Exchange 2010 to Exchange Migration - Co Existance

Hi All.
Im hoping you can help.  I am in the midst of a migration/upgrade and now need a little bit of advice to make sure Im in a good position.

I have/had Exchange 2010, 2 server (1 x Hub, 1 x CAS/MBX), I also have Exchange 2013 2 Servers (both roles, DAG etc).  I have a placed a LB in front of the Exchange 2013 servers, which is working fine.

I have configured all of the Internal/External URLs etc to be the same, certificates are fine.  End users Outlook is controlled via GPO to use HTTP etc, and all working fine at that end.

Today, I cut over the namespace.  Amended internal DNS records to point to the LB, changed the firewall so that the LB IP address was being nat'd etc, and Im in a position where email flows inbound and outbound, and the Exch 2013 servers are proxying requests for mailboxes still on Exch 2010.

However.... I have a Send Connector that points to a Smart Host, that includes the original Exch 2010 Hub server (and both Exch 2013 servers)  If I try to take out the Exch 2010 server from it, I cannot send outbound emails.  I also know that outbound email is flowing through it and not the 2013 servers, as Exclaimer signature software runs on it, and is displayed on emails even when the users mailbox resides on the Exch 2013 servers.

The External IP address is allowed on the Smart Host portal, as in fact its the same one I used previously.

So as it stands all is working, and I can now phase my migration of mailboxes across to Exch 2013, but once I need to take the old 2010 Hub server out, I'm guessing it will fail again.

Am I missing something here.  I would of thought that I would be flowing out of Exch 2013 servers now?

Thanks in advance
Fing wongAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSr Solutions ArchitectCommented:
You'll need to check the settings for your send connectors. The Send connector for the Internet needs to have the 2013 server listed in the list of servers that are allowed to use the Send connector. If they aren't listed, they will send messages to the closest server that is listed on the Send connector, and the send connector will send the message from there. Also note that if you have a Barracuda or similar appliance based Spam filter, you may need to configure that so it is aware of messages coming from the new server.
Fing wongAuthor Commented:
Hi There

All 3 servers are listed on the Internet send connector. 1 x 2010 hub and 2 x 2013 servers.

It's only when I remove the 2010 server that the email stops flowing outbound.

Adam BrownSr Solutions ArchitectCommented:
Oh...hang on. Your mailboxes are still on 2010, right? Your Mailbox server might be configured to use the 2010 HUB server Exclusively. Run get-mailboxserver <2010 server name> | fl and look to see if anything is shown in the SubmissionServerOverrideList value. If so, run set-mailboxserver <server> -submissionserveroverridelist $null to clear it out.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Fing wongAuthor Commented:
It seems to be blank currently.  Please see attached.
Adam BrownSr Solutions ArchitectCommented:
Have you tested mailflow with mailboxes on the 2013 server when the 2010 hub is out of the picture? That *shouldn't* make a difference, but this is a really screwy issue. The only other thing I can think of is that the 2013 servers aren't being accepted by your smarthost. I've run into problems with Barracudas when implementing new servers. Those have to be configured in the device to accept outgoing mail from them. I mentioned that earlier, but didn't get a response on that part :D
Fing wongAuthor Commented:
We use a cloud based email security service, where basically its the Public IP that's registered, and as that hasn't changed, and doesn't have any further information I can enter, seems to be ok.  The only thing ive done to take 2010 out of the picture is to remove it from the Send Connector.  Ive even tried creating a new one with just he 2013 servers in it, disabling the one with the 2010 server in, and enabling the new one, but no joy.
Adam BrownSr Solutions ArchitectCommented:
How are your AD sites set up? Are all the Exchange servers in the same site?
Fing wongAuthor Commented:
Yes they are, single logical site environment
Adam BrownSr Solutions ArchitectCommented:
Okay...Have you checked the message tracking logs on a message sent while the 2010 server is out of the loop? That should help track down where the failure is occurring. Also, what happens when you try to send messages? Do they get stuck in the Sent Items folder, held in the queue, or do you get NDRs?
Fing wongAuthor Commented:
Ill try message tracking and get back to you.  I can say that nothing gets stuck in the Sent Items folder, I do get messages held in the Queue Viewer on the 2010 server, but I cant remember the error message, Ill retry now.

