Part 2: Step-by-Step Exchange 2007 to 2013 Migration


In Part 1 of this post we went through the steps required to deploy Exchange 2013, in this part we will start by the required configurations on Exchange 2013 to establish our coexistence and then test it.

2.Digital Certificates Configurations

SSL Certificate

The first step in our configurations will be certificate. By default Exchange is installed with self-signed certificate, we need to replace this certificate to include the correct names (legacy is required as I will use the same certificate on Exchange 2007 and TMG as well):

Hostname

Description

mail.contoso.com

FQDN used by all external and internal clients

autodiscover.contoso.com

FQDN for the autodiscover service

Legacy.contoso.com

FQDN used by all external and internal clients for Exchange 2007

To create certificate request open exchange management shell and run the following command:

New-ExchangeCertificate -FriendlyName 'Contoso Exchange 15 Certificate' -GenerateRequest -PrivateKeyExportable $true -KeySize '2048' -SubjectName 'C=EG,S="Cairo",L="Cairo",O="Contoso",OU="IT",CN=mail.contoso.com' -DomainName 'mail.contoso.com','autodiscover.contoso.com' ,'legacy.contoso.com' | out-file c:\sw\e15_csr.txt

Capture1

Submit your certificate request to be signed by your CA, then use the following command to import the certificate:

Import-ExchangeCertificate -filename c:\sw\certnew.cer

Capture2

Configure the Exchange server to use this certificate using the following command:

Enable-ExchangeCertificate -Thumbprint A826389C71ED5870137B866F01192D47F69CE526 -Services IIS,POP,IMAP

Capture2.1

Export the certificate with the private key and import it on Exchange 2007 CAS servers using the same steps.

To use the Exchange certificate wizards, follow this link.

3.Exchange 2013 name space & virtual directories configurations

To configure Exchange 2013 virtual directories open Exchange 2013 management shell and follow the below steps:

OWA and ECP:

Set-OwaVirtualDirectory -Identity "e15-01\OWA (Default Web Site)" -ExternalUrl https://mail.contoso.com/owa -LogonFormat username -DefaultDomain contoso.local

Capture3

Set-EcpVirtualDirectory -Identity "e15-01\ECP (Default Web Site)" -ExternalUrl https://mail.contoso.com/ecp

Capture4

OAB:

Set-OabVirtualDirectory -Identity "e15-01\OAB (Default Web Site)" -InternalUrl https://mail.contoso.com/oab -ExternalUrl https://mail.contoso.com/oab

Capture5

ActiveSync:

Set-ActiveSyncVirtualDirectory –Identity “e15-01\Microsoft-Server-ActiveSync (Default Web Site)” –ExternalUrl https://mail.contoso.com/Microsoft-Server-ActiveSync –InternalUrl https://mail.contoso.com/Microsoft-Server-ActiveSync

Capture7

Web Services:

Set-WebServicesVirtualDirectory –Identity “e15-01\EWS (Default Web Site)” -InternalUrl https://mail.contoso.com/ews/exchange.asmx –ExternalUrl https://mail.contoso.com/EWS/Exchange.asmx

Capture8

AutoDiscover:

Set-ClientAccessServer -Identity e15-01 -AutoDiscoverServiceInternalUri https://autodiscover.contoso.com/autodiscover/autodiscover.xml

Capture9

Outlook Anywhere:

Set-OutlookAnywhere -Identity "E15-01\Rpc (Default Web Site)" -InternalHostname mail.contoso.com -ExternalHostname mail.contoso.com -InternalClientAuthenticationMethod Ntlm -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl $True -InternalClientsRequireSsl $true

Capture10

4.Configure offline address book (OAB)

Change the default OAB on Exchange 2013 databases, to do so open Exchange 2013 Management Shell and run the following command:

Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "\Default Offline Address Book (Ex2013)"

Capture17

5.Exchange 2013 Mail flow configurations:

Receive connectors

In my case all I need is one connector to receive mails from TMG (or SMTP GW), to create this connector use the below command:

New-ReceiveConnector -Name Inbound -Usage Custom -Bindings 192.168.2.11:24 -RemoteIPRanges 192.168.2.20

Capture15

Send connector:

All you have to do is to add Exchange 2013 server to the existing send connector as shown below:

Set-SendConnector -Identity Outbound -SourceTransportServers E12-01,E15-01

Capture12

Transport Rules:

Transport rules are not migrated to exchange 2013; accordingly you must export and import them as below:

Open Exchange 2007 management shell and run the following command:

Export-TransportRuleCollection -FileName "c:\ExportedRules.xml"

Capture13

Copy the ExportedRules.xml file to Exchange 2013, open Exchange 2013 management shell & run the following command:

[Byte[]]$Data = Get-Content -Path "C:\TransportRules\ExportedRules.xml" -Encoding Byte -ReadCount 0
Import-TransportRuleCollection -FileData $Data

Capture14

For additional readings check this Link

Testing:

Now its time to create your own test scenarios and apply them before starting your migration.

