In Part 1 of this post we went through the steps required to deploy Exchange 2013, in this part we will start by the required configurations on Exchange 2013 to establish our coexistence and then test it.
The first step in our configurations will be certificate. By default Exchange is installed with self-signed certificate, we need to replace this certificate to include the correct names (legacy is required as I will use the same certificate on Exchange 2007 and TMG as well):
FQDN used by all external and internal clients
FQDN for the autodiscover service
FQDN used by all external and internal clients for Exchange 2007
To create certificate request open exchange management shell and run the following command:
New-ExchangeCertificate -FriendlyName 'Contoso Exchange 15 Certificate' -GenerateRequest -PrivateKeyExportable $true -KeySize '2048' -SubjectName 'C=EG,S="Cairo",L="Cairo",O="Contoso",OU="IT",CN=mail.contoso.com' -DomainName 'mail.contoso.com','autodiscover.contoso.com' ,'legacy.contoso.com' | out-file c:\sw\e15_csr.txt
Submit your certificate request to be signed by your CA, then use the following command to import the certificate:
Import-ExchangeCertificate -filename c:\sw\certnew.cer
Configure the Exchange server to use this certificate using the following command:
Enable-ExchangeCertificate -Thumbprint A826389C71ED5870137B866F01192D47F69CE526 -Services IIS,POP,IMAP
Export the certificate with the private key and import it on Exchange 2007 CAS servers using the same steps.
To use the Exchange certificate wizards, follow this link.
To configure Exchange 2013 virtual directories open Exchange 2013 management shell and follow the below steps:
Set-OwaVirtualDirectory -Identity "e15-01\OWA (Default Web Site)" -ExternalUrl https://mail.contoso.com/owa -LogonFormat username -DefaultDomain contoso.local
Set-EcpVirtualDirectory -Identity "e15-01\ECP (Default Web Site)" -ExternalUrl https://mail.contoso.com/ecp
Set-OabVirtualDirectory -Identity "e15-01\OAB (Default Web Site)" -InternalUrl https://mail.contoso.com/oab -ExternalUrl https://mail.contoso.com/oab
Set-ActiveSyncVirtualDirectory –Identity “e15-01\Microsoft-Server-ActiveSync (Default Web Site)” –ExternalUrl https://mail.contoso.com/Microsoft-Server-ActiveSync –InternalUrl https://mail.contoso.com/Microsoft-Server-ActiveSync
Set-WebServicesVirtualDirectory –Identity “e15-01\EWS (Default Web Site)” -InternalUrl https://mail.contoso.com/ews/exchange.asmx –ExternalUrl https://mail.contoso.com/EWS/Exchange.asmx
Set-ClientAccessServer -Identity e15-01 -AutoDiscoverServiceInternalUri https://autodiscover.contoso.com/autodiscover/autodiscover.xml
Set-OutlookAnywhere -Identity "E15-01\Rpc (Default Web Site)" -InternalHostname mail.contoso.com -ExternalHostname mail.contoso.com -InternalClientAuthenticationMethod Ntlm -ExternalClientAuthenticationMethod basic-ExternalClientsRequireSsl $True -InternalClientsRequireSsl $true
Change the default OAB on Exchange 2013 databases, to do so open Exchange 2013 Management Shell and run the following command:
Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "\Default Offline Address Book (Ex2013)"
To Change the generation server open Exchange 2007 Management Shell and run the following command:
Move-OfflineAddressBook -Identity "Default Offline Address Book" -Server E15-01
In my case all I need is one connector to receive mails from TMG (or SMTP GW), to create this connector use the below command:
New-ReceiveConnector -Name Inbound -Usage Custom -Bindings 192.168.2.11:24 -RemoteIPRanges 192.168.2.20
All you have to do is to add Exchange 2013 server to the existing send connector as shown below:
Set-SendConnector -Identity Outbound -SourceTransportServers E12-01,E15-01
Transport rules are not migrated to exchange 2013; accordingly you must export and import them as below:
Open Exchange 2007 management shell and run the following command:
Export-TransportRuleCollection -FileName "c:\ExportedRules.xml"
Copy the ExportedRules.xml file to Exchange 2013, open Exchange 2013 management shell & run the following command:
[Byte]$Data = Get-Content -Path "C:\TransportRules\ExportedRules.xml" -Encoding Byte -ReadCount 0 Import-TransportRuleCollection -FileData $Data
For additional readings check this Link
Now its time to create your own test scenarios and apply them before starting your migration.
For me I have a small test scenarios as below:
Create a test user on E15 and apply the following tests from a machine with hosts file that point to Exchange 2013 server.
Test mail flow by sending couple of mails to Exchange 2007 users, outbound and Inbound mail flow and analyze headers using the same tool.
You can add your 3rd party tools configurations and testing, and once you complete all tests successfully, continue to Part 3 and let us start the migration process.
Nice write up. This really simplifies deploying a new 2013 Server into a 2007 environment for a small organization. One area that I encountered a little confusion was your send and receive connector setups. In your diagram in part 1, you illustrate the infrastructure using FQDN. In the connector setups you list only the IPs with making reference to to the FQDN. That makes it a little trickier to follow. Thanks again for a great write up.
You have a typo in the Outlook Anywhere command. Should be a capital B in Basic and a space after the word. Otherwise this document is awesome.
In section 4.Configure offline address book (OAB) I had to put in: "Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "\Default Offline Address Book (Ex2012)"" because I installed from a non serviced packed disk. However when I run: "Move-OfflineAddressBook
-Identity "Default Offline Address Book" -Server E15-01" I get an error stating "Move-OfflineAddressBook : failed to create the 'ExchangeOAB' folder on the target server 'xxx'. Two possible reasons for the failure are that the System Attendant Service is not
running or your do not have permission to perform this operation. Error message : 'Catastrophic failure (Exception from HRESULT: x8FFFF (E_UNEXPECTED))'." Any ideas what I am missing? Cheers, Tony
RE: Tony: Seems you can ignore the command to move the generation server of the 2007 Default Offline Address Book. Exchange 2013 creates a new type specific to 2013. http://social.technet.microsoft.com/Forums/en-US/85e7276b-ae35-40cf-827d-04f60e441afd/help-with-migration-from-exchange-2007-to-exchange-2013?forum=exchangesvrdeployhttp://blogs.technet.com/b/exchange/archive/2012/10/26/oab-in-exchange-server-2013.aspx
This is the first time I have had to do a migration of this type. I see the Legacy.contoso.com example, so my question is the new 2013 system going to use the autodiscover, owa and all that, that was on my 2007 cert or do I need to come up with new names? If new, how does autodiscover work, since both the 2007 and 2013 both need autodiscover?