We are in the home stretch! This has been a great series. I hope it has been beneficial to you.
In our final article, we will cut mail flow over to the 2010 server. We will also take a look at Offline Address Books. Finally, we will decommission our 2003 server.
Step 11: Offline Address Book
Before we decommission our 2003 server, we need to change which server generates our Offline Address Book. This is a very simple process.
To do this:
- Open the Exchange Management Console.
- Expand Microsoft Exchange On-Premises (server name).
- Expand Organization Configuration.
- Select Mailbox.
- Select the Offline Address Book tab.
- Right-click on the Default Offline Address Book and select Move from the context menu.
- On the Move Offline Address Book wizard, click Browse.
- Select the Exchange 2010 server and click Ok.
- Click Move.
- Click Finish.
Once the wizard closes, check the Generation Server column. This should have updated to the 2010 server.
This is also a good time to change the distribution methods for the Offline Address Book. Exchange now has the option to distribute through EWS.
To change this:
- Right-click on the Default Offline Address Book and select Properties from the context menu.
- Select the Distribution tab.
- Check the box for Enable Web-based distribution.
- Click the Add…button.
- Select the Exchange 2010 server and click Ok.
- Click Ok.
If all your Outlook clients are 2007 or newer, you can actually uncheck Public Folder Distribution. You can also uncheck the Version 2 and Version 3 address books under Client Support.
I have covered these two topics in-depth in other articles. So, rather than repeat, I will simply link these here.
Step 12: Convert Address Lists & Email Address Policies
HOWTO: Upgrade Exchange Address Lists from 2003 to 2010
HOWTO: Upgrade Recipient Update Policy to Email Address Policy
Step 13: Redirect Mail Flow
Before we can cut over mail flow, we need to create a Send Connector. This will allow our 2010 server to send mail directly to the internet.
Let’s get this created.
- Open the Exchange Management Console.
- Expand Microsoft Exchange On-Premises (server name).
- Expand Organization Configuration.
- Select Hub Transport.
- Select the Send Connectors tab.
- Right-click in the right pane and select New Send Connector…
- Give the New Send Connector a Name. In our example, Default.
- Keep the default intended use drop-down as Custom.
- Click Next.
- Click Add.
- Type * in the Address space field. Click Ok.
- Click Next.
- Choose whether to use a domain name system (DNS) or, smart host to route messages to the internet. In our example, we select Use domain name system (DNS). Click Next.
- Click Next.
- Click New.
- Click Finish.
We also need to make sure our Receive Connector is ready to receive messages.
To do this:
- Open the Exchange Management Console.
- Expand Microsoft Exchange On-Premises (server name).
- Expand Server Configuration.
- Select Hub Transport.
- Under Receive Connectors, right-click Default <server name> and select Properties from the context menu.
- Select the Permissions Groups tab.
- Check Anonymous Users and click Ok.
Now that our Connectors are all set we can cut over the mail flow.
These are the 4 most common scenarios I see.
- Change the translation at the firewall. The original public IP is maintained, but TCP 25 is port translated to the internal IP of the 2010 server. DNS is not altered. (Make sure ports 80/443 still point to the 2003 server if you still have users housed there.).
- Change the DNS MX record to point to the new public IP of the 2010 server. Be sure to open TCP port 25 on your firewall to the new server.
- If an anti-spam appliance is in the mix, update the next mail hop with the 2010 server’s IP.
- If an anti-spam cloud provider is in use, then you can either maintain the original IP (and do the port translation mentioned in option 1), or, change to the new public IP of the 2010 server (and make sure TCP port 25 is open as mentioned in option 2)
For our example, we will pick option 2. We will modify the MX record to use the public IP of the 2010 server. We will open up TCP port 25 on our firewall for the 2010 server.
We have to allow for DNS propagation of the MX record (up to 48 hours)
Test mail flow.
Send a message from an external account to one of your users and vice versa. Then, from an Outlook Client, review the message header. Make sure you only see references to the 2010 server. If your 2003 server is listed, mail flow is still routing through 2003. Correct this. Then proceed.
