3. Finishing the installation
Now that we have
successfully installed two Exchange Server 2010 servers, it's time to
configure the environment and finish the setup. We're now going to have
to make sure these are taken care of:
Public Folder Replication
Certificate installation on the Client Access Server
Configure Exchange Server 2010 Web Services.
3.1 Public Folder Replication
During the Mailbox Server Role readiness check, you saw a warning message regarding the Public Folder Replication (see Figure 11). You don't need to worry about this, but you are
going to have to take steps to ensure that Public Folder information
from the Exchange Server 2003 Public Folders is replicated to the
Exchange Server 2010 Public Folders, and vice versa.
So, to make sure this
happens smoothly, log on to the Exchange Server 2003 server and open the
Exchange System Manager. Browse to the Public Folders in the First
Administrative Group, and if needed right-click on Public Folders and
select "View System Folders." Select the Offline Address Book "/o=<<yourorg>>/cn=addrlists/cn=oabs/cn=Default Offline Address Book" and open its properties. Click "Add" on the Replication Tab, and add the Public Folder Database on the Exchange Server 2010 Mailbox Server.
Repeat these steps for:
And that's all of your Exchange Server 2003 to Exchange Server 2010 Public Folder Replication set up!
In Exchange Server 2003 you can also use the "Manage Settings" options and perform the above steps at once in a single step.
To setup Public Folder
Replication from Exchange Server 2010 back to Exchange Server 2003, log
on to the Exchange Server 2010 server and open the Exchange Management
Console. In the left pane select Toolbox, open the Public Folder Management Console in the results pane, and then connect to the Exchange Server 2010 Mailbox Server.
In the Public Folder Management Console, expand the System Public folders, and then expand the Offline Address Book.
For all Offline Address Books located in the results pane, select their
properties and configure the replication to include the Exchange Server
2003 Public Folder Database, as demonstrated below:
All you need to do to finalize your Replication configuration is repeat these steps for:
OAB Version 2
OAB Version 3a
OAB Version 4
EX:/o=<<yourorg>>/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)
EX:/o=<<yourorg>>/ou=First Administrative Group
Schedule+ Free Busy: EX:/o=<<yourorg>>/ou= Exchange Administrative Group (FYDIBOHF23SPDLT)
Schedule+ Free Busy: EX:/o=<<yourorg>>/ou=First Administrative Group.
Bear in mind that,
depending on the size of your Public Folder database, you may have to
wait some time for Public Folder Replication to finish.
3.1 Certificate installation
After installation of the Client
Access Server, a new certificate also needs to be installed. By default a
self-signed certificate is created during setup but, for production
purposes, a third-party certificate is needed. For Exchange Server 2010,
a Unified Communication (UC) certificate is used, and these have their
own Subject Name (like webmail.inframan.nl) as well as "Subject
Alternative Names" like autodiscover.inframan.nl and mail.inframan.nl. Check out Microsoft knowledge base article 929395 (HTTP://TINYURL.COM/CERTVENDORS) for more information regarding UC certificates, and a list of supported Certification Authorities that can issue them.
Suppose we have a domain called "inframan.nl" – our Outlook Web App name can be webmail.inframan.nl. A second namespace used in Exchange Server 2010 is 'autodiscover', which resolves, in our example, to autodiscover.inframan.nl.
So far this is the same as it was in Exchange Server 2003. New in
Exchange Server 2010 is a third name called "legacy" which results in legacy.inframan.nl.
This legacy namespace is used for interoperability between Outlook Web
Access in Exchange Server 2003 and Exchange Server 2010 Outlook Web App.
All three names are used on the Client Access Server, so for the Client
Access Server, a minimum of three SAN values are needed:
Webmail.inframan.nl (primary OWA access point)
Autodiscover.inframan.nl.
Legacy.inframan.nl (OWA access for Exchange Server 2003 mailboxes).
To ensure the Exchange Server
2010 Client Access Server role functions correctly the various settings
need to be configured, which is explained in the next section.
3.3 Configure Exchange Web Services
Like its predecessors,
Exchange Server 2010 uses the Client Access Server to offer Offline
Address Book downloads and Free/Busy information using the HTTP
protocol, and these can be used by Outlook 2007 and Outlook 2010.
However, Outlook 2003 uses the Public Folder architecture to get the Offline Address Book and Free/Busy information.
As explained in Section 3.2.2.2 (See Figure 7.
Enter the external domain for your Client Access Server.) you can enter
the external domain that the Client Access Server is using, for example
webmail.inframan.nl.
If you haven't configured the external domain during setup, you have to
configure the following settings using the Exchange Management Shell
command below.
Before the Offline Address
Book can be distributed by the Client Access Server, the Generation
Server needs be changed from Exchange Server 2003 to Exchange Server
2010. This can be achieved by using the Exchange Management Console as
follows:
Log on to the Exchange Server 2010 server and open the Exchange Management Console.
Expand Microsoft Exchange on-Premises and expand the organization container
Click
the Mailbox option, and in the results pane select the Offline Address
Book tab. The Default Offline Address List will appear, and the
Generation Server will be the current Exchange Server 2003 server.
Right-click
the Default Offline Address Book and select Move. The Move Offline
Address Book wizard will appear. Use the Browse button to select the new
Exchange Server 2010 Mailbox Server and, when finished, click Move
again. When the move to the new Mailbox Server is complete, click
Finish.
NOTE
You
can also use the Exchange Management Shell to move the Generation
Server to Exchange Server 2010 by using the following command.
