Mark Minasi's Tech Forum
Register Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
anthony

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 56
Reply with quote  #1 

We are currently running a single server Exchange 2010 setup, and migrating to the same setup (single server) but on 2013. I followed (and am following) the Exchange server deployment assistant. I'm pretty much at the point where I'm moving some test mailboxes of users from the IT team to the new server. I had done some URL planning and bought a cert planning on using the current URL's that our old server uses but just adding the new server's hostname to the SAN Cert.

So lots of stuff on the web about SSL cert planning and URLs, but I guess my question is two parts.

  1. If we are using mail.myActiveDirectorydomain.com for all internal URLs (and our server's hostname is actually "MAIL") I'm now feeling like it's a bad idea to attempt to "re-use" mail.domain with the new server. Am I on the right track with this? We use mail.ourexternaldomain.com for the external stuff when we used it (which leads to question 2)
  2. Due to internal InfoSec policy, we are not allowed to have any portion of our Exchange application accessible from the outside. We use Cisco ESA for filtering, Good for Mobile Access, and we don't allow Outlook Anywhere or OWA from external. All mail flow relays through the ESA.

My thought is to plan the external URLs as if I were going to expose them to the outside, but obviously, I'm not. But also, how important is it that I DONT use the new Exchange server's default hostname as the URL setup (which is how it defaults)?

I don't know, I feel like since we really only connect to our Exchange server with Outlook 2010 or 2013 (and Good) we really don't need to worry much about the URL's much from the defaults. Am I overthinking this? The mailboxes I've moved so far work fine...

Thoughts?


__________________
If Chewbacca lives on Endor - You must acquit!
0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 268
Reply with quote  #2 
Anthony,

here's pretty much the bible on client connectivity in coexistence: https://blogs.technet.microsoft.com/exchange/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment/ 

As long as you do not plan on having multiple 2013 servers and load balancing between those, and given no external access, you really need not worry all that much about namespace design. That's what autodiscover is for ;-)

By the way: Why are you moving to 2013 and not 2016? Have you still got Outlook 2007 clients?

__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
anthony

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 56
Reply with quote  #3 
Thanks for the reply cj... 

Just conservative management really. We are standardizing on 2012r2 as the server platform and we already have a few other locations on 2013 and we are just trying to get everyone up to the same version. Right now we are the odd man out and the only one that is running 2010.

__________________
If Chewbacca lives on Endor - You must acquit!
0
anthony

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 56
Reply with quote  #4 
One other question. Since the URL planning you are talking about is less important, I'm now basically at the point where it wants me to change the Outlook Anywhere URL on my 2010 servers (which we don't use):

https://technet.microsoft.com/en-us/exdeploy2013/Checklist?state=3229-W-EQBkAgIAQAAAAUEHAQAAAAgAAAAAwAMAAAA~

But then after that step, it wants me to "Configure Service Connection Point"...

So once I do this step, this will be the point at which the "rubber meets the road" correct? Everything will start pointing to the new Exchange server (even the folks who have mailboxes on the Exch2010 server) correct?

I'm pretty sure I'll need to do this during a formal maintenance window with proper mail flow testing etc. so I just wanted to be sure.

Thanks,

- Anthony

__________________
If Chewbacca lives on Endor - You must acquit!
0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 268
Reply with quote  #5 
Quote:
Originally Posted by anthony

So once I do this step, this will be the point at which the "rubber meets the road" correct? Everything will start pointing to the new Exchange server (even the folks who have mailboxes on the Exch2010 server) correct?


Not "everything", just Autodiscover. In case your EX2013 server's host name happens to come before the present 2010 host name in the alphabetical order, your clients most probably get their config info from the 2013 autodiscover service already.

For the basic functionality like MAPI, EWS, OAB and the like, the autodiscover response will be identical whether ist's coming from 2013 or from 2010.

So if all certs and internal URLs are in place, DNS works and the certs are trusted by the clients, I would say go ahead and repoint the SCP. If you're not 100% sure, by all means wait until maintenance window.

And if you're sure that you won't be building a DAG and doing LB for CAS in the near future, you can skip the SCP stuff altogether and leave it as it is, provided your EX2013 host name is in the cert.

Make sense?

__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
anthony

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 56
Reply with quote  #6 
I believe it does. So I've moved about 30 mailboxes no problem. But I moved one today and it wouldn't connect at all. When I look at "Connection Status" by right-clicking the outlook icon in the tray it's trying to connect to the CAS Array Name (in my case it's called "casarray.myADdomain.com" which resolves to my 2010 Exchange server.

My 2013 server DOES appear first in AD because it begins with C2... and the old server is just called MAIL (not my naming convention previous admin did that).

Is there a way to see what SCP clients are using? Either from the client or the server?

BTW - My SSL cert has the new servers hostname in the SAN area along with all the old names. I've not seen any cert warnings at all.


__________________
If Chewbacca lives on Endor - You must acquit!
0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 268
Reply with quote  #7 
Well, the AD info is cached by the Exchange servers and will not get updated immediately. You can go ahead and recycle the Autodiscover App pool after every dozen or so of migrated mailboxes. Since you do not know which SCP is being used you need to do it on both servers.

To determine which SCP is actually being used, you can start the Outlook Autoconfiguration Test, run a test and then look at the log.

__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
anthony

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 56
Reply with quote  #8 
Ok, so another question (thanks again for your help BTW)...

Last night I performed the part of the directions in Microsoft's Exchange Server Deployment Assistant where you configure the service connection point to point to the new server.

However, we have a CAS array created that was there before the migration started. When it was created, before the 2013 server was installed, it only pointed to our single 2010 server. Now when I run Get-ClientAccessArray it shows as pointing to both servers as members.

At what point (if at all) should I remove the old server from the ClientAccessArray? Or should I leave it until I uninstall Exchange off of the old server? I'd prefer to be able to test the functionality with it removed before the uninstall.

The CAS Array entry in our internal DNS just currently points to the 2010 server. it's just simply casarray.internalADdomain.com

Do I need to add a 2nd entry pointing to the IP of our 2013 server too? Change that entry to the new servers IP? 

The Deployment Assistant doesn't refer to it specifically so I'm not sure how to handle it.

Thanks!

__________________
If Chewbacca lives on Endor - You must acquit!
0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 268
Reply with quote  #9 
Hi,

CASArray is going away with your 2010, 2013 and later CAS doesn't work that way anymore. The reason you are seeing both servers in the array is that it is bound to an AD site and thus will contain all CAS servers found in that site.

Just get on with the migration and see if the CAS Array goes away after uninstalling 2010. If it doesn't you can remove it from AD and DNS as a part of your housekeeping.

__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.