For me I have a small test scenarios as below:

Create a test user on E15 and apply the following tests from a machine with hosts file that point to Exchange 2013 server.

Test mail flow by sending couple of mails to Exchange 2007 users, outbound and Inbound mail flow and analyze headers using the same tool.

You can add your 3rd party tools configurations and testing, and once you complete all tests successfully, continue to Part 3 and let us start the migration process.

Comments (38)

  1. Mohammad Saeed Abdelaziz says:

    @kjstech that fine, once you enable Outlook Anywhere and Enable NTLM Authentication (as shown in part three), you shouldn’t see the prompt for Password again..

  2. Tom.Brown says:

    Great article, thanks for sharing the stepwise information regarding to Exchange 2007 to 2013 Migration and I found really good information about this topic and tested the automate exchange server migration tool from
    http://www.lepide.com/exchange-manager/ that helps to migrate exchange server to another live exchange server and migrate public folders between exchange servers and successfully transfer mailboxes from
    un-mounted edb to different exchange server on the network

  3. Mohammad Saeed Abdelaziz says:

    @ken EG is the country (Egypt), Cairo is the City, update them to reflect your country and city 🙂

  4. DJ Grijalva says:

    Thanks!

  5. Mohammad Saeed Abdelaziz says:

    @ravin what is your CA version ? is it based on ADCA ?

  6. Mohammad Saeed Abdelaziz says:

    @Holli V thanks for the note, updated it 🙂

  7. Dan_IT says:

    Nice write up.  This really simplifies deploying a new 2013 Server into a 2007 environment for a small organization.  One area that I encountered a little confusion was your send and receive connector setups.  In your diagram in part 1, you illustrate the infrastructure using FQDN.  In the connector setups you list only the IPs with making reference to to the FQDN. That makes it a little trickier to follow.  Thanks again for a great write up.

  8. Holli V says:

    You have a typo in the Outlook Anywhere command. Should be a capital B in Basic and a space after the word. Otherwise this document is awesome.

  9. tony says:

    In section 4.Configure offline address book (OAB) I had to put in: "Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "Default Offline Address Book (Ex2012)"" because I installed from a non serviced packed disk. However when I run: "Move-OfflineAddressBook
    -Identity "Default Offline Address Book" -Server E15-01" I get an error stating "Move-OfflineAddressBook : failed to create the ‘ExchangeOAB’ folder on the target server ‘xxx’. Two possible reasons for the failure are that the System Attendant Service is not
    running or your do not have permission to perform this operation. Error message : ‘Catastrophic failure (Exception from HRESULT: x8FFFF (E_UNEXPECTED))’." Any ideas what I am missing? Cheers, Tony

  10. james says:

    This is the first time I have had to do a migration of this type. I see the Legacy.contoso.com example, so my question is the new 2013 system going to use the autodiscover, owa and all that, that was on my 2007 cert or do I need to come up with new names? If new, how does autodiscover work, since both the 2007 and 2013 both need autodiscover?

  11. Sandeep B.S says:

    We are trying to move the OAB from exch2010 to 2013 using the above commands and we are getting the below error.

    [PS] C:Windowssystem32>Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "Default Offline Address Book (Ex2013)"
    Couldn’t find offline address book "Default Offline Address Book (Ex2013)" . Please make sure you have typed it
    correctly.
    + CategoryInfo : NotSpecified: (:) [], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : 60AA48EC
    + PSComputerName : irsauhcas01.irshad.ae

    [PS] C:Windowssystem32>Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "Default Offline Address Book (Ex2012)"
    Couldn’t find offline address book "Default Offline Address Book (Ex2012)" . Please make sure you have typed it
    correctly.
    + CategoryInfo : NotSpecified: (:) [], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : 60AA48ED
    + PSComputerName : irsauhcas01.irshad.ae

    [PS] C:Windowssystem32>Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "Offline Address Book (Ex2012)"
    [PS] C:Windowssystem32>Move-OfflineAddressBook -Identity "Offline Address Book " -Server unicorp.IRSHAD.AE

    The operation couldn’t be performed because object ‘Offline Address Book ‘ couldn’t be found on
    ‘hodc1.irshad.ae’.
    + CategoryInfo : NotSpecified: (:) [Move-OfflineAddressBook], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : 44CBFB6F,Microsoft.Exchange.Management.SystemConfigurationTasks.MoveOfflineAddressBook
    + PSComputerName : irsauhcas01.irshad.ae

  12. florian says:

    When followed this post, but are facing problems. For mailboxes on Exchange 2013, when I try to connect them in Outlook 2013, I get the error message “the action cannot be completed. the microsoft exchange address book was unable to log on to exchange.” Mailboxes on Exchange 2007 can still be connected. OWA/ActiveSync is working for new mailboxes. Any idea?

