none
How Install CA/HT yet not allow clients to access (before migrating from 2007)

    问题

  • I have the migration assistant but I hit a snag last week. 

    I am currently on 2007.  Last week I installed 2010 on my new server, including CA/HT role.  After that I got a few calls that oulook (autodiscover) was trying to connect to newserver.domain.com.  OOOPS!  I quickly uninstalled the HT/CA role.  I have over 1000 users so I am not ready to USE these roles but I want to get the roles staged and prepared.

    The HT/CA both run through load balancers that have the SSL loaded on them to that portion is pretty complicated!

    I want to get thigs stood upp but not yet have clients wanting to connect to them.

    2012年6月18日 14:27

答案

全部回复

  • Autodiscover would detect the presence of a new CAS since there would be an entry for it in Active Directory (SCP record), although I thought that it would use the oldest one first.

    But what exactly is the problem?

    If users still have the mailbox on the E2K7 server, the E2K10 CAS should redirect them to the E2K7 CAS (which may or may not be the MBX server as well).

    Did you create a legacy DNS record for this?

     http://technet.microsoft.com/en-us/library/dd351133.aspx


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    2012年6月18日 15:45
  • Autodiscover would detect the presence of a new CAS since there would be an entry for it in Active Directory (SCP record), although I thought that it would use the oldest one first.

    But what exactly is the problem?

    If users still have the mailbox on the E2K7 server, the E2K10 CAS should redirect them to the E2K7 CAS (which may or may not be the MBX server as well).

    Did you create a legacy DNS record for this?

     http://technet.microsoft.com/en-us/library/dd351133.aspx


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    The problem was that clients were getting a certificate error from autodiscovery.

    Webmail.contoso.com is the cert we use.  But it was saying Newserver.contoso.com autodiscovery error.

    And I mix Office 2007/2010 for the client base.

    2012年6月18日 16:56
  • See http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/c551a511-ed59-4532-88b8-4668f2029b4e/

    Update/change the URI for SCP.


    Sukh

    Page Not Found

    We're sorry, but the page you requested could not be found. Please check your typing and try again, or use the search options on this page.


    2012年6月18日 16:59
  • Hello,

    Generally, you need to include the additional CAS serer name in the certificate.

    To workaround this issue, you can temporary change all the web services name on Exchange 2010 CAS and point it to your current OWA name.

    http://support.microsoft.com/kb/940726

    Thanks,

    Simon

    2012年6月19日 6:55
  • Simon,

    great information!  So if I needed a plan of attack- how does this sound:

    -Plan the HT/CA upgrade after hours

    -Open a MS support ticket for the certificate / client error

    -Load the 3rd party SSL on the new HT/CA boxes

    This whole process seems a bit precarious to get it all pre-planned!

    2012年6月20日 20:13
  • Gotwings The simplest way to do this is build your 2010 CAS server then run set-clientaccessserver -server servername -clientaccessinternalURI https:\\exchange2007CAS.domain.com\autodiscover\autodiscover.xml

    if you are using some other URL for your autodiscover then use it. just be sure the name is in the cert on the 2007 server. once you are ready to migrate and all certs installed on 2010 then you can change DNS to point to the IP's of your 2010 CAS's if the autodiscover URL is not just a server name.

    you may want to run get-clientaccessserver |fl server,*URI*,*scope* this willl tell you what your 2007 servers are using for thier SCP point.

    and it is URI not URL


    Mitch Roberson MCM Exchange 2010|MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003

    2012年6月20日 20:24
  • Gotwings The simplest way to do this is build your 2010 CAS server then run set-clientaccessserver -server servername -clientaccessinternalURI https:\\exchange2007CAS.domain.com\autodiscover\autodiscover.xml

    if you are using some other URL for your autodiscover then use it. just be sure the name is in the cert on the 2007 server. once you are ready to migrate and all certs installed on 2010 then you can change DNS to point to the IP's of your 2010 CAS's if the autodiscover URL is not just a server name.

    you may want to run get-clientaccessserver |fl server,*URI*,*scope* this willl tell you what your 2007 servers are using for thier SCP point.

    and it is URI not URL


    Mitch Roberson MCM Exchange 2010|MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003

    Good stuff Mitch!  This is why the technet forums rule!

