Exchange migration

Hi,
I have a exchange migration project(ex2010 to ex2016)
Single server.No DAG.
Im planning namespace implamantation during migration.
Cerificate is not 3rd party.It is issued by domain CA and include 4 names
webmail.domain.com
autodiscover.domain.com
autodiscover.domain.local
oldexchange2010name.domain.local

This names are currently in use by old exchange 2010 server:
SCP-autodiscover
https:// oldexchange2010name.domain.local/Autodiscover/Autodiscover.xml
oab
internal and external
https:// webmail.domain.com/oab
ews
Internal
https:// oldexchange2010name.domain.local/EWS/Exchange.asmx
External
https:// webmail.domain.com /ews/exchange.asmx
outlookanywhere
webmail.domain.com
owa and ecp
internal and external
https:// webmail.domain.com /ecp
https:// webmail.domain.com /owa

I have a doubt about domain.local names in certificate and exchange during and after migration.
I think it is potential problem.
Can someone please propose solution for namespace migration.
LVL 1
Andy MladAsked:
Who is Participating?
 
Todd NelsonSystems EngineerCommented:
Old exchange has SCP and EWS that points to https:// oldexchange2010name.domain.local/Autodiscover/Autodiscover.xml
So,if he buy public cert still I dont understand which way to migrate SCP and EWS from local fqdn to webmail.domain.com.
I think certificate is not a problem but I dont understand SCP and EWS migration.

You should be able to set them based on my earlier response.

SCP is the service connection point for autodiscover.  Set it using the following using Exchange Management Shell on Exchange 2016

Set-ClientAccessServer -Identity "EXCH2016SERVERNAME" -AutoDiscoverServiceInternalUri "https://autodiscover.domain.com/Autodiscover/Autodiscover.xml"

Open in new window


EWS is WebServices.  Set it using this command...

Set-WebServicesVirtualDirectory -Identity "EXCH2016SERVERNAME\EWS (Default Web Site)" -InternalUrl "https://webmail.domain.com/ews/exchange.asmx" -ExternalUrl "https://webmail.domain.com/ews/exchange.asmx"

Open in new window


The unfortunate part is converting from using private (local) server names to FQDN.  Users may see pop-ups in Outlook until their mailboxes are moved to Exchange 2016 but they will be safe to ignore.
1
 
Todd NelsonSystems EngineerCommented:
Purchase a SSL SAN/UC certificate from a pulic CA and get rid of the .local name.  Private names haven't been supported in Exchange for about 3 years.

Set the External and Internal URLs using the same FQDN.

Use these command to check the values set for each virtual directory...

Get-ExchangeServer | Get-ActiveSyncVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-ClientAccessServer | fl Identity,AutoDiscoverServiceInternalUri
Get-ExchangeServer | Get-EcpVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-MapiVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-OabVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-OutlookAnywhere | fl Identity, *ternalhost*, *ticationmeth*
Get-ExchangeServer | Get-OwaVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-PowerShellVirtualDirectory | fl Identity, *ternalurl*
Get-ExchangeServer | Get-WebServicesVirtualDirectory | fl Identity, *ternalurl*

Open in new window


For example...

  • ActiveSync (Internal and External) ... https://webmail.domain.com/Microsoft-Server-ActiveSync
  • Autodiscover ... https://autodiscover.domain.com/Autodiscover/Autodiscover.xml
  • ECP (Internal and External) ... https://webmail.domain.com/ecp
  • MAPI (Internal and External) ... https://webmail.domain.com/mapi
  • OAB (Internal and External) ... https://webmail.domain.com/oab
  • OutlookAnywhere (Internal and External) ... webmail.domain.com
  • Outlook Web App (Internal and External) ... https://webmail.domain.com/owa
  • PowerShell (Internal and External) ... Leave as set by default
  • WebServices (Internal and External) ... https://webmail.domain.com/ews/exchange.asmx

Hope that helps.
1
 
MaheshArchitectCommented:
Is this lab implementation?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
timgreen7077Exchange EngineerCommented:
Todd is correct, you need to purchase a 3rd party UCC Cert. Also here is a link that will assist you with your migration. This link is specific for the name space. Notice the link is part3 and there is a total of 6parts which can all be found on the site and can help you with other aspects of your migration if needed.

http://techgenix.com/migrating-small-organization-exchange-2010-exchange-2016-part3/
0
 
Andy MladAuthor Commented:
Thanks for hints.
It is not lab environment.Production server,300 mailboxes.
Client has built in exchange anti spam
https://technet.microsoft.com/en-us/library/aa996604(v=exchg.141).aspx
So if he has built in anti spam I think he would not purchase public cert :-)

but I believe he dont need to purchase public cert becase his cert that is isued
by domain PKI has public names
webmail.domain.com
autodiscover.domain.com
and also has 2 names domain.local but I dont need to use this local names on exchange 2016.
Any aditional advice please
0
 
Todd NelsonSystems EngineerCommented:
So if he has built in anti spam I think he would not purchase public cert

Clarify what you mean.

Certificates are a method for securing access and mail flow for Exchange.  Private certificates are a challenge to implement and distribute, and are not a recommended practice with Exchange.  Also, certificates don't have mush to do with antispam.

References...
0
 
Andy MladAuthor Commented:
Excuse me,my english is not so good.
Of course anti spam has nothing with this topic.
Client has domain PKI cert and works fine but let suppose he buy public cert with this 2 names
webmail.domain.com
autodiscover.domain.com
that already has on private cert.
Old exchange has SCP and EWS that points to https:// oldexchange2010name.domain.local/Autodiscover/Autodiscover.xml
So,if he buy public cert still I dont understand which way to migrate SCP and EWS from local fqdn to webmail.domain.com.
I think certificate is not a problem but I dont understand SCP and EWS migration.
0
 
Andy MladAuthor Commented:
Thank you Todd.
If pop ups are the only problem during migration it would be great.
Im afraid to see outlook disconnected or trying to connect problem.....because of SCP during migration
but if pop ups are the only problem that is not such a big deal.
0
 
Andy MladAuthor Commented:
I decided to change SCP and EWS before migration
https://practical365.com/exchange-server/changing-namespaces-exchange-migration/
and everything went fine,without single pop up.
Thank you Todd
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.