Frank Ferrer
asked on
migrating exchange 2010 to exchange 2013 coexist
Hi Experts. I am working on a migration of our exchange 2010 server and users/database (1 database) over to a new exchange 2013 server. I have so far done the following:
1. Installed exchange 2013 on new server
2. Exported 2010 3rd party cert from 2010 server and have imported it into new 2013 exchange server
3. *Started receiving those familiar certificate popups asking if we trust this cert and it now points to the new exchange 2013 server...I have not changed any dns mx or certificate dns to show new server yet*
4. Checked the default Virtual Directory permissions to make sure they looked ok
5. I read that i need to make sure and create the new databases on the new exchange 2013 server so i can move users. I think i may be getting ahead of myself here because i feel i've missed some critical steps and also when i try to create a new database on the server i receive a "The location for LogFolderPath isn't on a fixed drive' message.
Can someone help with steps after step 2 above as i believe i may be getting ahead of myself as i said. I don't want to make a mistake and have our users be down at any point and already i believe i'm hurting that cause. ha. Thanks!!
1. Installed exchange 2013 on new server
2. Exported 2010 3rd party cert from 2010 server and have imported it into new 2013 exchange server
3. *Started receiving those familiar certificate popups asking if we trust this cert and it now points to the new exchange 2013 server...I have not changed any dns mx or certificate dns to show new server yet*
4. Checked the default Virtual Directory permissions to make sure they looked ok
5. I read that i need to make sure and create the new databases on the new exchange 2013 server so i can move users. I think i may be getting ahead of myself here because i feel i've missed some critical steps and also when i try to create a new database on the server i receive a "The location for LogFolderPath isn't on a fixed drive' message.
Can someone help with steps after step 2 above as i believe i may be getting ahead of myself as i said. I don't want to make a mistake and have our users be down at any point and already i believe i'm hurting that cause. ha. Thanks!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Unable to create a database on the new server would be something completely different.
However you need to ensure the URLs are all valid - particularly that Exchange 2010 has its own URLs.
While I appreciate your goals, moving the certificate and the DNS entries to the new server may have been premature. You can configure the server with the self-signed certificate that Exchange creates easily enough (just use https://servername/ecp in the browser and ignore the prompts).
Once configured correctly, then switch DNS and certificates around.
Did you install Exchange 2013 CU8? If not, then I would do that first - no point deploying a new server with old versions.
Simon.
However you need to ensure the URLs are all valid - particularly that Exchange 2010 has its own URLs.
While I appreciate your goals, moving the certificate and the DNS entries to the new server may have been premature. You can configure the server with the self-signed certificate that Exchange creates easily enough (just use https://servername/ecp in the browser and ignore the prompts).
Once configured correctly, then switch DNS and certificates around.
Did you install Exchange 2013 CU8? If not, then I would do that first - no point deploying a new server with old versions.
Simon.
ASKER
Thanks Simon. Sorry for miscommunication on my end. I have not changed any dns records anywhere. All I've done is imported the cert to the new server. Would it be safe to remove the cert from the new server and then run through the steps found on http://exchange.sembee.info/2013/install/clientaccesshostnames.asp?
I will need to create a couple of new databases on the new server, correct? I have a separate partition that I am putting databases and log files on (solid state) and I figured I would need to have this in place before I do any user moves when that time comes.
Steps performed so far:
1. 1. Installed exchange 2013 on new server
2. Exported 2010 3rd party cert from 2010 server and have imported it into new 2013 exchange server
3. *Started receiving those familiar certificate popups asking if we trust this cert and it now points to the new exchange 2013 server...I have NOT changed any dns mx or certificate dns to show new server yet*
4. Checked the default Virtual Directory permissions to make sure they looked ok
5. Installed Exchange CU8.
6. Remove imported cert and just use default exchange cert?
7. Run through steps on this page so both servers can run in tandem? http://exchange.sembee.info/2013/install/clientaccesshostnames.asp
Thanks for your help on this step by step process. appreciated!
I will need to create a couple of new databases on the new server, correct? I have a separate partition that I am putting databases and log files on (solid state) and I figured I would need to have this in place before I do any user moves when that time comes.
Steps performed so far:
1. 1. Installed exchange 2013 on new server
2. Exported 2010 3rd party cert from 2010 server and have imported it into new 2013 exchange server
3. *Started receiving those familiar certificate popups asking if we trust this cert and it now points to the new exchange 2013 server...I have NOT changed any dns mx or certificate dns to show new server yet*
4. Checked the default Virtual Directory permissions to make sure they looked ok
5. Installed Exchange CU8.
6. Remove imported cert and just use default exchange cert?
7. Run through steps on this page so both servers can run in tandem? http://exchange.sembee.info/2013/install/clientaccesshostnames.asp
Thanks for your help on this step by step process. appreciated!
