Co-exist 2003 and 2010

[XistEnCe]

Hello again!

 

I've now completed the setup of a new Exchange 2010.

Mail flow is OK, cartificates is ok, and I can reach both web-frontends from the internal network.

 

Now to the question....

 

How do I actually pull off the switch, and make them co-exist and avalible from the outside world?

 

From the intel I've gathered, I've seen that I need to change the domain we use for accessing webmail.

This points to 2003 today, and needs to point to the 2010.

 

The old server, will be avalible at legacy.ourdomain.com/exchange.

 

But how will the traffic go?

When a user access mail.ourdomain.com it gets pointed towards the same firewall (non microsoft), as the old one used to.

It will hopefully hit the 2010 CAS (after DNS are fixed), but what happens if the user is still on 2003?

What address will it point the user towards? Will the URL change?

 

If someone access the webmail today on mail.ourdomain.com (2003), and their mailbox is on 2010; it tries to redirect - to the internal FQDN(!?).

Is this supposed to work both ways?

 

I'm so puzzled right now, and will be really happy for any replies on this topic!

[Andersson]

Hi

 

What do you mean with, the traffic will go?

You will need to create an A record for legacy in your public DNS and point it to your 2003 FE server and then change the mail to point to your new CAS 2010 server (or array if that's used)

 

You will need to include the mail.domain.com, autodiscover.domain.com, legacy.domain.com and casarray.domain.local in the certificate names

You will need to change that in the firewall so it receives on the mail. ip and forwards it to the 2010 server

Also you will need an additional ip address for the legacy name and that should be forwarded to 2003 server

 

I'll post two links below you should read through

 

http://technet.microsoft.com/en-us/library/ee332348.aspx

http://technet.microsoft.com/en-us/library/bb310763.aspx

[XistEnCe]

Hi

 

What do you mean with, the traffic will go?

You will need to create an A record for legacy in your public DNS and point it to your 2003 FE server and then change the mail to point to your new CAS 2010 server (or array if that's used)

 

You will need to include the mail.domain.com, autodiscover.domain.com, legacy.domain.com and casarray.domain.local in the certificate names

You will need to change that in the firewall so it receives on the mail. ip and forwards it to the 2010 server

Also you will need an additional ip address for the legacy name and that should be forwarded to 2003 server

 

I'll post two links below you should read through

 

http://technet.microsoft.com/en-us/library/ee332348.aspx

http://technet.microsoft.com/en-us/library/bb310763.aspx

 

 

I will rephrase the question:

 

When I open for access to legacy.mydomain.com, it will point towards the same firewall as the new mail.mydomain.com

This will cause problems since it's both on the same ports?

 

DNS records are beeing made in time for changes to take effect in the service window we've made for doing the job, and all that is OK.

Using 4 SANs atm, on the same certificate, and that seems to work out just fine (from what we've done of internal testing).

What do I have to change in the FW?

 

So I guess the answer to my question, is to have a second static publicly avalible IP-address for the legacy.mydomain.com?

 

I've been reading the "upgrade from exchange~" one all day, which made me reach this point - so it's a great tip!

 

Is it also a bad sign if the 2003 server isn't showing up anywhere in the EMC?

I read a tip about changing the 2003 domain from the 2010 EMC, which isn't possible from what I'm seeing..

 

Thank you very much for the great help this far Andersson!

[Andersson]

Yes, you will need an additional IP address for legacy

 

The 2003 server is never going to be shown in the EMC

I suppose you're servers doesn't have any firewall in between?

 

If they have, make sure that 443 is open between and that you are able to initiate HTTPS sessions, can be tested with telnet

And if there's anything unclear, just post and I'll try to help you

 

But make sure you read the links I posted in my earlier post, they will help you a lot

[XistEnCe]

Yes, you will need an additional IP address for legacy

 

The 2003 server is never going to be shown in the EMC

I suppose you're servers doesn't have any firewall in between?

 

If they have, make sure that 443 is open between and that you are able to initiate HTTPS sessions, can be tested with telnet

And if there's anything unclear, just post and I'll try to help you

 

But make sure you read the links I posted in my earlier post, they will help you a lot

 

That explains alot.... I'll definitly get that sorted out then!

Thank you very much!

 

I see, I see - Then we're on track.

 

No, nothing to stop trafiic there but thanks for the heads up!

 

Yeah, it's been a good read this far.

 

*crossing fingers this is the last bit before everything is working*

 

Thank you very much for your help again Andersson!

[Andersson]

You're welcome!

 

Hope it will solve you "issue"

[XistEnCe]

Hello again!

 

One step closer, and we've got some sort of co-exist atm.

There has been a decicion made to just make the switch, and turn of the 2003 for good.

 

How would I do this in the best way?

What changes need to be done to run this on a single 2010 server?

 

Removing connectors ect.?

[Andersson]

Here are a great guide that you can read through, and make sure that you move the public folder hierarchy to the new administrative group

 

http://www.msexchange.org/articles_tutorials/exchange-server-2007/migration-deployment/removing-last-exchange-2003-server-exchange-2007-part1.html

[XistEnCe]

Here are a great guide that you can read through, and make sure that you move the public folder hierarchy to the new administrative group

 

http://www.msexchange.org/articles_tutorials/exchange-server-2007/migration-deployment/removing-last-exchange-2003-server-exchange-2007-part1.html

 

 

You're definitly a lifesaver Andersson!

 

I'm thinking about just leaving the public folders be for now.

I'd rather get it out of the way now, than keep it in prod. any longer!

Since there's better solutions to this

[Andersson]

Glad that it helped you in some way!

 

Good choice, if you can then I recommend that you decommission public folders

If you have any further questions don't hesitate to ask

[XistEnCe]

Hey Again!

Entering the final stage of testing here.

 

I'm having some problems getting my mobile phone to sync against the 2010 server.

Is there anything special I need to consider when configuring the 2010 environment? Could it be blocked ports, misconfiguration?

I have no idea where to start looking for errors, so if anyone have pointers on where to look - I would be a very happy man!

 

 

-Android Phone-

This far, I connect to the domain (which points towards the FW that has NAT towards the exchange behind) and can authenticate against owa.domain.com

I get the list of what items I want to sync, and press the "complete now" button.

Then it just keep working at completing everything, and it just times out - and tells me to try again later.

 

-WinMo-

After completing the configuration, it tries to load the folders and content of the account.

It stops, and gives the error message (0x80883002).

Started kicking on SSL settings the first time around, so the above error happens with no ssl required.

 

Is this a known issue for someone?

 

Appreciate any quick feedback on this!