Note: If you have any applications or devices that send mail now is a good time to update them with the IP address of the 2010 server. This change process varies greatly. Consult their administrative guides for more information.
Step 14: Remove the Public Folder Database
In our previous article, we moved all mailboxes to the 2010 server. We also configured the replication of the Public Folders. With all users now on 2010, let’s decommission our Public Folder Database.
We need to move all replicas to the 2010 server.
Note: The replica move requires a mailbox database to be present on the 2003 server. Without it, you will get a strange error regarding a “missing profile”. If you have deleted the mailbox database, no biggie. Just create a brand new one. Wait about 10 minutes and then attempt your move again.
Let’s get started.
- Open Exchange System Manager from the Exchange 2003 server.
- Expand Administrative Groups.
- Expand the name of your administrative group (most likely First Administrative Group).
- Expand Servers.
- Expand your 2003 server.
- Expand your storage group (most likely First Storage Group).
- Right-click on the Public Folder Database and select Move All Replicas from the context menu.
- From the Select the server drop-down, pick the 2010 server. Click Ok.
- You will receive a warning that this may take quite some time (and it definitely can – don’t be surprised if it takes 24 hours!). Click Ok.
To monitor the progress of the Replica move:
- Expand the Public Folder Database.
- Select Public Folder Instances.
- Press F5 to refresh as needed.
Once empty, all replicas have been moved off the 2003 server.
Public Folder Hierarchy.
Next, we need to move the public folder hierarchy.
To do this:
- While still in Exchange System Manager right click on Exchange Administrative Group (FYDIBOHF23SPDLT) and select New >> Public Folder Container from the context menu.
- Expand both the 2003 and 2010 Administrative Groups. These are most likely First Administrative Group and Exchange Administrative Group (FYDIBOHF23SPDLT).
- Expand Folders under the 2003 administrative group.
- Select Public Folders and drag it to the corresponding Folders node under Exchange Administrative Group (FYDIBOHF23SPDLT).
At this point, you can delete the Public Folder Database.
Right-click on the Public Folder Store and select Delete from the context menu. Click Yes to confirm. You will be notified that this will not remove the actual files themselves. This is fine.
Note: You will be notified if there is anything preventing deletion, such as replicas still existing on that server. If that is the case, review the Public Folder Instances node to see if it is empty.
If this succeeds, you can then delete your Mailbox Database. Right-click on the Mailbox Database and select Dismount Store from the context menu. Click Yes to confirm.
Right-click on the Mailbox Database a second time and select Delete from the context menu. Click Yes to confirm. You will be notified that this will not remove the actual files themselves. This is fine.
With both databases gone and mail-flow redirected there is no need for the Routing Group Connectors anymore.
From the Exchange Management Shell issue the following command.
C:\> Get-RoutingGroupConnector | Remove-RoutingGroupConnector
This command finds all Routing Group Connectors in the environment and removes them. Don’t worry. Exchange 2010 doesn’t need them.
Step 15: Uninstall Exchange 2003
Next, we need to remove the Recipient Update Policies.
To do this:
- Open Exchange System Manager from the Exchange 2003 server.
- Expand Recipients.
- Right-click the Recipient Update Service <domain name> and select Delete from the context menu. (In our example, Recipient Update Service (Skaro))
- Click Yes to confirm.
To delete the Recipient Update Policy (Enterprise) we need to use ADSI Edit. To do this let’s switch to our 2008 R2 server. ADSI Edit comes preinstalled on 2008 R2. Alternatively, you can download ADSI Edit for older operating systems.
To use ADSI Edit:
- From Start Menu >> Administrative Tools open ADSI Edit.
- Right-click on ADSI Edit and select Connect to… from the context menu.
- From the Select a well known naming context drop-down select Configuration.
- Click Ok.
- Expand Configuration.
- Expand CN=Configuration.
- Expand CN=Services.
- Expand CN=Microsoft Exchange.
- Expand CN=<name>. (In our example CN=KHAN.)
- Expand CN=Address List Container.
- Select CN=Recipient Update Services.
- Right-click on Recipient Update Services (Enterprise) and select Delete from the context menu.
- Click Yes to confirm.
The time has come! Let’s uninstall 2003.
