DNS entries during co-existence of Exchange 2013 & 2016 during migration period

Good afternoon!  We currently have an existing on-prem Exchange 2013 CU20 multi-site DAG, and are about to begin installation of Exchange 2016 CU10 servers for the purpose of first testing a new backup solution and then to begin a migration of our Exchange 2013 databases to Exchange 2016.  My question at this point relates to the *local* DNS entries to use during the initial co-existence period.

Essentially, I know that the namespaces on the new Exchange 2016 server have to be set according to the existing namespace configurations of our existing Exchange 2013 environment.  we've re-issued a new cert including the names of the new 2016 serves (two production plus one in-place archive server); I have that down and ready to bring up the first Exchagne 2016 server.

However, our DNS is currently configured round-robin: *local* DNS contains two records for mail.mycompany.com (1.2.3.4, 1.2.3.5; two existing 2013 DAG members) and two records for autodiscover.mycompany.com (1.2.3.4, 1.2.3.5; two existing 2013 DAG members).  Once the 2016 is installed and rebooted the namespaces on it will be config'd identically to the existing 2013 environment.  We are *not* planning to add another DNS entry for mail pointing at the new 2016 server until we build the production servers and get them running.  However, do I need to build a new autodiscover record for the 2016 server so it can participate in the round-robin?  I know that the 2016 will proxy-down to the 2013 servers, but I'm getting mixed information regarding whether autodiscover *must* be configured in DNS for the new co-existing 2016 server.  I've heard that *all* autodiscover client requests need to come into the 2016 servers in this configuration of co-existence: is that done automatically by virtue of Exchange versions, or do I need an internal autodiscover DNS entry to make it happen?  And does that new record participate in round-robin, and do I need to remove the *Existing* autodiscover records to PREVENT round-robin?

The production servers (the upcoming second and third 2016 servers) will have new DNS entries added for their IP addresses pointing to mail once they're built and ready to start participating in the migration, but this first archive server won't go into production until *after* the migration; we will be using it with a new live mailbox for testing, so it has to be live.  Given that it won't be part of the migration plan, do I need to include a record in DNS for mail for it?  I'm stuck on where in the build & migration process I need to add local autodiscover and mail records to *local* DNS.

Thanks.
SteveInReno
LVL 2
Steve BottomsSr Network AdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MAS (MVE)EE Solution Guide - Technical Dept HeadCommented:
Please check this to configure URLs.
https://www.experts-exchange.com/articles/31221/Fix-for-Exchange-server-2016-certificate-and-related-issues.html

You dont need to worry. Just point to Exchange 2016 it will proxy/redirect to Exchange 2013.
0
MaheshArchitectCommented:
al you need to do is point your mail.domain.com, webmail.domain.com (if exists) and autodiscover.domain.com to *Exchange 2016* servers only (in round robin) since you will have multiple exchange 2016 servers I believe

Also setup split dns environment meaning use domain.com zone internally and externally as well, external will resolveto public IP and internal wil resolve to internal exch 2016 servers

Point your MXto 2016 servers
Configure send connectors on exch 2016 to send email out to internet
no special config required for receive connectors on exch 206

webmail users will connect to exchange 2016 for OWA and proxied to exch 2013 if mailbox is on exch 2013
exch 2013 URLs cannot proxy / redirect to exchange 2016 mailboxes

use below guide to change internal / external virtual directories URLs on Exchange 2016
http://exchange.sembee.info/2013/install/clientaccesshostnames.asp

Also if you are planning to keep multiple hob servers for internet mail delivery, ensure you will update your SPF record to include exchange 2016 public IP there

Mahesh.
0
Steve BottomsSr Network AdminAuthor Commented:
MAS, thanks for the article link.  I have the certificate and namespace/virtual directory configuration ready.  I'm primarily concerned about specifically the local autodiscover DNS record as relates to my round-robin and co-existing in the Exchange 2013 environment.  Thanks.

