Exchange 2007 to 2013 migration

I am planning to move all my mailboxes from Exchange 2007 and 2013 to a new Exchange 2013 server.

I have existing setup half heartedly left over my previous IT admin. I don't know why he did partial migration to new mail server with in inappropriate H/W which is a MAC hardware. The only answer for partial migration is perhaps remaining large mailboxes. Also, I planning to apply new certificate from digicert and get over with the woes of company.local and ( the way it is currently segmented in my company and I am trying to address by creating copy of public DNS zone with no dynamic updates or _SRV records on existing private DNS.

The external name for Exchange 2007 and 2013 is running independently with different certificate from godaddy and digicert. Exchange 2007 resolves with name and exchange 2013 resolves with name and respectively for all records like activesync, autodiscover, owa, ewc, ecp etc. No autodiscovery record on public on private DNS and it still works with warning in existing environment. I have mostly outlook 2011 MAC users on the client side.

Now, I have setup a new Windows 2012 VM with separate drive for virtual hard drive for O/S, Exchange installation and Database/log files but I don't want to deployed until it is all tested in my test lab.

I did test migration by converting (p2v) DC, Exchange 2007 and by creating CA root/issuing server -

Completed outlook anywhere to  IIS auth to NTLM, Exchange 2007 was all prepared for with updates as I already have 2013 schema updated on existing environment. Created new CA certificate and replaced the trusted third party with CA on lab and applied to SMTP, IIS, POP, IMAP.

Issues -

1) I could not complete GUI move request, discovery mailbox was pointing to Exchange 2013 which I did not converted to virtual for test. However, I was able to complete mailbox move piping get-mailbox with new-move request. I hope GUI migration would work in production when initiate move when both exchange 2007 and 2013 are production network and if I move discover mailbox first which I could not do in test lab.

2) Mailbox size - some executve mailbox got stuck with size and permission which I was able to fix by changing the default size limitation in 2013 and changing permission for inheritance for user account. Some executive mailboxes are almost 27 gb. We do have office365 account with hybrid solution and we have securence with inbound mailbox filer. Would it be advisable to sync all executive users and critical users in office365 and also subscribe for office365 archive solution? Would office365 archive be accessible for executive users all time? If there is database, mail or CAS issue during the migration, would I be able to temporarily point securence and point users to office365 account until on premise is fixed by adding license for mailbox in office365 temporally and once it is fixed just retain executives mailbox license in office365 and archive mailbox in office365 as backup, to keep downtime minimum. Or hybrid solution of office365 is completely dependent on the health of on premise mail server?

Can I combine on premise mailbox access and office365 archive solution.

3) Autodiscovery - I tried implementing internal zone for along with private dns for company.local and created A record, autodiscover record pointing to internal exchange IP but outlook client still shows warning on third stage of autodiscover "the name of the certificate is invalid and does not match the name of the site".

Also, I tried created zone for in private DNS and still same error. Also, I tried creating autodiscovery _SRV record in company.local and still same issue. Also, I tried autodiscovery _SRV record on zone and still same. I could not find simple active sync android phone simulator to test how it is going to act on mobile devices. I do get same warning on existing production environment as there is no autodiscover in public dns but has not cause any issue with mobile devices. One thing I am worried is mobile devices after migration.

I still have to test the public folders and other thing but above issues are more critical for now. I am planning create to mailbox database and move mail boxes from exchange 2007 to one database and from  2013 to another database and keep resolvable by and decommission both old 2007 and 2013 server. My plan is install exchange and install/test new certificate and CAS part of resolution for and test communication from mobile and static devices. If it works then start mailbox migration? however if it does not work would I be able re-enforce existing certificate and point them back to Exchange 2007 as worst case scenario plan B solution.

Note- I did apply set-clientaccessserver, webservervirtualdirectory, OAB for internal and external URL to Am I suppose to keep them as company.local, if I am using _SRV autodiscovery record in company.local DNS?

What are option for migration? Should I follow all the above steps or completely create new exchange environment take archive of each mailboxes and move them over to new mail server that could be an issue for freelance users?
pchettriIT DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Lets deal with the easy bit first - Autodiscover.
Internally, unless you have clients on your network which are NOT members of the domain, then you don't need Autodiscover DNS records. They aren't used. The clients will query the domain.
Therefore remove all of the Autodiscover entries that you have made internally.

For DNS, setup single host name split DNS rather than complete zone. Easier to manage.

You should then check you have the host names correct on both servers.
For the Autodiscover entry on set-clientaccessserver, I would set it to the same.

That means the same host name is always being published to the domain by both servers.

27gb mailboxes are going to take some time to sync no matter what you do. Not much you can do about that unless you can get the mailbox size down. Probably lots of large attachments in there that shouldn't be.

If you have an Office365 subscription, do you have the full hybrid in place? If Exchange 2013 isn't on CU8, then I would install that before you go any further.

pchettriIT DirectorAuthor Commented:
I think the internal DNS resolution is still important to get rid of certificate error for internal client or else it will keep showing certificate mismatch error every time ourlook in launched. And specially in the case of Exchange 2013 it uses rpc over https for internal and external and it does not use MAPI connection between transport and mailbox.
Simon Butler (Sembee)ConsultantCommented:
You need to have some DNS resolution internally, but unless you have configured the internal AutodiscoverURI to be then you don't need the Autodiscover value. You certainly do not need any SRV records - they can be removed as they only confuse matters and will not be used.

If you are getting certificate errors when the clients are started, then you haven't configured all of the URLs correctly - not all of them are in the ECP web site. The link I provided above explains what you need to configure.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.