• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 67
  • Last Modified:

How to get Exchange co-existence for Exchange 2K7 & 2K13?

This is using a Ms Exchange 2007 Server, with CAS, Hub and MB initially, in MS Windows 2003/2008 AD domain environment. Recently, I setup and join 1 MS Exchange 2013 (on Windows 2012 r2) to the organization. Integration looks okay as normal mail flow not affected. Now, i want to have the co-existence between 2K7 and 2K13, as I need to move 95 mailboxes to the 2K13 Exchange server. I have did some of the preparations for co-existence, such as, create a new SSL Cert (from Exch2K13 EAC) to be assigned to both Exchange servers, check the mail flow (currently, only exch2k7 allows to send), send and receive connectors, namespaces (with new legacy.xxx.xxx assign to exch2k7), and others.

I know that the tricky parts are on the owa and outlookanywhere, in which Exch2k13 not more support RPC. If I were not wrong, Exch2K13 server can indeed proxy the client connections to Exch2K7 server. Can anyone show step-by-step on how to make these proxying/redirections work?

Thanks in advance.
0
MichaelBalack
Asked:
MichaelBalack
  • 5
  • 5
2 Solutions
 
MichaelBalackAuthor Commented:
Please see the current owa and outlookanywhere settings for both Exchange servers as attached.
get-owa-2007.txt
get-owa-2013.txt
get-rpc-2007.txt
get-rpc-2013.txt
0
 
MichaelBalackAuthor Commented:
The Outlook Anywhere settings: IISAuthenticationMethods is {Basic}
0
 
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Please find the below document which explains how to Proxying & Redirection works with Exchange 2013. For more information on this refer the below links

http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx

Thanks
ManikandanExchange-2013-interoperability-with-lega
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

For Co-existing exchange 2007 with Exchange 2013. Refer the below links

https://technet.microsoft.com/en-us/library/jj898581(v=exchg.150).aspx
http://msexchangeguru.com/2013/05/10/exchange2013-migration/

Thanks
Manikandan
0
 
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Here is the step-by-step guide for co-existence between exchange 2007 and 2013. Nothing more useful than this guide.

http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-1-step-by-step-exchange-2007-to-2013-migration.aspx

Thanks
Manikandan
0
 
Sudhir BidyeCommented:
# Create a new certificate with with below entries in it
     mail.domain.com
     autodiscover.domain.com
     legacy.domain.com

# apply that cert in exchange 2007 and exchange 2013.
# Assign a separate public ip address to exchange 2013.
# in your public dns point mail.domain.com / autodiscover record to public ip address of exchange 2013 and legacy.domain.com to exchange 2007.
#Cofigure exchange 2007 outlook anywhere authentication to NTLM.
#Configure exchange 2013 and exchange 2007 urls.
0
 
MichaelBalackAuthor Commented:
Hi Sudhir,

Thanks for your guidance. The most important things are how to configure the owa and outlook anywhere parts of both Exch2K7 & Exch2K13, so as proxying/redirection is seamless integrated. Please see questions/requests in my first mail:

"I know that the tricky parts are on the owa and outlookanywhere, in which Exch2k13 not more support RPC. If I were not wrong, Exch2K13 server can indeed proxy the client connections to Exch2K7 server. Can anyone show step-by-step on how to make these proxying/redirections work?"
0
 
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

If the certificates are in-place mail.domain.com, autodiscover.domain.com, legacy.domain.com proxing and redirection should happen automatically no need to configure it separately. See the links which i pasted please.

Thanks
Manikandan
0
 
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

And let me tell you proxying and redirection steps are relatively same which was there in exchange 2010. There is no specific links available to configure proxying and redirection for exchange 2013. Refer the below link for the same.
For Outlook Web App requests, if the mailbox’s location is determined to be in another Active Directory site and there are CAS2013 members in that site that have the ExternalURL populated, then the originating CAS will redirect the request unless the ExternalURLin the target site is the same as in the originating site – in which case CAS will proxy (this is the multiple site single namespace scenario).

http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx

Thanks
Manikandan
0
 
MichaelBalackAuthor Commented:
Hi Manikandan,

Thanks for the reply. I am still in the midst of reading through your recommended links.
0
 
MichaelBalackAuthor Commented:
Thanks for Sudhir and Manikandan for the valuable suggestion and guidance.

The 4-part article that suggested by Manikandan delve into the details that need to be configured on both Exch2k7 & 2k13, in order for them to work together.

As for Sudhir, he suggested "Configure exchange 2007 outlook anywhere authentication to NTLM" - a crucial value. At first, I thought this is referring to IISClientAuthenticationMethods, but, it instead refers to ClientAuthenticationMethod (for both external and internal).

After all the hard works. I did encountered few issues that eventually resolved as follows:

 a. Using Ms outlook 2010, I can setup outlookanywhere for both mailbox located at Exch2k7 and Exch2k13. But using MS Outlook 2007 in production desktop, Outlookanywhere setup failed. This was confirmed blocked by the Kaspersky anti-virus, in which av has to be stopped during the setup.

b. The Exch2k7 is running on MS Windows 2003 server. After applying the new Exchange certificate using Exchange Powershell, we found that EAS (active-sync) and OwA URLs are no more accessiable. This is because the Exchange Certificate is not "workable" in IIS, although other URL, such as \rpc (for Outlookanywhere) not affected. We have to tell the users to use these URLs without SSL for the time being as we are in the midst to migrate all mailboxes to Exch2k13.

thanks,
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now