  13. John says:

    I’m with Florian, I have OWA working internally, but cannot get Outlook clients to connect.

  14. sam says:

    I am also getting this error: Couldn’t find offline address book "Default Offline Address Book (Ex2013)" . Please make sure you have typed it correctly. this is when I try the Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "Default Offline
    Address Book (Ex2013)" command.

  15. sam says:

    [PS] C:Windowssystem32>Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "Default Offline Address Book (Ex2013)"
    Couldn’t find offline address book "Default Offline Address Book (Ex2013)" . Please make sure you have typed it
    —- I think the reason for this is that it is "Default Offline Address LIST (Ex2013)" not "Default Offline Address Book (Ex2013)".

  16. RaviN says:

    how to get cert signed by my own ca??

  17. Mehmet Kocak says:

    Manually create the OAB Share under the v15 install folder on the Exchange 2013 Server, compare the 2007 OAB share for permissions and apply the same permissions on the share.
    Try the move again 😉

  18. Anonymous says:

    In part 1 we covered the deployments steps for Exchange 2013, in Part 2 of this series we covered Exchange

  19. kjstech says:

    In the testing phase my issue is test user on Ex2013, outlook 2013 with the lastest updates constantly prompts for password, and no passwords are accepted. I can cancel it and email works fine, but public folders do not work.

  20. Ken Cousino says:

    C=EG,S="Cairo",L="Cairo",O="Contoso",OU="IT",CN=mail.contoso.com’
    I didn’t see it defined, but what is EG and Cairo?
    Thanks for writing this up. It is really helpful and the install is going well so far.

  21. Ken Cousino says:

    Thanks. Now my next issue, I can’t get the autodiscover to work. I have run the analyzer and it fails on autodiscover.
    Can you do this migration without buying an SSL cert?

  22. Son says:

    @Mohammad – Could you elaborate on the Send Connector setting: Set-SendConnector -Identity Outbound -SourceTransportServers E12-01,E15-01

    I know E15-01 is the Exchange 2013 server — is E12-01 your Exchange 2007 server? You have to add both? The command does not append, but overwrites the configuration?

    Thanks!

  23. Ken Cousino says:

    Why when I run this command:

    Set-OwaVirtualDirectory -Identity "e15-01OWA (Default Web Site)" -ExternalUrl
    https://mail.contoso.com/owa -LogonFormat username -DefaultDomain contoso.local

    do I get this error:

    The operation couldn’t be performed because object ‘e15-01OWA (Default Web Site)’ couldn’t be found on
    ‘LCC2K8PDC.LCCNE.local’.
    + CategoryInfo : NotSpecified: (:) [Set-OwaVirtualDirectory], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : [Server=MAIL,RequestId=b445d5f5-643c-447c-b672-33b9347881e2,TimeStamp=1/30/2015 4:32:33
    PM] [FailureCategory=Cmdlet-ManagementObjectNotFoundException] 1638686D,Microsoft.Exchange.Management.SystemConfig
    urationTasks.SetOwaVirtualDirectory
    + PSComputerName : mail.lccne.local

    [PS] C:Windowssystem32>

  24. A Passerby says:

    @Ken, That is because you are using the example word for word. Change "e15-01" to match the name of the server you are configuring. and change "contoso.local" to your domain name, lccne.local. Next time don’t post your real internal domain information.
    Pull identifying data out of logs before posting; security first 🙂

  25. Ken says:

    @APasserby, thanks for the input and the catch on the security fail. 🙂

  26. wolf says:

    Thank you for the details in Part 1. It all worked perfectly. Please help with Part 2 Digital Certificates Configurations. I successfully created the correct specific certificate request using the exchange management shell and running the correct detailed
    command. I am stuck with the next step "Submit your certificate request to be signed by your CA". This is going to be the public facing email server for a company. Can I create a self-signed certificate? If so, would you please provide the steps to do this?
    If not, must I use a commercial CA? If so, would you please recommend something suitable for a small company?
    Thank you again!

  27. wolf says:

    Sorry, please let me rephrase that above. This is going to be the Exchange server for a small company. It will only host mailboxes of trusted users that use computers that are already joined to the domain. So I successfully created the correct specific
    certificate request using the exchange management shell and running the correct detailed command. I am stuck with the next step "Submit your certificate request to be signed by your CA". This is going to be the email server for a small company. Can I create
    a self-signed certificate? If so, would you please provide the steps to do this? If not, must I use a commercial CA? If so, would you please recommend something suitable for a small company?
    Thank you again!