Mahesh, split-DNS is already configured and has been working perfectly for years.  That's not part of my concerns.  Also, virtual directories & certificates are not part of my question.  My question was directly related to ONLY internal traffic (as this first Exchange 2016 server is going to be used *live* for testing only, and not for client access or mailbox services for the production environment.  My concern is for how the autodiscover record for the 2016 server is to be configured (if at all) in our round-robin DNS setup.  Given that (I've read) all client autodiscover requests need to go thru Exchange 2016 in an Ex2016/Ex2013 co-existence environment, does that mean that the Exchange environment (co-existence with both server types) will AUTOMATICALLY proxy traffic IRRESPECTIVE of autodiscover DNS records, or do I need to configure DNS for ONLY the Exchange 2016 autodiscover record (ie, losing all redundancy), or drop the 2016 autodiscover record for the new server in with all of the other autodiscover records...

Thank you, gentlemen.
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

MaheshArchitectCommented:
Given that (I've read) all client autodiscover requests need to go thru Exchange 2016 in an Ex2016/Ex2013 co-existence environment, does that mean that the Exchange environment (co-existence with both server types) will AUTOMATICALLY proxy traffic IRRESPECTIVE of autodiscover DNS records, or do I need to configure DNS for ONLY the Exchange 2016 autodiscover record (ie, losing all redundancy), or drop the 2016 autodiscover record for the new server in with all of the other autodiscover records...

now you have valid point that you will lose redundancy until you setup multiple exch 2016

Once you deploy 1st exch 2016 server, migrate one test mailbox to that server and Only for testing purpose, you can manually add mail.domain.com and autodiscover.domain.com records pointing to exch 2016 server to hosts file on clients being tested and then test outlook and webmail configuration within internal network for one mailbox on exch 2013 and migrated mailbox on 2016
Note that in DNS, Ur current autodiscover and mail host records are still pointing to exch 2013..

Once you get this through and deployed multiple exch servers and built redundancy, then point those host records to exch 2016 server IPs, means no host record should point to exch 2013 - this is for production setup
and as you already aware about rest of URL change SCP config, mx pointing and so on
0
MaheshArchitectCommented:
during testing, exchange 2016 would automatically proxy connections to exch 2013 if mailbox in same site o exch 2013 server
OR
redirect in other site if mailbox is hosted on exch 2013 in other site with all together different DAG with different CAS URL...
note that testing should be done on workgroup machine to avoid outlook SCP autodiscover overriding host file entries
0
Steve BottomsSr Network AdminAuthor Commented:
Mahesh, thanks for clearing up a couple of my questions.

Are you saying that I *do* need to delete all older (Ex2013)  AUTODISCOVER DNS records currently in use by my Exchange 2013 installation and ONLY have a single AUTODISCOVER DNS record pointing at the new Exchange 2016 server?  Leaving round-robing in place with two (2) Ex2013 and one (1) Ex2016 AUTODISCOVER records will not work?

Steve
0
Steve BottomsSr Network AdminAuthor Commented:
On a side note for any readers, I came across this great article on TechNet for anyone looking for details, even though the article doesn't address my questions.

https://blogs.technet.microsoft.com/exchange/2015/10/28/client-connectivity-in-an-exchange-2016-coexistence-environment-with-exchange-2013/

Steve
0
MaheshArchitectCommented:
For testing purpose I gave you workaround to avoid messing up with production setup

for production setup, yes, you need to replace (not delete) existing ex 2013 autodiscover and mail records with 2016 servers

U can keep both records, but then what will happen if user having mailbox on 2016 exchange server if connected to exchange 2013 autodiscover record either through SCP discovery or through dns entry, it won't be able to connect to exchange 2016 mailbox

if user connects to exchange 2016 records, you will not face any issues no matter where your mailboxes resides (either 2013 or 2016)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MaheshArchitectCommented:
NP, article will say same thing..I believe
0
Steve BottomsSr Network AdminAuthor Commented:
Mahesh, thanks for participating in this question for me!  I installed & configured the Exchange 2016 server this weekend, and all went fine.  The final configuration was to ensure that the new server's namespaces were configured identically to the current Exchange 2013 environment (mail & autodiscover VDs), and I didn't add or modify any DNS records at all.  My Ex2013 environment is still performing perfectly, and the new 2016 server is performing exactly as I intended (no mail flow, no autodiscover servicing, etc).

So in regards to what I was asking originally, "No, you don't need to make any modifications whatsoever to the existing LOCAL DNS records." =)

Thanks again for being my sounding-board!
Steve
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.