Upgrading from Microsoft Exchange Server 2003/2007 to Exchange Server 2010: Tips, Tricks, and Lessons Learned Mahmoud Magdy Microsoft MVP Exchange server Tech Lead Ingazat Information Technology Mohamed Fawzi Senior Infrastructure Consultant Link Development
Agenda Answering the usual question Why I would be interested in upgrade. Understanding the Business Value of the Upgrade. Understanding the Technical Value of the upgrade Tips and Tricks Notes from the field.
Business Value of Exchange 2010 Answering the Why should I upgrade? Exchange 2010 will affect how users will do business today. Introduce 4 dimensions collaboration/management in the Enterprise. 3 Dimensions for Cost, Cost, Cost!!! Exchange Themes Data Protection/Compliance. Mobility Anywhere access Security
Cost Saving With Exchange 2010 Less HW/Storage requirements. Combining Exchange roles get over old limitation SAN is not mandatory for HA. Virtualization support for E14. Site resiliency can be done within the product. With SP1 we have service/data Resiliency within Exchange. With DPM 2010 we have Data resiliency and eliminating off-site backup (coming later).
Exchange 2010 Themes IT Pro Situation E-mail is missioncritical E-mail systems too complex/ expensive Management tasks tedious, not automated Info Worker Situation Users want easy access to all their communications Mobile devices are increasingly common Calendaring is frustrating Organization-wide Situation Security the top concern Spam and viruses compromise the e- mail experience Regulatory compliance critical in many industries Control Anywhere Access Built-In Protection
Compliance/ E-mail Archiving Better Manage Mail in an Integrated Archive While Maintaining a Familiar User Experience Drag and drop PSTs directly into the archive. apply a retention policy. or set folders to archive automatically
The Right Tool for the Job
Protect Communications Automatically Protect Messages With Centralized Rights Management Rules Automatic Content-Based Protection: Transport Rule action to apply RMS template to e-mail or voice mail Support for scanning of attachments and searching of protected mail Internet Confidential and Do Not Forward Policies available out of box Information protection cross PC, web, and mobile device
Technical Value for the Exchange 2010 Answering Why I should upgrade? New High availability Technologies: Data Availability/Continuity. Service Availability/Continuity. Easier Administration with ECP/RBAC/Simplified Compliance. Spam control and security.
New HA features Now Exchange 2010 Introduce the concepts of DAG, Providing HA for Data and Service RCA Mailbox Server 1 Mailbox Server 2 Mailbox Server 3 DB1 DB2 DB3 DB4 DB1 DB2 DB3 DB4
HA Features. SAN is not required. Easier administration. Site resiliency within Exchange or data Resiliency with DPM.
Security/RBAC/Compliance. Better Security Using FFPE Integrated RBL checking and Backscatter. Better Security with FFEP Automatic Protection. Integrated exclusion for services and files.
Tips and Tricks NOTES FROM THE FIELD
Core Definitions Migration Move to new (higher) version New hardware Same forest Supports co-existence scenarios Transition Different hardware Different forest Export/Import only no co-existence No such thing as upgrade
New from Exchange Server 2003 to Exchange Server 2007 Shift from front-end/back-end to a scalable role-based architecture 64-bit server support Active Directory Sites replace Routing Groups AutoDiscover to automatically configure users Outlook 2007+ need for Public Folders Availability Service: Free/Busy information read direct from mailboxes, not from Public Folders Offline Address Book download from Client Access Server New admin tools Unified Messaging: Get voice mail in your inbox New Developer API: Exchange Web Services (EWS)
New from Exchange Server 2007 to Exchange Server 2010 Flexible deployment choices Run Exchange Server on-premises, use Exchange Online, or a hybrid approach High Availability solution for mailbox resiliency Comprised of database availability group and database copies Provides site resilience and disaster recovery 30-second switchover/failover with simplified admin experience Improves the flexibility in storage choices (SATA disks, JBOD configurations, etc.) Replaces SCR, LCR, SCC, and CCR from E2007 64-bit management tools support RPC client access and Address Book services Improved High Availability solution Outlook MAPI connects directly to Client Access Servers for mailbox-related data and directory requests
DEPLOYING EXCHANGE 2010
