migrating exchange 2010 to exchange 2013 coexist

Thanks Simon! I will check those settings. My ultimate goal is to decommision the 2010 server and have all users moved to the 2013 exchange server. So...after i make these changes then would i need to create databases on the new server so i can move users there. My next question is after i make the URL changes above what would my next step be? I'm currently unable to create a database on the new server.

Unable to create a database on the new server would be something completely different.
However you need to ensure the URLs are all valid - particularly that Exchange 2010 has its own URLs.
While I appreciate your goals, moving the certificate and the DNS entries to the new server may have been premature. You can configure the server with the self-signed certificate that Exchange creates easily enough (just use https://servername/ecp in the browser and ignore the prompts).
Once configured correctly, then switch DNS and certificates around.

Did you install Exchange 2013 CU8? If not, then I would do that first - no point deploying a new server with old versions.

Simon.

Thanks Simon. Sorry for miscommunication on my end. I have not changed any dns records anywhere. All I've done is imported the cert to the new server. Would it be safe to remove the cert from the new server and then run through the steps found on http://exchange.sembee.info/2013/install/clientaccesshostnames.asp? 

I will need to create a couple of new databases on the new server, correct? I have a separate partition that I am putting databases and log files on (solid state) and I figured I would need to have this in place before I do any user moves when that time comes.

Steps performed so far:
1. 1. Installed exchange 2013 on new server
2. Exported 2010 3rd party cert from 2010 server and have imported it into new 2013 exchange server
3. *Started receiving those familiar certificate popups asking if we trust this cert and it now points to the new exchange 2013 server...I have NOT changed any dns mx or certificate dns to show new server yet*
4. Checked the default Virtual Directory permissions to make sure they looked ok
5. Installed Exchange CU8.
6. Remove imported cert and just use default exchange cert?
7. Run through steps on this page so both servers can run in tandem? http://exchange.sembee.info/2013/install/clientaccesshostnames.asp

Thanks for your help on this step by step process. appreciated!

"*Started receiving those familiar certificate popups asking if we trust this cert and it now points to the new exchange 2013 server...I have NOT changed any dns mx or certificate dns to show new server yet*"

That is caused by Autodiscover.
You need to change at least the AutodiscoverInternalURL as per the article above to match the existing server so that you don't get any problems.

Simon.

Hi Simon. I attempted to change/update the autodiscover using the article. I ran the following using exchange powershell on 2013 server.
Get-ClientAccessServer | Set-ClientAccess Server -AutodiscoverServiceInternalUri https://mail.ourdomain.com/autodiscover/autodiscover.xml

The result i received was 'You can't make this change because 'CN=EXCH2010.....is read-only to the current version of Exchange......

I wanted to check what both servers were showing as the internal url for autodiscover so i ran the following:

Get-ClientAccessServer | FL auto*

Here are the results (which look to be correct i'm assuming)

AutoDiscoverServiceCN      :      EXCH2010
AutoDiscoverServiceInternalUri:      https://mail.ourdomain.com/autodiscover/autodiscover.xml

AutoDiscoverServiceCN      :      EXCH2013
AutoDiscoverServiceInternalUri:      https://mail.ourdomain.com/autodiscover/autodiscover.xml

I read somewhere that they should be pointing to the new 2013 server? Didn't make sense to me since i haven't made any cert moves. ALSO....i haven't mentioned yet....i removed the cert that i imported to the exchange 2013 server. I haven't seen the certificate error pop-up as of yet so i will keep checking for that.

My question now is my next step so i can begin the process of moving users.

I am also going to work on original 2010 server because it was only set up with a C: drive. The new server has a D drive which will hold the new databases and log files so i need to address that before i go further. Any input you have on that would be great although not directly related to this post.

UPDATE!!  I was incorrectly creating the databases on the new 2013 server's D drive (which was cd-rom) and not E drive. My bad!
I have successfully created the new dbs on the new server.

Now just need the next step in terms of coexistence only while moving users to the new server's databases and also the changes needed on the 3rd party GoDaddy exchange certificate.

thanks!

It doesn't matter at this point where they point, as long as the records are the same.
When you are ready to move the DNS record to the new server then you will not have to change anything within Exchange, because the host name will still be valid.

Simon.

Ok thanks Simon. I recently created a test user on our 2010 server then successfully used the 2013 exchange admin to move that user to one of the new databases. I'm unable to log into webmail as that user from anywhere. Is that because DNS still points to the old server? If you could help with the actual steps from this point that would be great. If I change our external DNS and point it to the new server then I should be able to begin moving users to the new server and also be able to have users still work on the old server? Sorry for all the questions just want to get the final step by steps.

Did you change the URLs within Exchange on OWA to their defaults?
If they are still set to mail.example.com but that resolves to the old server, then it will just loop around and around.

You need to setup the dual namespace for legacy and the live servers, with appropriate certificates, unless you are going to do a big bang migration.
For testing you can use host files to have the host name resolve to the correct place.

Simon.