Fing wongAuthor Commented:
Nothing too much to add, apart from these.  I've had to change the setting's back now.

Please see attached
Adam BrownSr Solutions ArchitectCommented:
Nothing attached.
Fing wongAuthor Commented:
Adam BrownSr Solutions ArchitectCommented:
Hmm...I think the best test you could run right now would be to see if a mailbox on the 2013 servers has the same issues sending when 2010 is out of the send connector. That would at least help determine where the failure is at. If a 2013 mailbox can send mail to the internet with the 2010 server out of the mix, then the problem is caused by communication between 2010 and 2013. If they can't, then there's a configuration error on the 2013 server keeping it from sending messages to the Internet. In addition, if the mailboxes on 2013 can sent with the 2010 server out of the loop, you don't have anything to worry about.
Fing wongAuthor Commented:
Hi acbrown

So I can answer that really quickly.  I have some test users with mailboxes on Exch 2013 and when I tested earlier I cant send mails outbound when there is no 2010 Hub involved in the send connectors.

As soon as I add it back in, the email flies off to the internet.


Adam BrownSr Solutions ArchitectCommented:
Hmm...I've seen Exchange 2013 get screwy when some of the receive connectors are set to use the wrong IP address, but the default is set to use all IP bindings on your NICs, so that's not likely the problem. Still, I'd look at the receive connectors to make sure they are configured correctly. Specifically the Default <Servername> connector.

Also check DNS settings on the Exchange server. Make sure it can resolve the address you're using for your Smarthost in your Send Connector. Also verify the server can send out on port 25 through your Edge firewall. And check windows firewall. Turn it off for testing if it's on.

Realistically, the problem is that the Exchange 2013 servers can't send to the Internet on their own. Something is causing them to fail when they attempt external sending on their own, so they're taking the next best path, which is through the 2010 server.

When you can test again, check the queues on the Exchange 2013 server(s) and look at Delivery Reports in Mail Flow in the ECP to see if there's any good info there.

Other than those things, I can't think of much that would cause this problem. Would be easier if I could look at it, but that's difficult :D

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Zacharia KurianAdministrator- Data Center & NetworkCommented:
Just a silly doubt;

Have verified your DNS settings in your exchange 2013? In your attachments named "mailbox2.PNG", shows  error 554 5.4.4 configuration changed, which is most likely a misconfiguration of  DNS.

Fing wongAuthor Commented:
I'll get those checked out today and feed back to you. Thanks for all of the comments.
Fing wongAuthor Commented:
Hi Guys.

I haven't been able to retest yet but thought id answer the questions that I could.  On both Exch 2013 servers the settings are as follows:-

1) Default Receive Connectors, Default <ServerName>,

General - Default Settings
Security - TLS, Basic, Offer basic, Integrated, Exchange Server Auth, Exchanges Servers, Legacy ExchangeServers and Exchange Users all ticked

2) Default FrontEnd <ServerName>

General - Default Settings
Security - TLS, Enable domain, Basic Auth, Int Windows, Exchange Server auth, Exchange Servers, Legacy Exchanges Servers, Exchange Users, Anonymous users

3) Exchange 2010 - Default <servername>

General - Default Settings
Settings - TLS, Basic Auth, Int Windows, Exchange Server Auth, Exchange Servers, Legacy Exchange Servers, Exchange Users, Anonymous Users

4) From a DNS config side, I can resolve the smarthost name without issue.  I can also Telnet out to it on Port 25 and get back a 220************ confirmation screen
Fing wongAuthor Commented:
Hi All

I just thought Id let you know that this appears to have been resolved or an issue with the Load Balancer that sat between the 2 Exch 2013 servers.  I ruled it out by using DNS round robin instead and natting 2 public IP's to the 2 x internal private IP addresses of the Exch 2013 servers, removed the Exch 2010 server and low and behold it started working.

Ill leave for now as DNS round Robin is woring for me currently and check out the config on the LB.

Thanks for all of your help and direction.
Fing wongAuthor Commented:
Great updates and ideas to point me in the right direction
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.