    AutoDiscoverServiceInternalUri : https://webmail.contoso.com/Autodiscover/Autodiscover.xml
    AutoDiscoverSiteScope          : {Default-First-Site-Name}

    AutoDiscoverServiceInternalUri : https://webmail.contoso.com/Autodiscover/Autodiscover.xml
    AutoDiscoverSiteScope          : {Default-First-Site-Name}

    So for my own understanding:

    My 2007 CA servers and my 2010 CA servers will all have this same Autodiscover setting.

    How does inbound email know which servers a given recipient on? 

    I assume it will take me a few weeks to migrate users after hours.

    2012年6月21日 13:54
  • How does inbound email know which servers a given recipient on? 

    That is a HUB Transport question rather than CAS.  The categorizer is responsible for looking up the recipient and making the correct routing decision and sending the message on. 

    There is also a /DonNotStartTransport cmdline switch that prevents the newly installed server being used from a transport perspective.  Once installed, stop the transport server and then mail will not flow through it (if that is still something that you want to do). 

    Now a question for you?  Have you looked at doing online mailbox moves?  This is possible from Exch 2007 SP2 and newer -> Exchange 2010.  The user stays connected until the last small portion and only then are they out of Outlook for a small time.  If that is still not acceptable, then look at the SuspendWhenReadyToComplete option.  It will copy most of the data and then stop, the admin then completes the move after hours.  The really neat part is the bulk of the data is already copied over, and then the moves complete really quickly so you get to have some free time and migrations do not take months!

    http://technet.microsoft.com/en-us/library/bb124495 


    Cheers, Rhoderick NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    2012年6月21日 15:07
  • The mbx on 2007 shouldn't use the 2010 transport server, they should only use the 2007.  Only mbx on 2010 mbx server will use the 2010 HUB server.

    Sukh

    2012年6月21日 15:11
  • The mbx on 2007 shouldn't use the 2010 transport server, they should only use the 2007.  Only mbx on 2010 mbx server will use the 2010 HUB server.

    Sukh

    If this customer has multiple sites then inter site email can hit the "wrong" version (due to the automatic inter site load balancing feature)  and then requires another hop to get to the same version so that store driver can deliver from HUB to MBX.


    Cheers, Rhoderick NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    2012年6月21日 15:22
  • The mbx on 2007 shouldn't use the 2010 transport server, they should only use the 2007.  Only mbx on 2010 mbx server will use the 2010 HUB server.

    Sukh

    If this customer has multiple sites then inter site email can hit the "wrong" version (due to the automatic inter site load balancing feature)  and then requires another hop to get to the same version so that store driver can deliver from HUB to MBX.


    Cheers, Rhoderick NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wouldn't you retain a 2007 HUB server at each site where you have a 2007 MXB server? Therefore not sure how a 2007 MBX server would use a 2010 server.  Only the 2007 & 2010 HUB would talk to one another.

    Sukh

    2012年6月21日 15:26
  • yes - would certainly retain that 2007 HT as long as I have 2007 MBX.  That is a hard requirement :)

    The issue you are talking about is related to store driver.  Email between sites is SMTP, and a 2010 Hub in site B can sent SMTP to a 2007 HUB in Site A.


    Cheers, Rhoderick NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    2012年6月21日 15:32
  • confusions over "wrong" (emphasis os speecmarks)>, it can hit the "wrong" or is allowed to do so to route.

    Sukh

    2012年6月21日 15:35
  • single site for all this FWIW.
    2012年6月21日 16:26
  • So autodiscover does not have anything to do with Mail routing. it simply tells the client what URLS to use and what RPC end point to use to connect. that is all. Exchange figures out the routing on it's own. If you are in a single site. the when mail comes in to the Exchange server it will do a lookup in AD to find where the mailbox is located and send it to the appropriate servers. So you can send inbound email to any hub transport as long as the recieve connector is configured correctly.

    Internal email will do a lookup as well to determine if the user is internal to the org or external. internal it will figure out where it needs to send it. (much more technical than that. but for this the explanation works) and outbound is sent to an smtp queue. and uses DNS to find where to send it.


    Mitch Roberson MCM Exchange 2010|MCITP:Enterprise Server Admin, Messaging 2007, 2010 |MCTS:OCS with Voice Achievement |MCT |MCSE 2000\2003 |MCSE Messaging 2000\2003

    2012年6月21日 19:38