Thanks Simon. Any links you recommend for Big Bang? Not sure what method that is but I want to get users moved asap to the new server and can do it at any point but want to make it as seamless as possible for users and have each step written in front of me so I can limit any possible issues. Is there a step by step guide I can use to begin where I am now until the end point where users are moved and tested? Thanks.

I'll begin reading up on making sure I have dual namespace set up correctly.

Hi Simon,
I checked my internal DNS and here are my results. I have a staticed entry for 'autodiscover' which points to the 2010 server Exch2010.
My guess is that I will need to do the following now that I have the new server set up and have created a test user. Please let me know if my steps look incorrect and thanks.

1. remove static internal dns entry for autodiscover (which points to old server)
2.  There is a default cert created on the new server so that should be ok to use I think?
3. Run the commands on your link for http://exchange.sembee.info/2013/install/clientaccesshostnames.asp? 
4. My confusion comes in here. I have 2 exchange servers in our Corporate site and nowhere else (One AD domain) This command looks correct but I want to run by you first and then get next steps if possible.

Get-ClientAccessServer | Set-ClientAccessServer -AutodiscoverServiceInternalUri https://mail.ourdomain.com/autodiscover/autodiscover.xml

5. Then my next step would be? For Webservices what would the command be since I am using two servers. I believe I need to have each server set up differently since I am using coexistence? Can you give me the commands or which command to use from the 'ClientAccessHotnames' url above?

Big Bang migration is just moving everyone in a short space of time. Usually you have everyone out of Exchange, with no remote access while the move takes place. Possible up to about 250 users in my experience, which means you don't have to do much coexistence work.

For Autodiscover you are setting the same URLs on both servers.
For the other services, you are either setting a different URL for each server, or you are setting the same URL on both, with DNS pointing to Exchange 2010 only.

You need to decide on your migration method before you go any further. If you are going to use the "big bang" method and move everyone in a very short space of time, then it would be appropriate to have just the one set of URLs.
However if you are going to coexist, then you will need to have unique URLs for both servers (other than Autodiscover).

Simon.

Hi Simon - Making progress. I believe i'm at the point where i can start testing mailboxes on the new server. I've created a couple of test users and have moved their mailboxes to the new server. I am testing remotely. I connect to:
https://mail.ourdomain.com/owa and then i recceive a username and password field. If i put in a user that is on our 2010 server then it will authenticate and show webmail. If i put in a username and password for a user that is on one of the new 2013 databases then i get a "A server configuration change is preventing access to your account"

Since i am running with both our exchange 2010 and 2013 servers i am thinking one of my authentication methods is incorrect for the new server perhaps. not sure why it would work for the exchange 2010 users and not 2013 especially since 2013 is doing the proxy.

Any suggestions? specific steps please and thank you

Do you have unique URLs for both servers?
If not, then that is the problem. Exchange 2010 should have a legacy URL and users are directed to the Exchange 2013 server using the existing URL. Exchange will then redirect the users if required to the correct location.

Simon.

Here is what i have for each for urls:

EXCH2010 virtual directories:
      owa - internal url https://exch2010.ourdomain.com/owa
            - external url https://exch2010.ourdomain.com/owa
      
      ActiveSync - internal url https://exch2010.ourdomain.com/microsoft-server-....
            - external url   BLANK

      ecp - internal url https://exch2010.ourdomain.com/ecp
            -external url https://mail.ourdomain.com/ecp     

      ews - internal url https://exch2010.ourdomain.com/ews/exchange.asmx
            -external url https://exch2010.ourdomain.com/ews/exchange.asmx

      oab- internal url https://mail.ourdomain.com/oab
            -external url https://mail.ourdomain.com/oab

      powershell-internal url https://exch2010.groundskeeper.com/powershell

EXCH2013 virtual directories:
      owa -internal url https://mail.ourdomain.com/owa
            -external url https://mail.ourdomain.com/owa

      ActiveSync -internal url https://mail.ourdomain.com/microsft-server-....
            -external url https://mail.ourdomain.com/microsoft-server-.....

      ecp -internal url https://mail.ourdomain.com/ecp
            -external url https://mail.ourdomain.com/ecp

      ews -internal url https://mail.ourdomain.com/ews/exchange.asmx
            -external url https://mail.ourdomain.com/ews/exchange.asmx

      oab -internal url https://mail.ourdomain.com/oab
            -external url https://mail.ourdomain.com/oab

      powershell -internal url https://exch2010.ourdomain.com/powershell
            -external url https://mail.ourdomain.com/powershell

New Certs were created on both servers with:   autodiscover.ourdomain.com; mail.ourdomain.com; exch2010.ourdomain.com listed

Anything you can see that is incorrect?  Thanks!

Yes - you have the same external URL on both servers for some services. That will not work.
The external URL on both versions of Exchange needs to be different.

ActiveSync being blank is fine, as that will proxy, but for everything it needs to be different - that includes ECP, EWS etc.

Simon.

open OWA on 2013 server as https://2013-server-name/owa to open the 2013 owa page.