Exchange 2013 Hybrid

Hi Experts,

I need to add an Exchange 2013 server as a Hybrid in an existing environment with existing 2007 Servers. Are there any gotchas that need to be avoided? Currently they don't have an autodiscover record I know when 2013 will be installed Outlook might not connect correctly for hosts as it will give them cert errors. We are planning on getting a new UC-SAN cert for Exchange 2013 server but it might take some time to apply it. How do we deal with cert error till then?

Also do we need to replace existing cert on 2007 Server with new cert as old cert does not have autodiscover record in it

TIA
abhijitm00Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Todd NelsonSystems EngineerCommented:
Have you used the Exchange Server Deployment Assistant to review what is required for hybrid with Exchange 2007 in your environment?
0
Alan CoxSr. Systems Engineer | Lead Microsoft CIE Qualified FacilitatorCommented:
I'm doing this exact migration for a client. It's not required that autodiscover be on the certificate but it is recommended. At a minimum the name on the certificate needs to match the public URL mail. Domain.com or something like that. Get-clientaccessserver | select name, *auto* will let you know how the client access servers are configured with respect to autodiscover . That is, the SCP. Also it depends on how many users you need to migrate and whether or not they can be without web services otherwise you need to configure a legacy namespace also and put that on the certificate which would go on the 2007 also. It shouldn't take that long to get a certificate I can usually get one back in about an hour. What I did in my case was actually migrate the users to exchange 2013 that way I didn't have to configure the Legacy namespace because 2007 wasnt going to be in coexistence for very long. So I migrated the mailboxes to 2013 cutover all traffic to the 2013, configured aad connect then ran hybrid wizard. I did not apply a license to the 2013 server because once all data is migrated to 365 and it is left as the hybrid and management server I can apply a hybrid license. I can tell you however from past experience that if you have public folders on the 2007 you will need to migrate them from 2007 because exchange 2013 does not support migration of public folders to Office 365. All in all the migration isn't that difficult. I don't do a lot of 2007 to 365 but I always recommend adding the latest possible version of hybrid which in this case would be a 2013 Exchange Server.
2
abhijitm00Author Commented:
Hi Alan, thanks for the detailed input. I do have a lot of users at this client so legacy will need to stay on the Exchange 2007 server for a bit. Public url matches - mail.domain.com. For new server cert these are the names I am looking at - autodiscover.domain.com, nameofserver.domain.com, mail.domain.com, legacy.domain.com. Also is it true that once Exchange 2013 is installed in environment, Outlook 2010 clients will start connecting to it? If so I would need to disable this till certs are in place

From your input I understand the old cert will also need to change and will include - legacy.domain.com, autodiscover.domain.com, mail.domain.com, nameofserver.domain.com. Will I need to change any URLs on the old server to reflect legacy.domain.com?

I did run the Get-clientaccessserver | select name, *auto* command and got the following on the Exchange 2007 server:
Name                           : Servername
AutoDiscoverServiceCN          : Servername
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://servername.usa.local/Autodiscover
                                 /Autodiscover.xml
AutoDiscoverServiceGuid        : uniquenumber
AutoDiscoverSiteScope          : {Default-First-Site-Name}

Name                           : servername
AutoDiscoverServiceCN          : servername
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://servername.usa.local/Autodisco
                                 ver/Autodiscover.xml
AutoDiscoverServiceGuid        : uniquenumber
AutoDiscoverSiteScope          : {Default-First-Site-Name}


Thanks
0
abhijitm00Author Commented:
Hi Todd, thanks for replying. Yes I am following the Exchange Server Deployment Assistant. It provides a good generic plan but is not specific for all environments hence the question above
0
Alan CoxSr. Systems Engineer | Lead Microsoft CIE Qualified FacilitatorCommented:
So your autodiscoverinternaluri is wrong. it should never be the netbios name. IF you have autodiscover on the certificate then set it (both servers) to autodiscover.domain.com
Here is a great article regarding legacy configuration on 2007: http://silbers.net/blog/2014/01/22/exchange-20072013-coexistence-urls/
 Outlook clients will not connect to exchange 2013. They are bound by the RPCendpoint assigned to the current database they are on. As a generally rule the newest server should take over the namespace (with 2010, you have a silent redirection so no legacy required as it is with 2007).
No need to put 'name of server' on the certificate, it's not used by outlook. Inside/outside urls should all be the same on 2010/2013/2016 and legacy name on 2007 for co-existance (see article).
The very first thing I do when I install exchange 2013/16 is set the clientaccess autodiscover
set-clientaccessserver -autodiscoverinternalserviceuri https://autodiscover.domain.com/autodiscover/autodiscover.xml
But you really want to have your certificate in place asap.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.