Getting Started Exchange Deployment Assistant http://technet.microsoft.com/exdeploy2010 Good for basic info, doesn t give you the whole experience Build a lab Exchange Server 2010 Planning and Deployment guide on Technet Tricks in this presentation
-Exchange Server 2010 Prerequisites Active Directory Windows 2003 SP2 global catalog server is installed in each Exchange Active Directory (AD) site No hard requirement for Windows Server 2008 AD Windows Server 2003 forest functional level Exchange Existing servers are Exchange 2003 SP2 or Exchange 2007 SP2 Server Windows Server 2008 SP2 or R2 64-bit editions (Std/Ent) Windows Management Framework.NET Framework 3.5 SP1 Internet Information Services (IIS)
Internet Upgrading to Exchange 2010 Internet Facing AD Site Start small Gradually add more servers to support scale Internet hostname switch Unified Messaging switch SMTP switch Proxy Internal AD Site E200x Servers SSL cert purchase End users don t see this hostname Used when new CAS tell clients to talk to legacy environments E200x Servers
1-Switching to CAS2010 Preparatory steps 1. Obtain and deploy a new certificate that includes the required host name values a. mail.contoso.com b. autodiscover.contoso.com c. legacy.contoso.com 2. Upgrade all Exchange servers to Service Pack 2 a. Enable Integrated Windows Authentication on Exchange 2003 MSAS virtual directory (KB 937031) 3. Install and configure CAS2010 servers a. Configure InternalURLs and ExternalURLs b. Enable Outlook Anywhere c. Configure the Exchange2003URL parameter to be https://legacy.contoso.com/exchange
-Switching to CAS2010 Preparatory steps, continued 4. Join CAS2010 to a load balanced array a. Create CAS2010 RPC Client Access Service array b. Ensure MAPI RPC and HTTPS ports are load balanced 5. Install HUB2010 and MBX2010 servers a. Configure routing coexistence b. Configure OAB Web-based distribution 6. Create Legacy record in DNS (internal/external) 7. Create Legacy publishing rules in your reverse proxy/firewall solution pointed to FE2003 / CAS2007 array 8. Use ExRCA to verify connectivity for Legacy namespace
Namespaces and URLs Outlook Web Access /exchange, /exchweb, /public Exchange ActiveSync /microsoft-serveractivesync Outlook Anywhere /rpc POP/IMAP Outlook Mobile Access /oma Outlook Web Access /owa Exchange Web Services /ews Offline Address Book /oab Unified Messaging /unifiedmessaging Outlook Mobile Access /oma Outlook Web Access Outlook Web App Exchange Control Panel /ecp Unified Messaging /unifiedmessaging Clients and SMTP servers Autodiscover /autodiscover E2003/E2007 services
Switching to CAS2010 The switchover The switchover involves a minor service interruption 1. Update internal DNS and have Mail and Autodiscover point to CAS2010 array 2. Update/Create Autodiscover publishing rule and point to CAS2010 array 3. Update Mail publishing rules and point to CAS2010 array a. Remember to update paths with new Exchange 2010 specific virtual directories 4. Reconfigure FE/CAS2007 URLs to now utilize Legacy namespace 5. Disable Outlook Anywhere on legacy Exchange 6. Test that FE/CAS2010 is redirecting/ proxying to CAS2007 (externally and internally) E200x SP2 1 2 legacy 2 2 autodiscover mail ISA 1 E2010 CAS+HUB+MBX Clients access E2010 through Autodiscover and mail Redirection (legacy ), proxying, and direct access to E2003/E2007
2-SMTP Transport Upgrade Follow this flow for each physical location Edge servers are optional Edge 2007 SP2 can be used with HUB 2010 Internet SMTP Servers E2010 Edge Step 4: Install Edge 2010 E2007 Edge Step 5: Switch Internet e-mail submission to Edge 2010 Step 3: Switch Edgesync +SMTP to go to HUB2010 E2003 Bridgehead E2010 HUB E2007 HUB Step 1: Upgrade existing E2003 and E2007 servers to SP2 Step 2: Install HUB and MBX 2010 E2003 Back-End E2010 MBX E2007 MBX
3-Public Folders Co-existence support between mailbox server 2010 and mailbox server 2003/2007 Outlook can read mailbox from one Exchange version (such as 2010) and public folder from another (such as 2003/2007) OWA 2010 will allow access to public folders with replica in mailbox server 2010 Get-PublicFolderStatistics help take action Move Delete Migrate to SharePoint
Online Move Mailbox Minimal disruption Client Access Server E-mail Client Users remain online while their mailboxes are moved between servers Sending messages Receiving messages Accessing entire mailbox Administrators can perform migration and maintenance during regular hours Also can be used to migrate users from on-premises server to Exchange Online Mailbox Server 1 Mailbox Server 2 Exchange 2010 and Exchange 2007 SP2 Online Exchange 2003 Offline
COMPLETE THE PUZZLE
Exchange Prerequisites #1 Exchange Native Mode
