I checked www.company.org and it couldn't find the webpage. So I put in the IP address that i got and it brought up the page of the web-host...maybe I need to talk to them
LVL 13

Assisted Solution

by:Guy Lidbetter
Guy Lidbetter earned 400 total points
ID: 40611938
Hi Greg,

The reason you got the web-host using the IP is that they will be using host headers to provide your website on a shared IP.
Without the www.company.org bit you would hit their default redirect which  would be the hosts website.
You would have to pay for a dedicated IP in order for the above solution to work.

As you use the local.company.org namespace internally i don't see the need for the split brain.

To get your new solution to work effectively with OWA etc:

Assuming the 192 addresses you provided are external facing IP's and you have configured 2003/2010 to be coexistent...
read this article.. it helps with co-existence configuration and legacy namespaces and certificates)
http://exchangeserverpro.com/exchange-2003-2010-coexistence/ = External Facing 2010 CAS Array IP
I'll use for internal 2010 CAS Array.

Externally you would have these DNS Records:
(A) Company.org > (Same as it always was)
(A) legacy.company.org >
(A) AutoDiscover.company.org >
(A) mail.company.org > (access to OWA would then be mail.company.org/owa)
(MX) company.org > mail.company.org (This way mail comes straight to you not via the web host)

Internally your domain is local.company.org so would have these DNS Records
(A) Company.org > (However you had this configured as it was working)
(A) AutoDiscover.local.company.org >
(A) mail.local.company.org >

You then configure the internal and external URL's in EX2010 to match what is published above.
and on the Set-owavirtualdirectory commadn you configure -exchange2003url to the legacy.company.org URL for redirection.

HTH - at least a bit...

LVL 11

Expert Comment

ID: 40612990
I still don't get why some people complicate things this hard.

Your 2003 will be the main Exchange server until you change it to something else.

Once you have finalized your 2010 installation, updates, certificates etc. you are ready to make it your default exchange server.  How you do this??? just change on your firewall the address to point to your new server's internal IP, on you DNS change your MX record to point to your new server's internal IP and make sure you have a new DNS record for your external and internal domain pointing to your new server's IP.  2010 exchange recommends to have the same names for external and internal use.

Test mail flow by sending and receiving email from one internal account and one external account to the internal, like gmail or Hotmail.

If you follow all the step to the swing-migration your mail should flow from the exchange 2010 to the 2003 if not here are other links that can help you better:

From 2003 to 2010:  http://www.petenetlive.com/KB/Article/0000234.htm

From 2010 to 2013:  http://www.petenetlive.com/KB/Article/0000788.htm

Good Luck!!!

Author Comment

ID: 40613096
So, thanks for all this guys. It seems that Guy was pretty close to the money when he said:
The reason you got the web-host using the IP is that they will be using host headers to provide your website on a shared IP.
Without the www.company.org bit you would hit their default redirect which  would be the hosts website.
You would have to pay for a dedicated IP in order for the above solution to work.
I have spoken to Tech Support at the Web host and that is exactly the case: the IP address is static and goes to their Apache server which hosts multiple customers' websites. Which explains what I was seeing.
But as it turns out I did configure DNS exactly right, the way Gareth had explained. The reason I couldn't see our website was that there is a propagation delay! When I got home, I exchanged a few emails with the host Tech Support and they said it should all work, there might just be a delay. So I remoted into one of the computers at the office and the website opened as it should.
Problem solved. I just had to wait for DNS to propagate.

LVL 31

Expert Comment

by:Gareth Gudger
ID: 40613366
Glad to help Greg. Forgot all about propagation.

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question