Exchange migration

Hi,
I have a exchange migration project(ex2010 to ex2016)
Single server.No DAG.
Im planning namespace implamantation during migration.
Cerificate is not 3rd party.It is issued by domain CA and include 4 names
webmail.domain.com
autodiscover.domain.com
autodiscover.domain.local
oldexchange2010name.domain.local

This names are currently in use by old exchange 2010 server:
SCP-autodiscover
https:// oldexchange2010name.domain.local/Autodiscover/Autodiscover.xml
oab
internal and external
https:// webmail.domain.com/oab
ews
Internal
https:// oldexchange2010name.domain.local/EWS/Exchange.asmx
External
https:// webmail.domain.com /ews/exchange.asmx
outlookanywhere
webmail.domain.com
owa and ecp
internal and external
https:// webmail.domain.com /ecp
https:// webmail.domain.com /owa

I have a doubt about domain.local names in certificate and exchange during and after migration.
I think it is potential problem.
Can someone please propose solution for namespace migration.
LVL 1
AndyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Todd NelsonSystems EngineerCommented:
Purchase a SSL SAN/UC certificate from a pulic CA and get rid of the .local name.  Private names haven't been supported in Exchange for about 3 years.

Set the External and Internal URLs using the same FQDN.

Use these command to check the values set for each virtual directory...

Get-ExchangeServer | Get-ActiveSyncVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-ClientAccessServer | fl Identity,AutoDiscoverServiceInternalUri
Get-ExchangeServer | Get-EcpVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-MapiVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-OabVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-OutlookAnywhere | fl Identity, *ternalhost*, *ticationmeth*
Get-ExchangeServer | Get-OwaVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-PowerShellVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-WebServicesVirtualDirectory | fl Identity, *ternalurl*

Open in new window


For example...

  • ActiveSync (Internal and External) ... https://webmail.domain.com/Microsoft-Server-ActiveSync
  • Autodiscover ... https://autodiscover.domain.com/Autodiscover/Autodiscover.xml
  • ECP (Internal and External) ... https://webmail.domain.com/ecp
  • MAPI (Internal and External) ... https://webmail.domain.com/mapi
  • OAB (Internal and External) ... https://webmail.domain.com/oab
  • OutlookAnywhere (Internal and External) ... webmail.domain.com
  • Outlook Web App (Internal and External) ... https://webmail.domain.com/owa
  • PowerShell (Internal and External) ... Leave as set by default
  • WebServices (Internal and External) ... https://webmail.domain.com/ews/exchange.asmx

Hope that helps.
1
MaheshArchitectCommented:
Is this lab implementation?
0
timgreen7077Exchange EngineerCommented:
Todd is correct, you need to purchase a 3rd party UCC Cert. Also here is a link that will assist you with your migration. This link is specific for the name space. Notice the link is part3 and there is a total of 6parts which can all be found on the site and can help you with other aspects of your migration if needed.

http://techgenix.com/migrating-small-organization-exchange-2010-exchange-2016-part3/
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

AndyAuthor Commented:
Thanks for hints.
It is not lab environment.Production server,300 mailboxes.
Client has built in exchange anti spam
https://technet.microsoft.com/en-us/library/aa996604(v=exchg.141).aspx
So if he has built in anti spam I think he would not purchase public cert :-)

but I believe he dont need to purchase public cert becase his cert that is isued
by domain PKI has public names
webmail.domain.com
autodiscover.domain.com
and also has 2 names domain.local but I dont need to use this local names on exchange 2016.
Any aditional advice please
0
Todd NelsonSystems EngineerCommented:
So if he has built in anti spam I think he would not purchase public cert

Clarify what you mean.

Certificates are a method for securing access and mail flow for Exchange.  Private certificates are a challenge to implement and distribute, and are not a recommended practice with Exchange.  Also, certificates don't have mush to do with antispam.

References...
0
AndyAuthor Commented:
Excuse me,my english is not so good.
Of course anti spam has nothing with this topic.
Client has domain PKI cert and works fine but let suppose he buy public cert with this 2 names
webmail.domain.com
autodiscover.domain.com
that already has on private cert.
Old exchange has SCP and EWS that points to https:// oldexchange2010name.domain.local/Autodiscover/Autodiscover.xml
So,if he buy public cert still I dont understand which way to migrate SCP and EWS from local fqdn to webmail.domain.com.
I think certificate is not a problem but I dont understand SCP and EWS migration.
0
Todd NelsonSystems EngineerCommented:
Old exchange has SCP and EWS that points to https:// oldexchange2010name.domain.local/Autodiscover/Autodiscover.xml
So,if he buy public cert still I dont understand which way to migrate SCP and EWS from local fqdn to webmail.domain.com.
I think certificate is not a problem but I dont understand SCP and EWS migration.

You should be able to set them based on my earlier response.

SCP is the service connection point for autodiscover.  Set it using the following using Exchange Management Shell on Exchange 2016

Set-ClientAccessServer -Identity "EXCH2016SERVERNAME" -AutoDiscoverServiceInternalUri "https://autodiscover.domain.com/Autodiscover/Autodiscover.xml"

Open in new window


EWS is WebServices.  Set it using this command...

Set-WebServicesVirtualDirectory -Identity "EXCH2016SERVERNAME\EWS (Default Web Site)" -InternalUrl "https://webmail.domain.com/ews/exchange.asmx" -ExternalUrl "https://webmail.domain.com/ews/exchange.asmx"

Open in new window


The unfortunate part is converting from using private (local) server names to FQDN.  Users may see pop-ups in Outlook until their mailboxes are moved to Exchange 2016 but they will be safe to ignore.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AndyAuthor Commented:
Thank you Todd.
If pop ups are the only problem during migration it would be great.
Im afraid to see outlook disconnected or trying to connect problem.....because of SCP during migration
but if pop ups are the only problem that is not such a big deal.
0
AndyAuthor Commented:
I decided to change SCP and EWS before migration
https://practical365.com/exchange-server/changing-namespaces-exchange-migration/
and everything went fine,without single pop up.
Thank you Todd
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.