"*Started receiving those familiar certificate popups asking if we trust this cert and it now points to the new exchange 2013 server...I have NOT changed any dns mx or certificate dns to show new server yet*"
That is caused by Autodiscover.
You need to change at least the AutodiscoverInternalURL as per the article above to match the existing server so that you don't get any problems.
Simon.
That is caused by Autodiscover.
You need to change at least the AutodiscoverInternalURL as per the article above to match the existing server so that you don't get any problems.
Simon.
ASKER
Hi Simon. I attempted to change/update the autodiscover using the article. I ran the following using exchange powershell on 2013 server.
Get-ClientAccessServer | Set-ClientAccess Server -AutodiscoverServiceIntern alUri https://mail.ourdomain.com/autodiscover/autodiscover.xml
The result i received was 'You can't make this change because 'CN=EXCH2010.....is read-only to the current version of Exchange......
I wanted to check what both servers were showing as the internal url for autodiscover so i ran the following:
Get-ClientAccessServer | FL auto*
Here are the results (which look to be correct i'm assuming)
AutoDiscoverServiceCN : EXCH2010
AutoDiscoverServiceInterna lUri: https://mail.ourdomain.com/autodiscover/autodiscover.xml
AutoDiscoverServiceCN : EXCH2013
AutoDiscoverServiceInterna lUri: https://mail.ourdomain.com/autodiscover/autodiscover.xml
I read somewhere that they should be pointing to the new 2013 server? Didn't make sense to me since i haven't made any cert moves. ALSO....i haven't mentioned yet....i removed the cert that i imported to the exchange 2013 server. I haven't seen the certificate error pop-up as of yet so i will keep checking for that.
My question now is my next step so i can begin the process of moving users.
I am also going to work on original 2010 server because it was only set up with a C: drive. The new server has a D drive which will hold the new databases and log files so i need to address that before i go further. Any input you have on that would be great although not directly related to this post.
Get-ClientAccessServer | Set-ClientAccess Server -AutodiscoverServiceIntern
The result i received was 'You can't make this change because 'CN=EXCH2010.....is read-only to the current version of Exchange......
I wanted to check what both servers were showing as the internal url for autodiscover so i ran the following:
Get-ClientAccessServer | FL auto*
Here are the results (which look to be correct i'm assuming)
AutoDiscoverServiceCN : EXCH2010
AutoDiscoverServiceInterna
AutoDiscoverServiceCN : EXCH2013
AutoDiscoverServiceInterna
I read somewhere that they should be pointing to the new 2013 server? Didn't make sense to me since i haven't made any cert moves. ALSO....i haven't mentioned yet....i removed the cert that i imported to the exchange 2013 server. I haven't seen the certificate error pop-up as of yet so i will keep checking for that.
My question now is my next step so i can begin the process of moving users.
I am also going to work on original 2010 server because it was only set up with a C: drive. The new server has a D drive which will hold the new databases and log files so i need to address that before i go further. Any input you have on that would be great although not directly related to this post.
ASKER
UPDATE!! I was incorrectly creating the databases on the new 2013 server's D drive (which was cd-rom) and not E drive. My bad!
I have successfully created the new dbs on the new server.
Now just need the next step in terms of coexistence only while moving users to the new server's databases and also the changes needed on the 3rd party GoDaddy exchange certificate.
thanks!
I have successfully created the new dbs on the new server.
Now just need the next step in terms of coexistence only while moving users to the new server's databases and also the changes needed on the 3rd party GoDaddy exchange certificate.
thanks!
It doesn't matter at this point where they point, as long as the records are the same.
When you are ready to move the DNS record to the new server then you will not have to change anything within Exchange, because the host name will still be valid.
Simon.
When you are ready to move the DNS record to the new server then you will not have to change anything within Exchange, because the host name will still be valid.
Simon.
ASKER
Ok thanks Simon. I recently created a test user on our 2010 server then successfully used the 2013 exchange admin to move that user to one of the new databases. I'm unable to log into webmail as that user from anywhere. Is that because DNS still points to the old server? If you could help with the actual steps from this point that would be great. If I change our external DNS and point it to the new server then I should be able to begin moving users to the new server and also be able to have users still work on the old server? Sorry for all the questions just want to get the final step by steps.
Did you change the URLs within Exchange on OWA to their defaults?
If they are still set to mail.example.com but that resolves to the old server, then it will just loop around and around.
You need to setup the dual namespace for legacy and the live servers, with appropriate certificates, unless you are going to do a big bang migration.