Exchange Prerequisites #2 No Exchange 2000 servers installed No Active Directory Connector - ADC No Site Replication Service - SRS Exchange 2003 Service Pack 2
Exchange Prerequisites #3 Link State updates on all Exchange Server 2003 servers need to be disabled according to Microsoft knowledge base article 'Suppress Link State Updates
Exchange Prerequisites #4 KB 937031 - Event ID 1036 is logged on an Exchange 2007 server that is running the CAS role when mobile devices connect to the Exchange 2007 server to access mailboxes on an Exchange 2003 back-end server Required to properly enable CAS-2-FE proxy (or CAS-2-BE if no FE exists) Applies to both 2007 and 2010
AD Prerequisites #1 Schema master FSMO running Windows Server 2003 sp1 or higher At least one GC in site running Windows Server 2003 sp1 or higher Windows Server 2003 DFL Windows Server 2003 FFL
AD Prerequisites #2 AD Domains and Trusts Console Right-click on domain name node and select Raise domain functional level Right-click on Active Directory Domains & Trusts node and select Raise forest functional level
Exchange Configuration #1 Outlook connection issues with Exchange 2010 mailboxes because of the RPC encryption requirement KB 2006508 Exchange Server 2010 Release to Manufacturing (RTM) configuration requires RPC encryption. However, by default, Microsoft Office Outlook 2003 does not use RPC encryption. In Exchange Server 2010 Service Pack 1, the RPC encryption requirement is disabled, by default. Any new Client Access Servers (CAS) deployed in the organization will not require encryption.
Exchange Configuration #2 Outlook 2003 in Online Mode This is because Exchange 2010 does not issue UDP notifications to Outlook 2003, it defaults to a 60 second polling cycle. This behavior is somewhat corrected with Update Rollup 1 for Exchange 2010 and a RegHack on the Exchange 2010 CAS servers. Use cached mode with your Outlook 2003 profile HKEY_LOCAL_MACHINE\System\C urrentcontrolset\services\msexc hangerpc\parameterssystem Note Create the \ParametersSystem registry subkey if it does not exist. Add the following registry data to the server: Value type: REG_DWORD Value name: Maximum Polling Frequency Value data: any integer between 5000 and 120000 (decimal value)
Exchange Configuration #3 Moving the queue database Exchange 2010 back pressure Back pressure is a system resource monitoring feature of the Microsoft Exchange Transport service that exists on Microsoft Exchange Server 2010 Hub Transport and Edge Transport servers. Exchange transport can detect when vital resources, such as available hard disk space and memory, are under pressure, and take action in an attempt to prevent service unavailability.
Exchange Configuration #4 Address List conversion Exchange 2010 uses a new style of filter syntax to replace the LDAP filters of previous versions. Get-EmailAddressPolicy where {$_.RecipientFilterType eq Legacy } Set-EmailAddressPolicy IncludedRecipients AllRecipients
Exchange Configuration #5 By default, Exchange 2010 cannot receive Internet email. You must enable Anonymous users on the Default receive connector
Exchange Configuration #6 Adjust client throttling By default, Microsoft Exchange 2010 uses client throttling policies to track the bandwidth that each Microsoft Exchange user consumes and enforce bandwidth limits, as necessary. The policies affect the performance of the BlackBerry Enterprise Server negatively, so you should turn off client throttling for the Windows account that has a Microsoft Exchange mailbox.
Exchange Configuration #7 On the Exchange 2003 server: You MUST enable forms based authentication (FBA) for single sign-on to work Important to do for a good user experience during co-existence
Exchange Configuration #8 Exchange 2010 (RTM) public folder replica lists could be modified in unexpected ways if public folder was created when Exchange 5.5 was in the organization You could run into this problem if: You have public folders that were created when Exchange 5.5 was in your organization. You use Exchange 2010 RTM management tools (or any other management tools connected to an Exchange 2010 RTM server) to make replica changes of those "old" folders. Simply Apply SP1 to solve it
Retiring Exchange 2003 Quick overview: Move ALL mailboxes off 2003 Remove ALL PF replicas from 2003 Route all SMTP to Exchange 2010 Update all GAL s, AL s, EAP s, and OAB s for OPATH Remove domain RUS Point enterprise RUS to 2010 Remove 2003 PF database (may require whacking) Remove 2003 SMTP Connector (if present) Remove Exchange 2003 (will require installation media to complete removal)
Questions