Exchange 2003 to Exchange 2010 Step by Step Deployment Guidance
Step 6: Install the Hub Transport server role
The Hub Transport server role is responsible for internal mail flow for the Exchange organization. It handles all mail flow inside the organization, applies transport rules, applies journaling policies, and delivers messages to recipient mailboxes.
Learn more at: Overview of the Hub Transport Server Role
You can install the Hub Transport server role on dedicated hardware, or you can install it on the same server where you installed the Client Access server role.
How do I install the Hub Transport server role on dedicated hardware?
The Exchange Server 2010 Setup wizard helps you install the Hub Transport role:
- Insert the Exchange 2010 DVD into the DVD drive. When the AutoPlay dialog appears, click Run Setup.exe under Install or run program. If the AutoPlay dialog doesn’t appear, navigate to the root of the DVD and double-click Setup.exe. Alternatively, browse to the location of your Exchange 2010 installation files and double-click Setup.exe.
- The Exchange Server 2010 Setup welcome screen appears. In the Install section, the software listed for Step 1: Install .NET Framework 3.5 SP1 and Step 2: Install Windows PowerShell v2 was installed with the Exchange 2010 prerequisites. If these prerequisites aren’t already installed, click the appropriate step to install them.
- When Step 1, Step 2, and Step 3 are listed as Installed, click Step 4: Install Microsoft Exchange.
- On the Introduction page, click Next.
- On the License Agreement page, review the software license terms. If you agree to the terms, select I accept the terms in the license agreement, and click Next.
- On the Error Reporting page, select Yes or No to enable the Exchange Error Reporting feature, and click Next.
- On the Installation Type page, select Custom Exchange Server Installation. For Exchange 2010 SP1, you can select to automatically install all required Windows roles and features for this server. To optionally change the installation path for Exchange 2010, click Browse, locate the appropriate folder in the folder tree, and then click OK. Click Next.
- On the Server Role Selection page, select the Hub Transport Role, and click Next. The Management Tools option, which installs the Exchange Management Console and the Exchange Management Shell, will also be selected and installed.
- On the Readiness Checks page, review the Summary to determine if the system and server are ready for the Hub Transport role to be installed. If all prerequisite checks completed successfully, click Install. If any of the prerequisite checks failed, you must resolve the displayed error before you can continue.
- The Progress page displays the progress and elapsed time for each phase of the installation. As each phase ends, it’s marked completed and the next phase proceeds. If any errors are encountered, the phase will end as incomplete and unsuccessful. If that happens, you must exit Setup, resolve any errors, and then restart Setup.
- When all phases have finished, the Completion page displays. Review the results, and verify that each phase completed successfully. Clear the check box for Finalize this installation using the Exchange Management Console, and then click Finish to exit Setup.
- When you’re returned to the Setup welcome screen, click Close. On the Confirm Exit prompt, click Yes.
- Restart the computer to complete the installation of the Hub Transport role.
How do I add the Hub Transport server role to my Client Access server?
You can also use the Exchange Server 2010 Setup wizard to add the Hub Transport role to your existing Client Access server.
- In Control Panel, start Programs and Features.
- Select Microsoft Exchange Server 2010 from the list of installed programs, and then click Change.
- The Exchange Server 2010 Setup wizard starts in Exchange Maintenance Mode. Click Next.
- On the Server Role Selection page, select the check box for Hub Transport Role and then click Next.
- On the Readiness Checks page, review the Summary to determine if the system and server are ready for the Hub Transport role to be installed. If all prerequisite checks completed successfully, click Install. If any of the prerequisite checks failed, you must resolve the displayed error before you can proceed with installing the Hub Transport role. In many cases, you don’t need to exit Setup while you’re fixing issues. After you resolve an error, click Retry to run the prerequisite check again. Also, be sure to review any warnings that are reported.
- The Progress page will display the progress and elapsed time for each phase of the installation. As each phase ends, it will be marked completed and the next phase will proceed. If any errors are encountered, the phase will end as incomplete and unsuccessful. In this event, you must exit Setup, resolve any errors, and then restart Setup in Maintenance Mode.
- When all phases have finished, the Completion page will be displayed. Review the results and verify that each phase completed successfully. Click Finish to exit Setup.
- Restart the computer to complete the installation of the Hub Transport role.
Step 7: Configure Exchange ActiveSync authentication
In order for Exchange ActiveSync to function during Exchange 2003 and Exchange 2010 coexistence, you must configure Integrated Windows authentication on the Microsoft-Server-ActiveSync virtual directory on the Exchange 2003 server. During this procedure, services will be restarted on the Exchange 2003 server, resulting in a brief interruption in service.
Learn more at: Understanding Exchange ActiveSync Coexistence
How do I do this?
There are two methods you can use to complete this task.
- Install this hotfix for the Exchange 2003 server: “Event ID 1036 is logged on an Exchange 2007 server that is running the CAS role when mobile devices connect to the Exchange 2007 server to access mailboxes on an Exchange 2003 back-end server.”