For testing you can use host files to have the host name resolve to the correct place.
Simon.
If they are still set to mail.example.com but that resolves to the old server, then it will just loop around and around.
You need to setup the dual namespace for legacy and the live servers, with appropriate certificates, unless you are going to do a big bang migration.
For testing you can use host files to have the host name resolve to the correct place.
Simon.
ASKER
Thanks Simon. Any links you recommend for Big Bang? Not sure what method that is but I want to get users moved asap to the new server and can do it at any point but want to make it as seamless as possible for users and have each step written in front of me so I can limit any possible issues. Is there a step by step guide I can use to begin where I am now until the end point where users are moved and tested? Thanks.
I'll begin reading up on making sure I have dual namespace set up correctly.
I'll begin reading up on making sure I have dual namespace set up correctly.
ASKER
Hi Simon,
I checked my internal DNS and here are my results. I have a staticed entry for 'autodiscover' which points to the 2010 server Exch2010.
My guess is that I will need to do the following now that I have the new server set up and have created a test user. Please let me know if my steps look incorrect and thanks.
1. remove static internal dns entry for autodiscover (which points to old server)
2. There is a default cert created on the new server so that should be ok to use I think?
3. Run the commands on your link for http://exchange.sembee.info/2013/install/clientaccesshostnames.asp?
4. My confusion comes in here. I have 2 exchange servers in our Corporate site and nowhere else (One AD domain) This command looks correct but I want to run by you first and then get next steps if possible.
Get-ClientAccessServer | Set-ClientAccessServer -AutodiscoverServiceIntern alUri https://mail.ourdomain.com/autodiscover/autodiscover.xml
5. Then my next step would be? For Webservices what would the command be since I am using two servers. I believe I need to have each server set up differently since I am using coexistence? Can you give me the commands or which command to use from the 'ClientAccessHotnames' url above?
I checked my internal DNS and here are my results. I have a staticed entry for 'autodiscover' which points to the 2010 server Exch2010.
My guess is that I will need to do the following now that I have the new server set up and have created a test user. Please let me know if my steps look incorrect and thanks.
1. remove static internal dns entry for autodiscover (which points to old server)
2. There is a default cert created on the new server so that should be ok to use I think?
3. Run the commands on your link for http://exchange.sembee.info/2013/install/clientaccesshostnames.asp?
4. My confusion comes in here. I have 2 exchange servers in our Corporate site and nowhere else (One AD domain) This command looks correct but I want to run by you first and then get next steps if possible.
Get-ClientAccessServer | Set-ClientAccessServer -AutodiscoverServiceIntern
5. Then my next step would be? For Webservices what would the command be since I am using two servers. I believe I need to have each server set up differently since I am using coexistence? Can you give me the commands or which command to use from the 'ClientAccessHotnames' url above?
Big Bang migration is just moving everyone in a short space of time. Usually you have everyone out of Exchange, with no remote access while the move takes place. Possible up to about 250 users in my experience, which means you don't have to do much coexistence work.
For Autodiscover you are setting the same URLs on both servers.
For the other services, you are either setting a different URL for each server, or you are setting the same URL on both, with DNS pointing to Exchange 2010 only.
You need to decide on your migration method before you go any further. If you are going to use the "big bang" method and move everyone in a very short space of time, then it would be appropriate to have just the one set of URLs.
However if you are going to coexist, then you will need to have unique URLs for both servers (other than Autodiscover).
Simon.
For Autodiscover you are setting the same URLs on both servers.
For the other services, you are either setting a different URL for each server, or you are setting the same URL on both, with DNS pointing to Exchange 2010 only.
You need to decide on your migration method before you go any further. If you are going to use the "big bang" method and move everyone in a very short space of time, then it would be appropriate to have just the one set of URLs.
However if you are going to coexist, then you will need to have unique URLs for both servers (other than Autodiscover).
Simon.
ASKER
Hi Simon - Making progress. I believe i'm at the point where i can start testing mailboxes on the new server. I've created a couple of test users and have moved their mailboxes to the new server. I am testing remotely. I connect to:
https://mail.ourdomain.com/owa and then i recceive a username and password field. If i put in a user that is on our 2010 server then it will authenticate and show webmail. If i put in a username and password for a user that is on one of the new 2013 databases then i get a "A server configuration change is preventing access to your account"
Since i am running with both our exchange 2010 and 2013 servers i am thinking one of my authentication methods is incorrect for the new server perhaps. not sure why it would work for the exchange 2010 users and not 2013 especially since 2013 is doing the proxy.
