How to get Exchange co-existence for Exchange 2K7 & 2K13?

This is using a Ms Exchange 2007 Server, with CAS, Hub and MB initially, in MS Windows 2003/2008 AD domain environment. Recently, I setup and join 1 MS Exchange 2013 (on Windows 2012 r2) to the organization. Integration looks okay as normal mail flow not affected. Now, i want to have the co-existence between 2K7 and 2K13, as I need to move 95 mailboxes to the 2K13 Exchange server. I have did some of the preparations for co-existence, such as, create a new SSL Cert (from Exch2K13 EAC) to be assigned to both Exchange servers, check the mail flow (currently, only exch2k7 allows to send), send and receive connectors, namespaces (with new legacy.xxx.xxx assign to exch2k7), and others.

I know that the tricky parts are on the owa and outlookanywhere, in which Exch2k13 not more support RPC. If I were not wrong, Exch2K13 server can indeed proxy the client connections to Exch2K7 server. Can anyone show step-by-step on how to make these proxying/redirections work?

Thanks in advance.
LVL 1
MichaelBalackAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MichaelBalackAuthor Commented:
Please see the current owa and outlookanywhere settings for both Exchange servers as attached.
get-owa-2007.txt
get-owa-2013.txt
get-rpc-2007.txt
get-rpc-2013.txt
0
MichaelBalackAuthor Commented:
The Outlook Anywhere settings: IISAuthenticationMethods is {Basic}
0
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Please find the below document which explains how to Proxying & Redirection works with Exchange 2013. For more information on this refer the below links

http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx

Thanks
ManikandanExchange-2013-interoperability-with-lega
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

For Co-existing exchange 2007 with Exchange 2013. Refer the below links

https://technet.microsoft.com/en-us/library/jj898581(v=exchg.150).aspx
http://msexchangeguru.com/2013/05/10/exchange2013-migration/

Thanks
Manikandan
0
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Here is the step-by-step guide for co-existence between exchange 2007 and 2013. Nothing more useful than this guide.

http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-1-step-by-step-exchange-2007-to-2013-migration.aspx

Thanks
Manikandan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sudhir BidyeCommented:
# Create a new certificate with with below entries in it
     mail.domain.com
     autodiscover.domain.com
     legacy.domain.com

# apply that cert in exchange 2007 and exchange 2013.
# Assign a separate public ip address to exchange 2013.
# in your public dns point mail.domain.com / autodiscover record to public ip address of exchange 2013 and legacy.domain.com to exchange 2007.
#Cofigure exchange 2007 outlook anywhere authentication to NTLM.
#Configure exchange 2013 and exchange 2007 urls.
0
MichaelBalackAuthor Commented:
Hi Sudhir,

Thanks for your guidance. The most important things are how to configure the owa and outlook anywhere parts of both Exch2K7 & Exch2K13, so as proxying/redirection is seamless integrated. Please see questions/requests in my first mail:

"I know that the tricky parts are on the owa and outlookanywhere, in which Exch2k13 not more support RPC. If I were not wrong, Exch2K13 server can indeed proxy the client connections to Exch2K7 server. Can anyone show step-by-step on how to make these proxying/redirections work?"
0
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

If the certificates are in-place mail.domain.com, autodiscover.domain.com, legacy.domain.com proxing and redirection should happen automatically no need to configure it separately. See the links which i pasted please.

Thanks
Manikandan
0
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

And let me tell you proxying and redirection steps are relatively same which was there in exchange 2010. There is no specific links available to configure proxying and redirection for exchange 2013. Refer the below link for the same.
For Outlook Web App requests, if the mailbox’s location is determined to be in another Active Directory site and there are CAS2013 members in that site that have the ExternalURL populated, then the originating CAS will redirect the request unless the ExternalURLin the target site is the same as in the originating site – in which case CAS will proxy (this is the multiple site single namespace scenario).

http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx

Thanks
Manikandan
0
MichaelBalackAuthor Commented:
Hi Manikandan,

Thanks for the reply. I am still in the midst of reading through your recommended links.
0
MichaelBalackAuthor Commented:
Thanks for Sudhir and Manikandan for the valuable suggestion and guidance.

The 4-part article that suggested by Manikandan delve into the details that need to be configured on both Exch2k7 & 2k13, in order for them to work together.

As for Sudhir, he suggested "Configure exchange 2007 outlook anywhere authentication to NTLM" - a crucial value. At first, I thought this is referring to IISClientAuthenticationMethods, but, it instead refers to ClientAuthenticationMethod (for both external and internal).

After all the hard works. I did encountered few issues that eventually resolved as follows:

 a. Using Ms outlook 2010, I can setup outlookanywhere for both mailbox located at Exch2k7 and Exch2k13. But using MS Outlook 2007 in production desktop, Outlookanywhere setup failed. This was confirmed blocked by the Kaspersky anti-virus, in which av has to be stopped during the setup.

b. The Exch2k7 is running on MS Windows 2003 server. After applying the new Exchange certificate using Exchange Powershell, we found that EAS (active-sync) and OwA URLs are no more accessiable. This is because the Exchange Certificate is not "workable" in IIS, although other URL, such as \rpc (for Outlookanywhere) not affected. We have to tell the users to use these URLs without SSL for the time being as we are in the midst to migrate all mailboxes to Exch2k13.

thanks,
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.