pchettri
asked on
Exchange 2007 to 2013 migration
I am planning to move all my mailboxes from Exchange 2007 and 2013 to a new Exchange 2013 server.
I have existing setup half heartedly left over my previous IT admin. I don't know why he did partial migration to new mail server with in inappropriate H/W which is a MAC hardware. The only answer for partial migration is perhaps remaining large mailboxes. Also, I planning to apply new certificate from digicert and get over with the woes of company.local and company.com (mail.company.com) the way it is currently segmented in my company and I am trying to address by creating copy of public DNS zone with no dynamic updates or _SRV records on existing private DNS.
The external name for Exchange 2007 and 2013 is running independently with different certificate from godaddy and digicert. Exchange 2007 resolves with name mail.company.com and exchange 2013 resolves with name exchange.company.com and respectively for all records like activesync, autodiscover, owa, ewc, ecp etc. No autodiscovery record on public on private DNS and it still works with warning in existing environment. I have mostly outlook 2011 MAC users on the client side.
Now, I have setup a new Windows 2012 VM with separate drive for virtual hard drive for O/S, Exchange installation and Database/log files but I don't want to deployed until it is all tested in my test lab.
I did test migration by converting (p2v) DC, Exchange 2007 and by creating CA root/issuing server -
Completed outlook anywhere to IIS auth to NTLM, Exchange 2007 was all prepared for with updates as I already have 2013 schema updated on existing environment. Created new CA certificate and replaced the trusted third party with CA on lab and applied to SMTP, IIS, POP, IMAP.
Issues -
1) I could not complete GUI move request, discovery mailbox was pointing to Exchange 2013 which I did not converted to virtual for test. However, I was able to complete mailbox move piping get-mailbox with new-move request. I hope GUI migration would work in production when initiate move when both exchange 2007 and 2013 are production network and if I move discover mailbox first which I could not do in test lab.
2) Mailbox size - some executve mailbox got stuck with size and permission which I was able to fix by changing the default size limitation in 2013 and changing permission for inheritance for user account. Some executive mailboxes are almost 27 gb. We do have office365 account with hybrid solution and we have securence with inbound mailbox filer. Would it be advisable to sync all executive users and critical users in office365 and also subscribe for office365 archive solution? Would office365 archive be accessible for executive users all time? If there is database, mail or CAS issue during the migration, would I be able to temporarily point securence and point users to office365 account until on premise is fixed by adding license for mailbox in office365 temporally and once it is fixed just retain executives mailbox license in office365 and archive mailbox in office365 as backup, to keep downtime minimum. Or hybrid solution of office365 is completely dependent on the health of on premise mail server?
Can I combine on premise mailbox access and office365 archive solution.
3) Autodiscovery - I tried implementing internal zone for company.com along with private dns for company.local and created A record, autodiscover record pointing to internal exchange IP but outlook client still shows warning on third stage of autodiscover "the name of the certificate is invalid and does not match the name of the site".
Also, I tried created zone for mail.company.com in private DNS and still same error. Also, I tried creating autodiscovery _SRV record in company.local and still same issue. Also, I tried autodiscovery _SRV record on company.com zone and still same. I could not find simple active sync android phone simulator to test how it is going to act on mobile devices. I do get same warning on existing production environment as there is no autodiscover in public dns but has not cause any issue with mobile devices. One thing I am worried is mobile devices after migration.
I still have to test the public folders and other thing but above issues are more critical for now. I am planning create to mailbox database and move mail boxes from exchange 2007 to one database and from 2013 to another database and keep resolvable by mail.company.com and decommission both old 2007 and 2013 server. My plan is install exchange and install/test new certificate and CAS part of resolution for mail.company.com and test communication from mobile and static devices. If it works then start mailbox migration? however if it does not work would I be able re-enforce existing certificate and point them back to Exchange 2007 as worst case scenario plan B solution.
Note- I did apply set-clientaccessserver, webservervirtualdirectory,
What are option for migration? Should I follow all the above steps or completely create new exchange environment take archive of each mailboxes and move them over to new mail server that could be an issue for freelance users?
I have existing setup half heartedly left over my previous IT admin. I don't know why he did partial migration to new mail server with in inappropriate H/W which is a MAC hardware. The only answer for partial migration is perhaps remaining large mailboxes. Also, I planning to apply new certificate from digicert and get over with the woes of company.local and company.com (mail.company.com) the way it is currently segmented in my company and I am trying to address by creating copy of public DNS zone with no dynamic updates or _SRV records on existing private DNS.
