I work in the SMB market, so when we do a migration from one Exchange version to another, the number of users is usually low enough that all the mailboxes get moved in one fell swoop – either over an evening or over a weekend. However, we occasionally have a client where we need to keep both versions up for awhile. If they are heavily using OWA (Outlook Web Access/App), this means some additional configuration. I struggled with this since most references were assuming you had an Exchange infrastructure consisting of multiple servers, edge transport server/TMG, etc. We got it all working, but wanted to put it down as a reference in case we need it again.
Setup of Network Prior to Migration
- The setup had all roles (Hub, CAS, Mailbox, management) on one server for Exchange 2007 and will be the same for Exchange 2010.
- A Barracuda box for filtering the email prior to delivery to the Exchange box.
- Organization has 2000+ users where OWA was the primary means of access for the majority of the users (students).
- The DNS is configured as a split-brain DNS where the internal and external DNS is the same… for our references, let’s use sdprairie.net as an example going forward.
- Users would access webmail.sdprairie.net both internally and externally, so there is a host record in the Active Directory for webmail.sdprairie.net
Here’s the Process for Pre-Requisite Work
- Verify hardware and software requirements are met. We installed Windows Server 2008 R2 SP1 for the Exchange 2010 SP1 and named the server EXCHG10. This is a good choice since all the pre-requisites for E2K10 SP1 are met and you don’t have to download a bunch of hotfixes to install Exchange 2010 SP1. Nice!
- Make sure Exchange 2007 has at least SP2 installed.
- Verify and upgrade Active Directory as needed. Our network was at Server 2008 Active Directory levels in both domains and Forest, but you should check the following:
- Schema Master server has to be at Server 2003 SP2 minimum
- Global Catalog Servers need to be at Server 2003 SP2 minimum
- Active Directory needs to be at Server 2003 Native Mode and Forest Functional Level should be 2003 minimum.
- You can check requirements out on Microsoft site here.
- Upgrade Active Directory Schema to facilitate Exchange 2010. It will upgrade during install if correct credentials are used, but I like to do this separately just for verification purposes. Insert the Exchange 2010 SP1 disk or mount an iso of the install files and run the following: (Note: this makes a lot of changes under the hood and therefore you need to use Exchange 2007 management console to manage the users from Exchange 2007 and the same for Exchange 2010).
- Setup.com /PrepareExchangeLegacyPermissions
- Setup.com /PrepareSchema
- Setup.com /PrepareAD
- Setup.com /PrepareDomain (or PrepareAllDomains if more than one – but then you wouldn’t be reading this for a simple install)
- Install the Microsoft Office 2010 64-bit filter converter pack which can be downloaded here. This allows Exchange to index Office documents.
- Start the TCP Port Sharing service and set the start to “Automatic.”
- Next install the Server 2008 R2 Operating System PreRequisites.
- Open a Powershell Command and run the command “Import-Module ServerManager” and press enter.
- Now we use the “Add-WindowsFeature” command is used to install the pre-requisites. Run the following command in Powershell after running the one noted above:
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth, Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console, WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth, Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart
- Run Windows Update on Server before installing Exchange 2010.
Now for the Install of Exchange
- Put the Exchange DVD in the drive or mount an iso file and run setup.exe
- Choose the language option – “Only Languages from the DVD” in most cases.
- Choose “Typical” install – we installed on the C:\ drive and moved database files after install was completed.
- Enter a domain name for the Client Access Internet facing domain. Using our example, it is webmail.sdprairie.com. Check the box to note that this is “Internet Facing.”
- Watch it complete the Readiness Check and make any corrections as noted.
- Watch the server install (or better yet, take a coffee break :-). This will probably take around 20 minutes.
- Reboot server and test email flow on Exchange 2007. (I always like to test internal, external email flows as I make changes, just in case I have to troubleshoot, I know where things quit working).
- At this point, I will move a mailbox (typically the administrator) to the new Exchange Server using the Exchange 2010 Console and test mail flow again before making changes.
Changing the Mail Flow
Let’s change the mail flow to use the new Exchange 2010 Server. We need to make sure there is little downtime while changing the client access methods and the mail routing. Make sure you test both internal, external email flows.
- On Exchange 2010, put in a Send Connector to the Internet
- On Exchange 2010, edit the Default Receive Connector on the Server Hub Transport to allow Anonymous Connections under the “Permissions” tab.
- Configure both internal and external DNS to point legacy.sdprairie.com to the old Exchange 2007 server. You will need 2 public IP numbers.
- Point the webmail.sdprairie.com and autodiscover.sdprairie.com domains to point to the new Exchange 2010 server both externally and internally.
- The Barracuda has the mail.sdprairie.com name pointing to it both internally and externally in DNS.
Let’s Get the Certificate Stuff Right
Getting the certificate stuff straight got me in a tangle thinking about it, but in reality, it was pretty easy…
- Purchase a UCC/SAN certificate for up to 5 domains on GoDaddy. (You can use any place that sells these, but GoDaddy is pretty cost effective.
- Generate a certificate in Exchange 2010 using the “Certificate Wizard.” This link on MSExchange.org explains it quite well.
- Using the example of the sdprairie.net domain, choose the names of webmail.sdprairie.net, EXCHG10.sdprairie.net, legacy.sdprairie.net, autodiscover.sdprairie.net.
- Finish the install of the certificate using the wizard. I won’t elaborate on this, just see the reference
- Export the certificate with a password. Save this file and move it to Exchange 2007. Import this certificate into the Exchange 2007 using Exchange 2007 methods. Here’s a link that outlines this.
- Once this is setup, a user can logon to https://webmail.sdprairie.net/owa and the Exchange 2010 OWA interface will come up. If the mailbox is on Exchange 2007, it will seamlessly redirect to the Exchange 2007 interface, otherwise it will continue to the Exchange 2010 OWA.
- One thing I wondered about here… Outlook client would error out on users with an unsupported certificate on the Exchange 2007, so was wondering if I’d added the old exchange server name to the UCC certificate since I had one more item left, would it have obviated this error. It was more a nuisance than anything.
This is still not done… but am publishing for now /lee