locked
Migrating from Exchange 2007 to Exchange 2010 RRS feed

  • Question

  • Hey All

    I want to upgrade my exchange servers from 2007 to 2010 SP1.

    I read the technet docs for the upgrade and coexistence and i have a few questions for the not so clear stuff.

    My configuration is:

    currently, 1 CAS with the internet facing interface address of webmail.domain.com

    1 HUB+Mailbox.

    i have 1000 mailboxes (400GB).

    Future: 1 CAS, 2 HUB+Mailboxes (all virtual)

    I plan to redirect all users to the old server and for a day they will get the certificate error.

    How long it takes to move 1000 mailboxes (400GB) to the new server with 1GB network?

    Is it recommended to move the mailboxes strait to the DAG arrey or to move the mailboxes to the a single server configuration and than add a second server?

    Thanks

    BT


    • Edited by btasaf Sunday, October 2, 2011 11:08 AM
    Sunday, October 2, 2011 11:06 AM

Answers

  • CAS Array is for MAPI traffic only and is a DNS entry and two commands in Exchange only. Don't confuse it with any kind of load balancing, although that is what it is often used for.

    It has nothing to do with http services like Outlook Anywhere, Exchange ActiveSync, OWA etc.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Marked as answer by Terence Yu Friday, October 14, 2011 8:13 AM
    Sunday, October 9, 2011 11:12 AM

All replies

  • To answer your question about the time to move the users, that is impossible to answer. There are so many variables that can affect things. To give you an example, I moved a 2.2 and 2.5gb mailboxes at the same time. The 2.2 took almost an hour, the 2.5 took less than 40 minutes. I don't think you will get them moved in a day.

    Personally I would build the DAG and the CAS array right from the start. That will mean the database on the second server will build as you move the mailboxes rather than you trying to seed multiple databases later on.

    As you will probably need to get a new SSL certificate for the new servers (as you have to cover the server names), why not get an additional name of "legacy.domain.local" and adjust the configuration of the Exchange 2007 server. That will avoid SSL warnings which with 1000 users would generate a few calls to your helpdesk.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    Sunday, October 2, 2011 11:37 AM
  • So if the mailbox move will take a long time, I just want to see that i get the migration idea

    1. Change the current server address to "legacy.domain.com", external and internal dns records.

    2. Install and configure the CAS server with the record webmail.domain.com, redirect DNS records for both external and internal DNS.

    at this time the users are still routed through the old server.

    3. Install and configure HUB

    4. install and configure Mailbox and DAG

    Question: at this time the users are still routed through the old or the new server? or only after I move the mailboxes to the new server will the users be router to the new server?

    Sunday, October 2, 2011 2:39 PM
  • Exchange 2010 doesn't proxy to Exchange 2007 OWA, it only redirects.

    Therefore if you want to maintain Exchange 2007 OWA throughout you would need to do this:

    Install Exchange 2010 CAS (and Hub if on the same role).
    Request and install SSL certificate with the various names required (existing common name, autodiscover, server names, legacy etc).
    Export the SSL certificate and import in to Exchange 2007 server.

    At this point nothing has changed for the end users IF you have got the names in the SSL certificate correct. So you can test etc.

    When you are ready, ensure that legacy resolves to the Exchange 2007 server externally. The internal URL reference needs to be a URL on the SSL certificate, either as the common name or one of the additional names. The name used depends on what the users are used to entering internally. If it is the same as the common name, then use legacy. If it is the server's real name, then you will have to use that and educate the users to use a different name after migration.

    Make the configuration changes on the Exchange 2007 server first, then set the external OWA address on Exchange 2010 and switch the DNS and/OR firewall so that your current common name points to Exchange 2010 and the legacy name points to Exchange 2007 - you will need two IP addresses.

    SMTP traffic can be delivered to either server, it doesn't really matter.

    Do take note of my comment about about a CAS array. While you aren't deploying multiple CAS servers at the moment, putting a CAS array in at the start is a lot easier than trying to retrofit it after all clients have been migrated.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    Sunday, October 2, 2011 11:52 PM
  • Hi, so you can stand up Exc2010 alongside your current deployment as then you will have to have a scheduled outage for when you cutover/transition the CAS see:http://msexchangeteam.com/archive/2009/11/20/453272.aspx

    Our problem was that we bought a new cert for 2010 and added legacy to this BUT we did not have exc2007 servers listed. This scenario works but is not ideal and one side effect is scom errors and some users get contstant login prompt.

    HTH

    My steps were

    1. disabled most receive connectors

    - they will need to be enabled when CAS is cutover.

    2. need to add 2010 CAS server to the list of send connectors

    3. create a record for internal dns for legacy.domainname.com to point to Exchange 2007    (done)

    4. configure/change internal DNS records to be the IP of CAS 2010 (TTL=1hr)

    - autodiscover.domainname.com
    - owa.domainname.com

    5. Change 2007 urls to be legacy.domainname.com

        * Outlook Web Access: Set-OWAVirtualDirecotry \OWA* -ExternalURL https://legacy.contoso.com/owa
        * Offline Address Book: Set-OABVirtualDirectory \OAB* -ExternalURL https://legacy.contoso.com/OAB
        * Web Services: Set-WebServicesVirtualDirectory \EWS* -ExternalURL https://legacy.contoso.com/ews/exchange.asmx
        * ActiveSync: Set-ActiveSyncVirtualDirectory -Identity \Microsoft-Server-ActiveSync -ExternalURL https://legacy.contoso.com/Microsoft-Server-ActiveSync

    6. external dns

    You will reconfigure External DNS and/or your reverse proxy infrastructure's publishing rules to have the autodiscover.contoso.com and mail.contoso.com namespaces point to CAS2010.