Get the hotfix from: Microsoft Support site
- Using Exchange System Manager on the Exchange 2003 server, adjust the authentication settings of the Exchange ActiveSync virtual directory.
- Repeat these steps for all Exchange 2003 servers in your organization that contain mailboxes.
Alternatively, you can do the following:
- Set to a value of 6 the msExchAuthenticationFlags attribute on the Microsoft-Server-ActiveSync object within the configuration container on each Exchange 2003 server that contains mailboxes.
Step 8: Configure a legacy host name
You need to create a legacy domain name system (DNS) host name so your legacy Exchange environment (Exchange 2003 and/or Exchange 2007) and Exchange 2010 can coexist. For example, if your domain name is currently abc.com, you’re likely using a host name of mail.abc.com or www.abc.com for external client access to Exchange. During coexistence, I recommend creating and using, for example, a host name of legacy.abc.com. This host name should be configured the same way your primary host name is configured. You’ll associate the legacy host name with your existing Exchange server and associate your current host name (for example, mail.abc.com) with your Exchange 2010 Client Access server or array. Your end users will not see or use the legacy host name. It will be used by Autodiscover and Client Access servers when redirecting legacy users to a legacy server.
All client connections will be redirected, including Exchange ActiveSync, Outlook Web App, POP3, and IMAP4. After the legacy host name has been configured, users will be able to access their mailbox regardless of whether it’s on Exchange 2010 or Exchange 2003. If you’re upgrading from Exchange 2007 to Exchange 2010 or from an environment that contains both Exchange 2007 and Exchange 2003, Availability service requests will also be redirected. In addition, after you configure a legacy host name, you’ll also need to ensure that your digital certificates are configured with the legacy host names.
How do I do this?
The steps to perform this task will vary for each organization. That’s because the exact steps depend on your Internet provider and firewall configuration. Example steps for GoDaddy are provided below just to give you an idea of how things work. Your actual steps may vary. But, in general, you need to:
- Create a DNS host (A) record in your internal and external DNS servers that points to the IP address of your legacy Internet-facing Exchange server (for example, Exchange 2007 Client Access server, Exchange 2003 front-end server, etc.) in internal DNS or the public IP address on your reverse proxy or firewall solution (external DNS). The host name should be in the format of legacy.domain.com (for example, legacy.abc.com).
- Create a publishing rule for the legacy host name in your reverse proxy or firewall solution to point to your legacy Internet-facing Exchange server. Refer to your proxy/firewall solution’s user manual for instructions on how to do this.
- Configure the existing DNS host (A) record in your internal and external DNS servers for your original host name (for example, mail.abc.com) to point to your Exchange 2010 organization; for example, the IP address of your Client Access server or array (internal DNS), or the public IP address on your reverse proxy or firewall solution (external DNS).
So, for example, if your provider is GoDaddy.com, here’s how you create a DNS host (A) record and associate it with your legacy Exchange infrastructure:
- From your GoDaddy account management home page, click Domain Manager under the My Products heading in the left sidebar.
- If prompted, log in to your account.
- In the Total DNS section of the Domain Manager information screen, click Total DNS Control.
- In the A (Host) section of the Total DNS Control screen click Add new A record.
- Enter the host name, for example legacy.abc.com and enter the IP address of your legacy Exchange server in the Points to IP address box.
- Choose a TTL (time to live) value. If you’re performing this step well in advance of your Exchange 2010 installation, you can choose 1 day or 1 week from the drop-down list box. Otherwise, choose the default of 1 hour or 1/2 hour.
- Click OK to complete your changes.
If your Exchange 2003 server isn’t currently configured to use SSL for client access, you’ll need to enable SSL to secure the communications between the client messaging applications and the Exchange front-end server. Learn more at: Exchange Server 2003 Client Access Guide
How do I know this worked?
From outside your firewall, perform the following steps, using your specific domain name.
- Navigate to https://mail.abc.com/owa, and verify that you can access Outlook Web App for a user whose mailbox is on Exchange 2010.
- Navigate to https://legacy.abc.com/exchange, and verify that you can access Outlook Web Access for a user whose mailbox is on a legacy Exchange server.
- Navigate to https://mail.abc.com/owa, and verify that you can access Outlook Web App for a user whose mailbox is on a legacy Exchange server.
You can also use the Exchange Server Remote Connectivity Analyzer to verify connectivity for the legacy namespace.
You’ll find ExRCA at: https://www.testexchangeconnectivity.com
- Rockin’ the CASB – What you need to know about Cloud Access Security Brokers …
- Cloud Tweaks Blog … What Do You Know About Cloud Security?
- Security Awareness @ ISC2 Security Congress 2015
- Secure the Power of the Cloud … (and get certified while doing it)
- Announcing Exchange Server 2016 Preview!
- VMware Scripting Overview – A quick look under the hood
- Checklist: Use AD FS to implement and manage single sign-on with Server 2012/R2
- Checklist: Setting up a Federation Server (ADFS) for use with Office 365 on Windows Server 2008/R2
- The (ISC)² CISSP Domain Refresh … Are you prepared?
- vSphere 6.0 is on the way !!! …. Are you ready???