Navigate to the Add/Remove Programs and uninstall Exchange 2003. Select Remove on all components and click Next.
You will be prompted for the Exchange CD during the uninstall so, be sure to have that handy. When complete, reboot the server.
Note: The uninstall process for SBS 2003 is somewhat different. I have documented that process in this article: Uninstalling Exchange 2003 from Small Business Server
We are done!
I hope this series has been of great help to you!
If anything needs a little more explanation, drop me a comment on any one of the article pages.
As always, let us know how we are doing!
Robert Benton says
Believe it or not I have come across a new client running SBS 2003. This article was EXTREMELY helpful and thorough. Thank you for taking the time to document the process.
Julian Alvarado says
Gareth,
Hello, I know this is an old post, but I followed it to move our 2003 Exchange Server to 2010. In the process I found that when connecting from the internet to it, it doesn’t announce TLS has been enabled, also I notice there is no TLS configuration in the Domain Certificate. Can you give me a little guide on this matter? As I been looking for it around but have not found a correct answer.
Best Regards,
Gareth Gudger says
Hey Julian,
I am not sure I completely follow the question but it sounds like you are having a problem with an SSL certificate. Is the problem with the SSL certificate on the Exchange 2003 server or Exchange 2010 server?
One tool you may want to look at is DigiCert’s free SSL Installation Diagnostic Tool. It will let you know if you have any installation or configuration issues. https://www.digicert.com/help/
Weller44 says
HI Gareth,
Ive been following this article as I am about to embark on a long awaited upgrade of exchange 2003 to 2013, I am starting with moving to 2010 of course.
I recently found out that the activesync and owa forwarding will only work when you have a Exchange 2003 front end server.
I only have one exch 2003 server and it is not configured as a front end, does this mean that I cannot use the legacy domain name method?
thanks
Gareth Gudger says
Hey Weller. Yes, you can use the legacy method. I have used this process for many single server upgrades from 2003 to 2010. Let me know how your migration goes. 🙂
Weller44 says
Thanks, I am at the stage now where I am ready to cut over to the new server to test everything.
Just one question regarding this command : Set-OWAVirtualDirectory -Identity “EXCHANGE\OWA (Default Web Site)” -ExternalURL https://mail.company.com/OWA -Exchange2003URL https://legacy.company.com/exchange.
Can I run this on the 2010 box before I make the changes on the firewall and switch over, just so that its in place and ready.
I didnt know if it would break anything with the existing 2003 box If I ran it before changing over.
thanks
Gareth Gudger says
Hey Weller,
Yes, sure can.
Weller44 says
Im getting there.
All is working apart from Activesync for users that have mailboxes on the 2003 server.
Remote connectivity analyzer fails at the “attempting to send the OPTIONS’ stage.
– An HTTP 403 forbidden response was received.
403 – Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied
have been googling all day, im hoping it will be as simple as removing the ssl requirement from the 2003 activesync virtual directory.
Gareth Gudger says
Couple of things can cause that error. Are you testing with an admin or a user account? If admin, it might be a protected account. I always recommend testing with a user account that has no admin rights at all.
Weller44 says
It’s definitely a user account, not a member of any groups and no special permissions
Francesco B. says
Hi Gareth, I have problems with OAB downloads for mailboxes moved to Exchange 2010 (the mine and some other test user). The error is the “usual” 0x8004010f.
I have enabled days ago replications of all public folders, OAB folders too. Today I have moved the generation of OAB to Exchange 2010. I do not see errors except for “GroupMetrics” (I read that this is created at midnight). I see in the \\<exchangeserver\ExchangeOAB many files, included oab.xml.
I do not see replication errors in the event logs.
Is it a matter of waiting a few hour or have I to worry about this issue? Can you eventually address me on where to look for troubleshoot this issue?
Thank you very much,
Francesco B.
Francesco B. says
Hi Gareth, me again. 🙂
It was just a matter of waiting. Yesterdasty in fact my client OL2010 said that was using public folders for oab distribution and was strange since it would have to use web distribution method. Today is using the https url. Now it downloads OAB without problems and also group metrics.
