chipsexperts
asked on
Exchange 2007/2013 CoExistence Certificates
Hi,
We are in the process of migrating Exchange 2007 to 2013 in coexistence mode. Since we have never done this before I have some questions in regards of how this is accomplished. Right now the current 2007 values point to i.e owa.domainold.com. We are planing to move everything to webmail.domainnew.com. (let me be clear Internally the Active directory domain will not change and will remain the same).
With coexistence we need to purchase SSL certs for webmail.domainnew.com, autodiscover.domainnew.com
I don't know if this is clear enough but would like some guidance.
We are in the process of migrating Exchange 2007 to 2013 in coexistence mode. Since we have never done this before I have some questions in regards of how this is accomplished. Right now the current 2007 values point to i.e owa.domainold.com. We are planing to move everything to webmail.domainnew.com. (let me be clear Internally the Active directory domain will not change and will remain the same).
With coexistence we need to purchase SSL certs for webmail.domainnew.com, autodiscover.domainnew.com
I don't know if this is clear enough but would like some guidance.
Take a look at the Exchange Server Deployment Assistant.
https://technet.microsoft.com/en-us/office/dn756393.aspx
It will help greatly. MAS's advice is on point as well.
https://technet.microsoft.com/en-us/office/dn756393.aspx
It will help greatly. MAS's advice is on point as well.
ASKER
I get most of the procedure. But my main doubts are related to my current setup for Outlook clients. They point to owa.domainold.com (don't ask my why it was setup with that). The new Exchange server will be mail.domainnew.com. If the 2007 server becomes legacy.domainold.com. What's going to happen with Outlook clients still connecting to owa.domainold.com, will they still be able to connect without any issues while we perform the migration. And also how do I deal with these Outlook clients once we have the new domain name, do the profiles get automatically created (and if they are, does this means user loose their settings?) or do they have to do it manually?
Short answer?
You control it by specifying ClientAccessServer URI for EACH CAS in your organization.
You control it by specifying ClientAccessServer URI for EACH CAS in your organization.
Your Exchange 2007 will connect without issue as Exchange2013 will redirect to Exchange2007.
FYI there is connectivity protocol difference in Exchange 2007 and Exchange 2013 for internal clients.
.
Please configure Exchange2007 as per below with legacy.domain.com
https://blogs.technet.microsoft.com/meamcs/2013/07/25/part-3-step-by-step-exchange-2007-to-2013-migration/
.
Please configure Exchange2013 as per below with owa.domain.com
https://blogs.technet.microsoft.com/meamcs/2013/07/25/part-2-step-by-step-exchange-2007-to-2013-migration/
FYI there is connectivity protocol difference in Exchange 2007 and Exchange 2013 for internal clients.
.
Please configure Exchange2007 as per below with legacy.domain.com
https://blogs.technet.microsoft.com/meamcs/2013/07/25/part-3-step-by-step-exchange-2007-to-2013-migration/
.
Please configure Exchange2013 as per below with owa.domain.com
https://blogs.technet.microsoft.com/meamcs/2013/07/25/part-2-step-by-step-exchange-2007-to-2013-migration/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok to validate my steps I will do a simple summary:
- I will create the certs as:
mail.domainnew.com
autodiscover.domainnew.com
legacy.domainold.com
- Will configure Exchange 2013 using one of the provided guides
- The users Outlook client at this point WILL still be connected and pointed to owa.domainold.com (as the name was configured that way).
- I will start migrating mailboxes
- Once I have all mailboxes migrated I will change ClientAccessServer to mail.domainnew.com
- Outlook clients at that point will automatically discover the new URL, will get reconfigure to the new address, but they will keep the current profile and configuration.
-At that point I can start working on the decommission of the old exchange
This is basic layout of the work. Let me know if any of this is incorrect.
- I will create the certs as:
mail.domainnew.com
autodiscover.domainnew.com
legacy.domainold.com
- Will configure Exchange 2013 using one of the provided guides
- The users Outlook client at this point WILL still be connected and pointed to owa.domainold.com (as the name was configured that way).
- I will start migrating mailboxes
- Once I have all mailboxes migrated I will change ClientAccessServer to mail.domainnew.com
- Outlook clients at that point will automatically discover the new URL, will get reconfigure to the new address, but they will keep the current profile and configuration.
-At that point I can start working on the decommission of the old exchange
This is basic layout of the work. Let me know if any of this is incorrect.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
In order to allow access from the internet, to the mailboxes on the 2007 server, you would need to assign additional external IP on the WAN interface of the FW to NAT traffic to the internal IP of the 2007 server. Configure corresponding FQDNs to point to the IPs.
Please check these threads. I explained in detail.
https://www.experts-exchange.com/questions/28658532/Exchange-2007-to-2013-migration.html?anchorAnswerId=40731944#a40731944
https://www.experts-exchange.com/questions/29059653/Exchange-Upgrade-2007-to-2013.html?anchorAnswerId=42325349#a42325349
This will explain about connectivity in a coexistence invironment.
https://blogs.technet.microsoft.com/exchange/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment/
In short you need 3 names in your certificate in a coexistence environment
1.mail.domain.com (common name which points to Exchange2013)
2. autodiscover.domain.com (autodiscover which points to Exchange2013)
3. legacy.domain.com (which points to Exchange2007)
You need an A record legacy.domain.com in both internal and external DNS.
If you are not clear please let us know.
Thanks
MAS