Any suggestions? specific steps please and thank you
https://mail.ourdomain.com/owa and then i recceive a username and password field. If i put in a user that is on our 2010 server then it will authenticate and show webmail. If i put in a username and password for a user that is on one of the new 2013 databases then i get a "A server configuration change is preventing access to your account"
Since i am running with both our exchange 2010 and 2013 servers i am thinking one of my authentication methods is incorrect for the new server perhaps. not sure why it would work for the exchange 2010 users and not 2013 especially since 2013 is doing the proxy.
Any suggestions? specific steps please and thank you
Do you have unique URLs for both servers?
If not, then that is the problem. Exchange 2010 should have a legacy URL and users are directed to the Exchange 2013 server using the existing URL. Exchange will then redirect the users if required to the correct location.
Simon.
If not, then that is the problem. Exchange 2010 should have a legacy URL and users are directed to the Exchange 2013 server using the existing URL. Exchange will then redirect the users if required to the correct location.
Simon.
ASKER
Here is what i have for each for urls:
EXCH2010 virtual directories:
owa - internal url https://exch2010.ourdomain.com/owa
- external url https://exch2010.ourdomain.com/owa
ActiveSync - internal url https://exch2010.ourdomain.com/microsoft-server-....
- external url BLANK
ecp - internal url https://exch2010.ourdomain.com/ecp
-external url https://mail.ourdomain.com/ecp
ews - internal url https://exch2010.ourdomain.com/ews/exchange.asmx
-external url https://exch2010.ourdomain.com/ews/exchange.asmx
oab- internal url https://mail.ourdomain.com/oab
-external url https://mail.ourdomain.com/oab
powershell-internal url https://exch2010.groundskeeper.com/powershell
EXCH2013 virtual directories:
owa -internal url https://mail.ourdomain.com/owa
-external url https://mail.ourdomain.com/owa
ActiveSync -internal url https://mail.ourdomain.com/microsft-server-....
-external url https://mail.ourdomain.com/microsoft-server-.....
ecp -internal url https://mail.ourdomain.com/ecp
-external url https://mail.ourdomain.com/ecp
ews -internal url https://mail.ourdomain.com/ews/exchange.asmx
-external url https://mail.ourdomain.com/ews/exchange.asmx
oab -internal url https://mail.ourdomain.com/oab
-external url https://mail.ourdomain.com/oab
powershell -internal url https://exch2010.ourdomain.com/powershell
-external url https://mail.ourdomain.com/powershell
New Certs were created on both servers with: autodiscover.ourdomain.com ; mail.ourdomain.com; exch2010.ourdomain.com listed
Anything you can see that is incorrect? Thanks!
EXCH2010 virtual directories:
owa - internal url https://exch2010.ourdomain.com/owa
- external url https://exch2010.ourdomain.com/owa
ActiveSync - internal url https://exch2010.ourdomain.com/microsoft-server-....
- external url BLANK
ecp - internal url https://exch2010.ourdomain.com/ecp
-external url https://mail.ourdomain.com/ecp
ews - internal url https://exch2010.ourdomain.com/ews/exchange.asmx
-external url https://exch2010.ourdomain.com/ews/exchange.asmx
oab- internal url https://mail.ourdomain.com/oab
-external url https://mail.ourdomain.com/oab
powershell-internal url https://exch2010.groundskeeper.com/powershell
EXCH2013 virtual directories:
owa -internal url https://mail.ourdomain.com/owa
-external url https://mail.ourdomain.com/owa
ActiveSync -internal url https://mail.ourdomain.com/microsft-server-....
-external url https://mail.ourdomain.com/microsoft-server-.....
ecp -internal url https://mail.ourdomain.com/ecp
-external url https://mail.ourdomain.com/ecp
ews -internal url https://mail.ourdomain.com/ews/exchange.asmx
-external url https://mail.ourdomain.com/ews/exchange.asmx
oab -internal url https://mail.ourdomain.com/oab
-external url https://mail.ourdomain.com/oab
powershell -internal url https://exch2010.ourdomain.com/powershell
-external url https://mail.ourdomain.com/powershell
New Certs were created on both servers with: autodiscover.ourdomain.com
Anything you can see that is incorrect? Thanks!
Yes - you have the same external URL on both servers for some services. That will not work.
The external URL on both versions of Exchange needs to be different.
ActiveSync being blank is fine, as that will proxy, but for everything it needs to be different - that includes ECP, EWS etc.
Simon.
The external URL on both versions of Exchange needs to be different.
ActiveSync being blank is fine, as that will proxy, but for everything it needs to be different - that includes ECP, EWS etc.
Simon.
open OWA on 2013 server as https://2013-server-name/owa to open the 2013 owa page.
ASKER