Note: I had to restart MSExchange Host services to make the group metrics folder share be created (there was the folder populated with group metrics data but not shared). Also restarting Exchange it did not create the share. I read somewhere to put that service “delayed restart (automatic)”. By just restarting it, however, I had the share be created.
Thank you,
Francesco
Gareth Gudger says
Hey Francesco. Thanks for sharing. I have experienced similar issues with the OAB during migration. You are correct. It seems giving it a day or so generally fixes it once migrated. Glad you got it working.
Thanks for sharing on the MSExchange host issue. I have not seen this issue myself.
Francesco B. says
Gareth, I have a definitively worst practice setup for journaling in my company made by my predecessors.
Basically my CEO reads, and wants to going on doing it, all mail flow in real time with her Outlook client attached to a standard journal mailbox.
I wonder how to get this accomplished while in coexistence (EX2003 EX2010). I read TechNet article https://technet.microsoft.com/EN-US/library/aa997918(v=exchg.141).aspx where it explains how journaling works in both versiones but I don’t understand how to proceed to have all mail flow journaled in one recipient mailbox while coexisting and while in the phase of moving mailboxes.
If I left the journal setup untouched I think that it would be journaled only emails that pass through Exchange 2003 (so only messages internet 2003, 2003 2010, 2003 2003)
Since Exchange 2010 journaling is made at HT level… If I setup a standard journaling on 2010 and I disable journaling on 2003 perhaps I would get the goal, I mean:
– disable journaling on Exchange 2003
– move the journal mailbox from 2003 database to 2010 database
– setup standard journaling on 2010 that targets 2010 MB and 2003 mb and set as journal recipient the above moved mailbox
I although have doubts for 20032003 messages…
Could you give me confirmation on this please?
Gareth Gudger says
Hey Francesco,
I was working the TechNet forums and looks like you got an answer to this question here. Let me know if you need anything else.
https://social.technet.microsoft.com/Forums/exchange/en-US/0353f81a-e4fe-42f7-8233-4b0f4686a7d5/transitioning-exchange-2003-to-exchange-2010-journaling-while-coexisting?forum=exchange2010
Kevin Eddy says
I had a problem with updating the Legacy Address Book Policy and found this very helpful.
http://www.petenetlive.com/KB/Article/0000547.htm
BTW Awesome article.
-Kevin
Gareth Gudger says
Glad you like the article. I have run into that once or twice myself. Pete Long has great articles. Thanks for sharing Kevin!
Tom Scott says
I have a few issues I hope you can assist on..
1. When I have the firewall pointed to the Exchange 2003 server to receive all incoming mail, ActiveSync Push works fine for users on 2003 server.. However, if I change the firewall to point to the 2010 push breaks..
2. You don’t have the redirecting of the incoming mail to the 2010 server until almost the last step.. I haven’t had luck with the 2003 server working with ActiveSync at all for a user that is on 2010..
Example, firewall pointing to 2003, test user on 2010, I cannot get my mail on my mobile for test 2010 user.. 2003 users work fine just not 2010 users..
Most of my woes are all ActiveSync related and they don’t show up unless you REALLY test.. (IE: Test Push etc)..
I’ve had to roll back to the 2003 cert as using the new cert with legacy on my 2003 server also broke push.. I fixed push by going back to the old cert but then push breaks again when the firewall points to the 2010 server and the user lives on the 2003.. :S
Thanks
Gareth Gudger says
Hey Tom,
Are you using two Public IPs or one?
Greg says
Gareth, thanks for all your help (via Experts-Exchange) to get this to happen. Do you happen to have a similar guide to go from Exchange 2010 to 2013?
Gareth Gudger says
Hey Greg! Glad to help and glad you liked this article. I don’t have everything written for 2010 > 2013 yet, but it is an easier migration than 2003 > 2010. I do have the Public Folder Migration process documented here http://supertekboy.com/2014/10/13/2013-public-folder-migration-made-easy/. Otherwise I’d recommend Pete Long’s 2010 > 2013 guide. http://www.petenetlive.com/KB/Article/0000788.htm
Paul says
thank you so much for this info !
Gareth Gudger says
Glad to help Paul!