Exchange 2007/2013 CoExistence Certificates


We are in the process of migrating Exchange 2007 to 2013 in coexistence mode. Since we have never done this before I have some questions in regards of how this is accomplished. Right now the current 2007 values point to i.e We are planing to move everything to (let me be clear Internally the Active directory domain will not change and will remain the same).

With coexistence we need to purchase SSL certs for, and for the legacy am I purchasing or Also how are we transitioning users (Outlook clients) because if we start using or they will loose connectivity to the Exchange servers.

I don't know if this is clear enough but would like some guidance.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Hi chipexperts,
Please check these threads. I explained in detail.
This will explain about connectivity in a coexistence invironment.

In short you need 3 names in your certificate in a coexistence environment (common name which points to Exchange2013)
2. (autodiscover which points to Exchange2013)
3. (which points to Exchange2007)

You need an A record in both internal and external DNS.

If you are not clear please let us know.

Scott CSenior EngineerCommented:
Take a look at the Exchange Server Deployment Assistant.

It will help greatly.  MAS's advice is on point as well.
chipsexpertsAuthor Commented:
I get most of the procedure. But my main doubts are related to my current setup for Outlook clients. They point to (don't ask my why it was setup with that). The new Exchange server will be If the 2007 server becomes What's going to happen with Outlook clients still connecting to, will they still be able to connect without any issues while we perform the migration. And also how do I deal with these Outlook clients once we have the new domain name, do the profiles get automatically created (and if they are, does this means user loose their settings?) or do they have to do it manually?
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Short answer?
You control it by specifying ClientAccessServer URI for EACH CAS in your organization.
MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Your Exchange 2007 will connect without issue as Exchange2013 will redirect to Exchange2007.
FYI there is connectivity protocol difference in Exchange 2007 and Exchange 2013 for internal clients.
Please configure Exchange2007 as per below with
Please configure Exchange2013 as per below with
Annie RoseTech LeadCommented:
Exchange 2007 Certificate and Coexistence:

See the proper configuration of URLs for Proxy and Redirection - Exchange 2007/2013 CoExistence URLs

Exchange 2007 to Exchange 2013 Migration Step by Step Guide:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
chipsexpertsAuthor Commented:
Ok to validate my steps I will do a simple summary:

- I will create the certs as:

- Will configure Exchange 2013 using one of the provided guides
- The users Outlook client at this point WILL still be connected and pointed to (as the name was configured that way).
- I will start migrating mailboxes
- Once I have all mailboxes migrated I will change ClientAccessServer to
- Outlook clients at that point will automatically discover the new URL, will get reconfigure to the new address, but they will keep the current profile and configuration.
-At that point I can start working on the decommission of the old exchange

This is basic layout of the work. Let me know if any of this is incorrect.
Simply procure single UCC SSL 3-rd party certificate including all the FQDNs:

Assign the cert for both servers in IIS.
Define Virtual Directories with for each server with the appropriate FQDN. (e.g. for 2007 and for 2013)
Set-ClientAccessService to for both, this way client even still hosted on 2007 will connect to 2013 and afterwards will be redirected to 2007.
Review and following the custom created procedure for the migration on Exchange Server Deployment Assistant
In order to allow access from the internet, to the mailboxes on the 2007 server, you would need to assign additional external IP on the WAN interface of the FW to NAT traffic to the internal IP of the 2007 server. Configure corresponding FQDNs to point to the IPs.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.