The external name for Exchange 2007 and 2013 is running independently with different certificate from godaddy and digicert. Exchange 2007 resolves with name mail.company.com and exchange 2013 resolves with name exchange.company.com and respectively for all records like activesync, autodiscover, owa, ewc, ecp etc. No autodiscovery record on public on private DNS and it still works with warning in existing environment. I have mostly outlook 2011 MAC users on the client side.
Now, I have setup a new Windows 2012 VM with separate drive for virtual hard drive for O/S, Exchange installation and Database/log files but I don't want to deployed until it is all tested in my test lab.
I did test migration by converting (p2v) DC, Exchange 2007 and by creating CA root/issuing server -
Completed outlook anywhere to IIS auth to NTLM, Exchange 2007 was all prepared for with updates as I already have 2013 schema updated on existing environment. Created new CA certificate and replaced the trusted third party with CA on lab and applied to SMTP, IIS, POP, IMAP.
Issues -
1) I could not complete GUI move request, discovery mailbox was pointing to Exchange 2013 which I did not converted to virtual for test. However, I was able to complete mailbox move piping get-mailbox with new-move request. I hope GUI migration would work in production when initiate move when both exchange 2007 and 2013 are production network and if I move discover mailbox first which I could not do in test lab.
2) Mailbox size - some executve mailbox got stuck with size and permission which I was able to fix by changing the default size limitation in 2013 and changing permission for inheritance for user account. Some executive mailboxes are almost 27 gb. We do have office365 account with hybrid solution and we have securence with inbound mailbox filer. Would it be advisable to sync all executive users and critical users in office365 and also subscribe for office365 archive solution? Would office365 archive be accessible for executive users all time? If there is database, mail or CAS issue during the migration, would I be able to temporarily point securence and point users to office365 account until on premise is fixed by adding license for mailbox in office365 temporally and once it is fixed just retain executives mailbox license in office365 and archive mailbox in office365 as backup, to keep downtime minimum. Or hybrid solution of office365 is completely dependent on the health of on premise mail server?
Can I combine on premise mailbox access and office365 archive solution.
3) Autodiscovery - I tried implementing internal zone for company.com along with private dns for company.local and created A record, autodiscover record pointing to internal exchange IP but outlook client still shows warning on third stage of autodiscover "the name of the certificate is invalid and does not match the name of the site".
Also, I tried created zone for mail.company.com in private DNS and still same error. Also, I tried creating autodiscovery _SRV record in company.local and still same issue. Also, I tried autodiscovery _SRV record on company.com zone and still same. I could not find simple active sync android phone simulator to test how it is going to act on mobile devices. I do get same warning on existing production environment as there is no autodiscover in public dns but has not cause any issue with mobile devices. One thing I am worried is mobile devices after migration.
I still have to test the public folders and other thing but above issues are more critical for now. I am planning create to mailbox database and move mail boxes from exchange 2007 to one database and from 2013 to another database and keep resolvable by mail.company.com and decommission both old 2007 and 2013 server. My plan is install exchange and install/test new certificate and CAS part of resolution for mail.company.com and test communication from mobile and static devices. If it works then start mailbox migration? however if it does not work would I be able re-enforce existing certificate and point them back to Exchange 2007 as worst case scenario plan B solution.
Note- I did apply set-clientaccessserver, webservervirtualdirectory,
What are option for migration? Should I follow all the above steps or completely create new exchange environment take archive of each mailboxes and move them over to new mail server that could be an issue for freelance users?
ASKER
I think the internal DNS resolution is still important to get rid of certificate error for internal client or else it will keep showing certificate mismatch error every time ourlook in launched. And specially in the case of Exchange 2013 it uses rpc over https for internal and external and it does not use MAPI connection between transport and mailbox.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Internally, unless you have clients on your network which are NOT members of the domain, then you don't need Autodiscover DNS records. They aren't used. The clients will query the domain.
Therefore remove all of the Autodiscover entries that you have made internally.
For DNS, setup single host name split DNS rather than complete zone. Easier to manage.
http://semb.ee/splitdns
You should then check you have the host names correct on both servers.
For the Autodiscover entry on set-clientaccessserver, I would set it to the same.
http://semb.ee/hostnames2013
That means the same host name is always being published to the domain by both servers.
27gb mailboxes are going to take some time to sync no matter what you do. Not much you can do about that unless you can get the mailbox size down. Probably lots of large attachments in there that shouldn't be.
If you have an Office365 subscription, do you have the full hybrid in place? If Exchange 2013 isn't on CU8, then I would install that before you go any further.
Simon.