Link to home
Create AccountLog in
Avatar of Andy M
Andy MFlag for Croatia

asked on

Exchange migration

Hi,
I have a exchange migration project(ex2010 to ex2016)
Single server.No DAG.
Im planning namespace implamantation during migration.
Cerificate is not 3rd party.It is issued by domain CA and include 4 names
webmail.domain.com
autodiscover.domain.com
autodiscover.domain.local
oldexchange2010name.domain.local

This names are currently in use by old exchange 2010 server:
SCP-autodiscover
https:// oldexchange2010name.domain.local/Autodiscover/Autodiscover.xml
oab
internal and external
https:// webmail.domain.com/oab
ews
Internal
https:// oldexchange2010name.domain.local/EWS/Exchange.asmx
External
https:// webmail.domain.com /ews/exchange.asmx
outlookanywhere
webmail.domain.com
owa and ecp
internal and external
https:// webmail.domain.com /ecp
https:// webmail.domain.com /owa

I have a doubt about domain.local names in certificate and exchange during and after migration.
I think it is potential problem.
Can someone please propose solution for namespace migration.
Avatar of Todd Nelson
Todd Nelson
Flag of United States of America image

Purchase a SSL SAN/UC certificate from a pulic CA and get rid of the .local name.  Private names haven't been supported in Exchange for about 3 years.

Set the External and Internal URLs using the same FQDN.

Use these command to check the values set for each virtual directory...

Get-ExchangeServer | Get-ActiveSyncVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-ClientAccessServer | fl Identity,AutoDiscoverServiceInternalUri
Get-ExchangeServer | Get-EcpVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-MapiVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-OabVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-OutlookAnywhere | fl Identity, *ternalhost*, *ticationmeth*
Get-ExchangeServer | Get-OwaVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-PowerShellVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-WebServicesVirtualDirectory | fl Identity, *ternalurl*

Open in new window


For example...

  • ActiveSync (Internal and External) ... https://webmail.domain.com/Microsoft-Server-ActiveSync
  • Autodiscover ... https://autodiscover.domain.com/Autodiscover/Autodiscover.xml
  • ECP (Internal and External) ... https://webmail.domain.com/ecp
  • MAPI (Internal and External) ... https://webmail.domain.com/mapi
  • OAB (Internal and External) ... https://webmail.domain.com/oab
  • OutlookAnywhere (Internal and External) ... webmail.domain.com
  • Outlook Web App (Internal and External) ... https://webmail.domain.com/owa
  • PowerShell (Internal and External) ... Leave as set by default
  • WebServices (Internal and External) ... https://webmail.domain.com/ews/exchange.asmx

Hope that helps.
Is this lab implementation?
Avatar of timgreen7077
timgreen7077

Todd is correct, you need to purchase a 3rd party UCC Cert. Also here is a link that will assist you with your migration. This link is specific for the name space. Notice the link is part3 and there is a total of 6parts which can all be found on the site and can help you with other aspects of your migration if needed.

http://techgenix.com/migrating-small-organization-exchange-2010-exchange-2016-part3/
Avatar of Andy M

ASKER

Thanks for hints.
It is not lab environment.Production server,300 mailboxes.
Client has built in exchange anti spam
https://technet.microsoft.com/en-us/library/aa996604(v=exchg.141).aspx
So if he has built in anti spam I think he would not purchase public cert :-)

but I believe he dont need to purchase public cert becase his cert that is isued
by domain PKI has public names
webmail.domain.com
autodiscover.domain.com
and also has 2 names domain.local but I dont need to use this local names on exchange 2016.
Any aditional advice please
So if he has built in anti spam I think he would not purchase public cert

Clarify what you mean.

Certificates are a method for securing access and mail flow for Exchange.  Private certificates are a challenge to implement and distribute, and are not a recommended practice with Exchange.  Also, certificates don't have mush to do with antispam.

References...
Avatar of Andy M

ASKER

Excuse me,my english is not so good.
Of course anti spam has nothing with this topic.
Client has domain PKI cert and works fine but let suppose he buy public cert with this 2 names
webmail.domain.com
autodiscover.domain.com
that already has on private cert.
Old exchange has SCP and EWS that points to https:// oldexchange2010name.domain.local/Autodiscover/Autodiscover.xml
So,if he buy public cert still I dont understand which way to migrate SCP and EWS from local fqdn to webmail.domain.com.
I think certificate is not a problem but I dont understand SCP and EWS migration.
ASKER CERTIFIED SOLUTION
Avatar of Todd Nelson
Todd Nelson
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Andy M

ASKER

Thank you Todd.
If pop ups are the only problem during migration it would be great.
Im afraid to see outlook disconnected or trying to connect problem.....because of SCP during migration
but if pop ups are the only problem that is not such a big deal.
Avatar of Andy M

ASKER

I decided to change SCP and EWS before migration
https://practical365.com/exchange-server/changing-namespaces-exchange-migration/
and everything went fine,without single pop up.
Thank you Todd