Project: Exchange 2003 to 2010 Upgrade, Coexistence, and More!

The following are a few notes and links that I found useful when performing an Exchange 2010 upgrade for a customer. This is for Phase 1 coexistence of Exchange 2010 with 2003. Phase 2 for decommissioning Exchange 2003 can be found here.

The project also included the introduction of a 2008R2 Domain Controller in a Branch Office alongside their existing 2003 Domain Controllers, and the establishment of a Domain Trust to allow a recently acquired company existing in a different Active Directory forest, to use the new Exchange 2010 server via Linked Mailboxes.

Figure 1: The diagram below gives a brief overview of the environment after introduction of the Exchange 2010 server

Note 1:  Exchange 2010 does not support BES 4.1! In the deployment here, Blackberry was being decommissioned, so there was no need to worry about maintaining the Blackberry service by migrating BES to version 5 or above.
Note 2: The customer was using Symantec Backup Exec 11d and this does not support Exchange 2010 – BE 2010 or above is required (but it is possible to Use Windows Server Backup to Perform a Backup of Exchange!)

Main documents used:

1. “Rapid transition guide from Exchange 2003 to Exchange 2010” by Milind Naphade – this PDF document is freely downloadable from the internet

Useful notes and documents – regards the Exchange work:

Apologies for plugging my own blog with the first three!

1. Suppress Link State Updates on Exchange 2003 - HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RESvc\Parameters > New DWORD = “SuppressStateChanges” with Value = 1 > and restart the following services - SMTP, Microsoft Exchange Routing Engine, and Microsoft Exchange MTA Stacks
2. Exchange 2010 Active Sync Issueif users new to Exchange 2010 are having problems with Active Sync, check their AD Account Security permissions are allowing inheritable permissions from the objects parent (especially for Exchange Servers permissions)
4. The Name on the security certificate is invalid or does not match the name of the site - PART 2if getting security alerts when opening Outlook, check the below have been applied via the EMS
> Set-ClientAccessServer -Identity "mbx1" –AutodiscoverServiceInternalURI https://nlb.nwtraders.msft/autodiscover/autodiscover.xml
> Set-WebServicesVirtualDirectory -Identity "mbx1\EWS (Default Web Site)" –InternalUrl  https://nlb.nwtraders.msft/EWS/Exchange.asmx
> Set-OABVirtualDirectory -Identity “mbx1\OAB (Default Web Site)” -InternalURL https://nlb.nwtraders.msft/OAB
> Enable-OutlookAnywhere -Server mbx1 -ExternalHostname “nlb.nwtraders.msft” -ClientAuthenticationMethod “NTLM”
> Set-ActiveSyncVirtualDirectory -Identity “mbx1\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://nlb.nwtraders.msft/Microsoft-Server-Activesync

Useful notes and documents – regards the Exchange Resource Forest work:


Useful notes and documents – besides the Exchange work:

2. Is it okay to prepare a Domain Controller in our Head Office and then re-IP it and ship to remote office? Yes
3. Windows Server 2008 R2 Enable Multiple RDP sessions tsconfig.msc > ‘Restrict each user to a single session’ = No
4. Windows Server 2008 R2 Upgrade PathsWindows Server 2003 SP2 ,R2 upgrade to Windows Server 2008R2 is supported, but cross-architecture in-place upgrades (for example, x86 to x64) are not supported.

Comments