Even once you've gone
through these steps, the distribution itself is still using the Public
Folder Mechanism. To change this to Web-based distribution, use the
following procedure:
Log on to the Exchange Server 2010 server and open the Exchange Management Console.
Expand Microsoft Exchange on-Premises, and expand the organization container.
Click the Mailbox option and select the Offline Address Book tab in the results pane. The Default Offline Address List will appear. Right-click this and select properties.
Select the Distribution tab and tick the Enable Web-based distribution check box. Click Add to select the Client Access Server Virtual Directory used for distribution and, when finished, click OK.
The Exchange Server 2010
Client Access Server will now start distributing the Offline Address
Book using a virtual directory, using the HTTP protocol that can be used
by Microsoft Outlook 2007 or Outlook 2010 clients.
Users with mailboxes still on
Exchange Server 2003, who access their mailbox using a Windows Mobile
device, will get an error when they use the Exchange Server 2010 Client
Access Server. These users will be able to synchronize their device when
the Microsoft-Server-ActiveSync virtual directory on the Exchange
Server 2003 back-end server has Integrated Windows Authentication
enabled. This will allow the Client Access Server and the Exchange
Server 2003 back-end server to use Kerberos for authentication.
Now that you've got your
Public Folder Replication, Certificates and Web Services all configured,
it's time to change your Internet access infrastructure. You need to
make sure that users who try to access HTTPS://WEBMAIL.INFRAMAN.NL
(the example we've been using so far) are redirected to the new
Exchange Server 2010 Client Access Server. So I'll quickly outline the
SMTP Infrastructure for this coexistence scenario.
4 SMTP Infrastructure
As discussed earlier, when an
Exchange Server 2010 Hub Transport server is installed into an existing
Exchange Server 2003 environment, it installs a special Legacy, or
Interop, Routing Group Connector. This Interop Routing Group Connector
is responsible for sending messages between Exchange Server 2003 and
Exchange Server 2010 and vice versa.
When you move mailboxes to
Exchange Server 2010 and a new message arrives on the Exchange Server
2003 front-end server, this server will check Active Directory and find
the user's mailbox is on Exchange Server 2010. The message will be
routed through the Interop Routing Group Connector to the new Hub
Transport Server, and the message will be delivered in the Exchange
Server 2010 Mailbox Server – nice and simple.
Similarly, when a user with a
mailbox on Exchange Server 2010 composes a message for a mailbox on
Exchange Server 2003, the message is routed from the Hub Transport
Server, through the Interop Routing Group Connector, to the Exchange
Server 2003 front-end server. From there it will be delivered to the
user's mailbox on the Exchange Server 2003 Mailbox server – also nice and simple.
As this is a
completely stable system, it is up to the system administrator to decide
when the mail flow is switched from delivery at the Exchange Server
2003 server to the Exchange Server 2010 Hub Transport Server. There are
no hard requirements when to switch the message flow.
4.1 Edge Transport Server
An Exchange Server 2010 Edge
Transport Server is used for message hygiene purposes; it will be used
as an anti-spam and anti-virus solution. The anti-spam solution is built
in to the product, and Microsoft Forefront for Exchange Server can be
used for antivirus.
An Exchange Server 2010
Edge Transport Server can also be used together with a pure Exchange
Server 2003 environment. The Edge Transport Server is used as a smart
host for the Exchange Server 2003 server, and can still act as an
anti-spam and antivirus solution. The full feature set of an Edge
Transport Server is, of course, not available in an Exchange Server 2003
environment.
The full feature set of the
Exchange Server 2010 Edge Transport Server becomes available when you
transition to the Exchange Server 2010 Hub Transport Server, subscribe
the Edge Transport Server to the Hub Transport Server, and switch the
mail flow from the Exchange Server 2003 environment to the Exchange
Server 2010 environment.
If you want to install the
Exchange Server 2010 Edge Transport Server and subscribe it to the
Exchange Server 2010 Hub Transport Server. The question is, do you want
to install the Edge Transport Server? There's no definitive answer to
this, and a consultant's answer would be "it depends." An Edge Transport
Server does a great job in offering antivirus and anti-spam
functionality and, as such, I can really recommend it. But a lot of
customers already have other anti-spam and antivirus solutions that
perform very well. If this is the case, you have to make a decision
based on experiences, pricing, manageability, etc.
5 Final Exchange 2003 coexistence notes
So, at the end of that you
should have everything you need to configure your own Exchange Server
2003 Coexistence scenario. Just to finish off, there are a couple of
things I want to recap for when you are running this kind of scenario:
An Exchange Server 2003 and Exchange Server 2010 coexistence scenario has two management interfaces:
The Exchange Server 2003 System Manager can only be used to manage Exchange Server 2003 objects.
The Exchange Server 2010 Management Console and Management Shell can only be used to manage Exchange Server 2010 objects.
If mailboxes running on Exchange Server 2003 need to be moved to Exchange Server 2010, this can only be achieved using the Exchange Server 2010 tools.
When
shared mailboxes are moved from Exchange Server 2003 to Exchange Server
2010, they will continue to run as shared mailboxes. They can be
converted to Resource Mailboxes at a later stage.
Mailboxes
can be moved from Exchange Server 2010 to Exchange Server 2003 using
the Exchange Management Console or the Exchange Management Shell on
Exchange Server 2010. When a mailbox on Exchange Server 2010 has an
archive associated with it, the archive naturally has to be removed
before the move to Exchange Server 2003.