Exchange 2007/2013 CoExistence Certificates

Hi,

We are in the process of migrating Exchange 2007 to 2013 in coexistence mode. Since we have never done this before I have some questions in regards of how this is accomplished. Right now the current 2007 values point to i.e owa.domainold.com. We are planing to move everything to  webmail.domainnew.com. (let me be clear Internally the Active directory domain will not change and will remain the same).

With coexistence we need to purchase SSL certs for webmail.domainnew.com, autodiscover.domainnew.com and for the legacy am I purchasing legacy.domainew.com or legacy.domainold.com. Also how are we transitioning users (Outlook clients) because if we start using legacy.domainold.com or legacy.domainnew.com they will loose connectivity to the Exchange servers.

I don't know if this is clear enough but would like some guidance.
LVL 1
chipsexpertsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Hi chipexperts,
Please check these threads. I explained in detail.
https://www.experts-exchange.com/questions/28658532/Exchange-2007-to-2013-migration.html#a40731944
https://www.experts-exchange.com/questions/29059653/Exchange-Upgrade-2007-to-2013.html#a42325349
This will explain about connectivity in a coexistence invironment.
https://blogs.technet.microsoft.com/exchange/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment/

In short you need 3 names in your certificate in a coexistence environment
1.mail.domain.com (common name which points to Exchange2013)
2. autodiscover.domain.com (autodiscover which points to Exchange2013)
3. legacy.domain.com (which points to Exchange2007)

You need an A record legacy.domain.com in both internal and external DNS.

If you are not clear please let us know.

Thanks
MAS
0
Scott CSenior EngineerCommented:
Take a look at the Exchange Server Deployment Assistant.

https://technet.microsoft.com/en-us/office/dn756393.aspx

It will help greatly.  MAS's advice is on point as well.
0
chipsexpertsAuthor Commented:
I get most of the procedure. But my main doubts are related to my current setup for Outlook clients. They point to owa.domainold.com (don't ask my why it was setup with that). The new Exchange server will be mail.domainnew.com. If the 2007 server becomes legacy.domainold.com. What's going to happen with Outlook clients still connecting to owa.domainold.com, will they still be able to connect without any issues while we perform the migration. And also how do I deal with these Outlook clients once we have the new domain name, do the profiles get automatically created (and if they are, does this means user loose their settings?) or do they have to do it manually?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

RoninCommented:
Short answer?
You control it by specifying ClientAccessServer URI for EACH CAS in your organization.
0
MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Your Exchange 2007 will connect without issue as Exchange2013 will redirect to Exchange2007.
FYI there is connectivity protocol difference in Exchange 2007 and Exchange 2013 for internal clients.
.
Please configure Exchange2007 as per below with legacy.domain.com
https://blogs.technet.microsoft.com/meamcs/2013/07/25/part-3-step-by-step-exchange-2007-to-2013-migration/
.
Please configure Exchange2013 as per below with owa.domain.com
https://blogs.technet.microsoft.com/meamcs/2013/07/25/part-2-step-by-step-exchange-2007-to-2013-migration/
0
Annie RoseTech LeadCommented:
Exchange 2007 Certificate and Coexistence:
http://msexchangeguru.com/2013/09/20/e2007certcoexist/

See the proper configuration of URLs for Proxy and Redirection - Exchange 2007/2013 CoExistence URLs
http://silbers.net/exchange-20072013-coexistence-urls/

Exchange 2007 to Exchange 2013 Migration Step by Step Guide:
http://expert-advice.org/exchange-server/exchange-2007-to-exchange-2013-migration-step-by-step-guide/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
chipsexpertsAuthor Commented:
Ok to validate my steps I will do a simple summary:

- I will create the certs as:
mail.domainnew.com
autodiscover.domainnew.com
legacy.domainold.com

- Will configure Exchange 2013 using one of the provided guides
- The users Outlook client at this point WILL still be connected and pointed to owa.domainold.com (as the name was configured that way).
- I will start migrating mailboxes
- Once I have all mailboxes migrated I will change ClientAccessServer to mail.domainnew.com
- Outlook clients at that point will automatically discover the new URL, will get reconfigure to the new address, but they will keep the current profile and configuration.
-At that point I can start working on the decommission of the old exchange

This is basic layout of the work. Let me know if any of this is incorrect.
0
RoninCommented:
Simply procure single UCC SSL 3-rd party certificate including all the FQDNs:
mail.domainnew.com
autodiscover.domainnew.com
legacy.domainold.com

Assign the cert for both servers in IIS.
Define Virtual Directories with for each server with the appropriate FQDN. (e.g. legacy.domain.com for 2007 and mail.domain.com for 2013)
Set-ClientAccessService to mail.domain.com for both, this way client even still hosted on 2007 will connect to 2013 and afterwards will be redirected to 2007.
Review and following the custom created procedure for the migration on Exchange Server Deployment Assistant
0
RoninCommented:
In order to allow access from the internet, to the mailboxes on the 2007 server, you would need to assign additional external IP on the WAN interface of the FW to NAT traffic to the internal IP of the 2007 server. Configure corresponding FQDNs to point to the IPs.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.