    8. export 2010 cert and install on exc2007

    http://www.digicert.com/ssl-support/pfx-import-export-exchange-2007.htm

    or

    Import-ExchangeCertificate -Path c:\certificates\mail.globalsign.com.pfx -Password:(Get-Credential).password

    You will be prompted for a username and password. The username is not important but the password must be the same password as used in the backup/Export procedure.

     Enable-ExchangeCertificate -thumbprint -Services "SMTP, IIS"

    Import-ExchangeCertificate -Path C:\certname.cer | Enable-ExchangeCertificate -Services "SMTP, IIS"


    9. assign exchange services to cert

    Monday, October 3, 2011 1:37 AM
  • OK, so after configuring the 2007 as legacy.domain.com and the new server as webmail.domain.com

    i move the cert for webmail.domain.domain.com from the 2007 to the 2010 server.

    How does the redirection for users that are on the 2007 server to the 2010 server accures?

    Are the SMTP requests go to the 2010 server and then redirected to the 2007 HUB? 

    Monday, October 3, 2011 10:18 AM
  • You need to have both legacy and web mail exposed to the Internet.
    A user logs in to web mail and Exchange will redirect them to the Exchange 2007 external URL of legacy. This is documented in the co-existence documentation on Technet.

    When it comes to SMTP, Exchange deals with that. You can deliver external traffic to any Exchange server in the org and Exchange will ensure that it is delivered to the correct place.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Proposed as answer by Terence Yu Tuesday, October 4, 2011 2:33 AM
    Monday, October 3, 2011 10:34 AM
  • Deleted
    Monday, October 3, 2011 2:18 PM
  •  Another piece of advice re mailbox moves. I have found moving 1000+ mailbox goes without problem but it is best to set a value for number of corrupted items to say 5. With large mailboxes you are bound to get a corrupted appt or something and the mailbox move process isn't that smart. If it gets to 99% complete and then finds a bad item it will bomb out.

    Tuesday, October 4, 2011 2:41 AM
  • Is it a must to install a CAS arrey when working with DAG?

    cant i use one CAS server?

    Thursday, October 6, 2011 10:35 AM
  • Is it a must to install a CAS arrey when working with DAG?

    cant i use one CAS server?


    You can use a single CAS server. The CAS Array can point to that single CAS server. A CAS array takes two minutes to implement, but will save you a lot of time if you do introduce additional servers. I deploy a CAS array on every deployment that I do.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    Thursday, October 6, 2011 2:50 PM
  • Didn't unredstand what this means > The CAS Array can point to that single CAS server

    as i see it i will need a new server and a new certificate? that will contain the new server name?

    It doesnt seem so hard to do by this article: http://blogs.technet.com/b/omers/archive/2010/10/11/microsoft-exchange-2010-cas-array-steps-and-recommendations.aspx

    But, from the internet, how will the requests for the OWA, Outlook Anywhere knows to which server to access?

    Sunday, October 9, 2011 6:31 AM
  • CAS Array is for MAPI traffic only and is a DNS entry and two commands in Exchange only. Don't confuse it with any kind of load balancing, although that is what it is often used for.

    It has nothing to do with http services like Outlook Anywhere, Exchange ActiveSync, OWA etc.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Marked as answer by Terence Yu Friday, October 14, 2011 8:13 AM
    Sunday, October 9, 2011 11:12 AM
  • Hi,

    see this article for configure static ports for other non-mapi services

    Set static ports for RPC and address book service
    http://www.proexchange.be/blogs/exchange2010/archive/2010/04/08/configuring-static-ports-for-exchange-2010.aspx

    So I don't know what type of load balancer you are using, There are several ways to LB your clients such as Least Connection, sourceIP, COOKIEINSERT. See if your vendor has any docs on the subject.  

    Persistence (aka affinity, stickiness etc.) is the ability of a load balancer to maintain a connection between a client and a server. Persistence can make sure that all requests from a client are sent to the same server in a NLB array or server farm (in case of Exchange CAS array).

    Sunday, October 9, 2011 8:59 PM
  • so when i install the new cas servers..

    do i need to give both servers the same external address? or i give the servers address like: webmail1, webmail2

    and create a dns record that redirects requests for both servers?

     

    Saturday, October 15, 2011 11:06 AM
  • DNS has no service availability capability. Therefore if you create a DNS entry for both servers with the same name all you will get is round robin. That could mean if one of the servers fails, not all users will be able to connect because DNS is still sending traffic to both IP addresses.

    If you have two CAS role servers and want them both to accept traffic, then you need to use some kind of load balancer, either WNLB or a third party device. All traffic would be pointed at the IP address of the load balancer, then it would sort out where the traffic goes.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    Sunday, October 16, 2011 6:39 PM