  28. Anonymous says:

    In part 1 we covered the deployments steps for Exchange 2013, in Part 2 of this series we covered Exchange

  29. Martin Williams says:

    @Sam if you use Get-Offlineaddressbook it will list them by name. The syntax of the command should be Get-mailboxDatabase | Set-MailboxDatabase -OffLineAddressBook "Default Offline Address List (Ex2013)"

  30. Brenton Crosby says:

    Thanks for the article, really helpful. In my environment when I had to update the OAB I had to type:

    Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "Default Offline Address List (Ex2013)"

    In your example you have:

    Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "Default Offline Address Book (Ex2013)"

  31. Csug says:

    when i run the Set-OwaVirtualDirectory command i get the error:

    Set-OwaVirtualDirectory : The term ‘Set-OwaVirtualDirectory’ is not recognized as the name of a cmdlet,

    Please help

  32. Omar says:

    Thank you very much for the information. Question, what if I want to use the certificate I have on the Exchange 2007 CAS server…? How do I export it and import it into the new Exchange 2013 CAS server…? With the new legacy domain

    Thanks

  33. cmartin says:

    At this point should a user created on Exchange server 2013 be able to send to user on exchange 2007? That the only thing not testing fully and I am trying to figure out.

    Mail Flows from External In to user on 2007/2013 From internal out for user on 2007/2013, From 2207 to 2013 the emails are delivered, but if I send from 2103 to 2007 it gets delayed, not delivered?

  34. Brad_Voris says:

    Users should be able to send mail between the 2 exchange servers. Could be a problem with send connector configuration or something as simple as a mailbox rule for a specific user.

  35. james says:

    Issue with Set-MailboxDatabase -OfflineAddressBook

    resolved by using "Get-OfflineAddressBook" and copying verbatim the "Default Offline Address List (Ex2013)"
    found it works without the backslash at the beginning (ie: not using Default Offline… and instead using just Default Offline…)

  36. cmartin says:

    OK so this is he Delivery error I get, I am guessing this is a receive connector issue on 2007 maybe?

    Diagnostic information for administrators:

    Generating server: BRTCEXCH13.brtc.local
    Receiving server: brtcmail.brtc.local (192.168.1.15)

    Administrator@brandonschool.org
    9/25/2015 7:49:38 PM – Remote Server at brtcmail.brtc.local (192.168.1.15) returned ‘550 4.4.7 QUEUE.Expired; message expired’
    9/25/2015 7:39:20 PM – Remote Server at brtcmail.brtc.local (192.168.1.15) returned ‘451 4.4.0 Primary target IP address responded with: "451 5.7.3 Cannot achieve Exchange Server authentication." Attempted failover to alternate host, but that did not succeed.
    Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 192.168.1.15:25’

    Original message headers:
    Received: from BRTCEXCH13.brtc.local (192.168.1.10) by BRTCEXCH13.brtc.local
    (192.168.1.10) with Microsoft SMTP Server (TLS) id 15.0.847.32; Wed, 23 Sep
    2015 15:43:17 -0400
    Received: from BRTCEXCH13.brtc.local ([fe80::a07c:cfe8:fd5d:2a49]) by
    BRTCEXCH13.brtc.local ([fe80::a07c:cfe8:fd5d:2a49%12]) with mapi id
    15.00.0847.030; Wed, 23 Sep 2015 15:43:16 -0400
    Content-Type: application/ms-tnef; name="winmail.dat"
    Content-Transfer-Encoding: binary
    From: test user
    To: Administrator
    Subject: test from exchge2013
    Thread-Topic: test from exchge2013
    Thread-Index: AQHQ9jgXh6VhWDajhESmb8ZXMmTNWw==
    Date: Wed, 23 Sep 2015 15:43:16 -0400
    Message-ID:
    Accept-Language: en-US
    Content-Language: en-US
    X-MS-Has-Attach:
    X-MS-TNEF-Correlator:
    MIME-Version: 1.0
    X-Originating-IP: [fe80::a07c:cfe8:fd5d:2a49%12]
    Return-Path: testuser@brandonschool.org

  37. Colby says:

    Trouble with site placement in Part 2, I have an 2013 Edge Server. Do I "set" all sites on the edge server or do only certain ones need to be set there such as OWA and autodisover? Also if I have a 2007 Edge server and a 2013 Edge server in the same environment
    how do I prevent the 2013 Edge server from being accessed internally if I am setting the OWA website on it?