Dear all,

first of all thanks for reading this topic :-)

In our enviroment, we have a Exchange 2010 server (Version: 14.01.0438.000), whitch is installed with all server roles (CAS, HT and MB) on one server(OS is Windows Server 2008 R2 Enterprise). This exchange server sends all external mails to a smarthost (Redddox).

We are using Outlook Anywhere, Active Sync and OWA.

Now, we need to migrate this Exchange server to another one, because we think, that the servers OS is corrupt and also, there are wrong licenses installed. The "new" server will have the same OS Version and Exchange Version (2010).

Currently Im a little afraid, to install a new one - because I think when I will install the CAS and HT role, something will happen in my productive enviroment (Autodiscover, SMTP Connectors, Cerficates a.s.o.).

To install the mailbox role, I think this will not affect anything.

Can you help me a little bit in what to take care of? Do I need to preconfigure something, before I will install the second exchange? What about the version / service pack of Exchange to install? Must it be the same as installed on the first one?

Any help would be appreciated!

Jennie

Hi Jennie

No harm in introducing a new Exchange server in the existing environment. Also you could try for Exchange 2013 as well 

Below is my suggestion:

1) Bring up a new Exchange Server all roles together (Exchange 2010 with latest SP or even Exchange 2013)

2) Migrate few mailboxes initially and see their performance.

3) After that move all the mailboxes.

4) Create a send connector in the new server and smart host all external emails to Redddox

5) Disable Exchange 2010 Send connector and see the results.

6) Point your firewall to redirect all internet emails to Exchange new server.

7) From your reverse proxy server direct all the connections to new server for owa,ews and activesync

Hi Sathish,

thank you for your quick response!

What about affects in autodiscover and certificates with clients?

Will they only occur, if I move a mailbox to the other server if something is not configured proper or directly after installation?

Will the new exchange already receive and send mails internal after installation?!

Jennie

Nothing to worry on this issue, You can easily install a new server and no issues will happen 

For certificates add a new SAN entry in the certificate for the new server 

No issues with the sending and receiving emails will be problem

Hi Jennie,
Below are the steps if you are not planning to upgrade.
1) Install new Exchange2010-SP3 Server all roles Please check this
2) Install the certificate in the new server by requesting a duplicate from the 3rdparty CA. Or export from the existing Exchange 2010 and import to the new one. Please check this
3) Set your autodoscover, OAB, ECP, OWA URLs same as the current Exchange. Below artciles will help you to do that.
For OAB, Autodiscover, EWS please check steps 5,6,7in this
For setting OWA and ECP URLs please check this.
4) Move few mailboxes as a test and check. If no errors move the rest.
5) Move your OAB generation server to the new server. Please check this
6) Move you public folder contents to the new server you have. Please check this
7) Configure your firerwall to receive emails on the new server and other services like EWS, OWA, ActiveSync.
8) Add the new server as the source server and in the current send connector and remove the old server from the send connector.

Shutdown the server for a couple of days and monitor. So you will know if you missed something.
Uninstall Exchange2010 from the add remove programs.

Ok guys. Good steps! Thanks a lot. I will write down my feedback in a few days!

Just another question: we still dont have a dedicated exchange administrator account in the domain.

Is it a good idea to create one and use it for migration? Or better later on?

It is good to have a dedicated user for Exchange administration.

Please check this for permission details https://technet.microsoft.com/en-us/library/dd297943(v=exchg.141).aspx

Please check this for role based access control to give a exchange administration permission for another user.
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/exchange-2010-role-based-access-control-part1.html

Recently I did for a client is I renamed administrator to "root!-admin!exch" to improve security as infrastructure was little bit big.

ok - now the system is asking me about "External Client Access Servers"  ( when configuring the CAS external domain. The client access sever role will be internet facing?!

The old one points to exchange.domainname.com. Can / should I use the same name? Or better using exchange1.domainname.com and change it later on?! Will this bring up any effects in productive enviroment?!

You should use the same as your first exchange server. It will not make issues for you.

Ok with a little bit trouble, it worked. (the new exchange was delivering mails via default SMTP connector to extern but was not configured in the default SMTP Connector...)

Now, I ex- and imported the existing certificate from the old Exchange to the new one and linked it to OWA, AS, EPC, POP3 a.s.o.

In Best Practise Analyzer, I get this error:

Cerficate SAN mismatch

The subject alternative name (SAN) of SSL certificate for https://newserver.domain/Autodiscover/Autodiscover.xml does not appear to match the host address.
Host address: newserver.domain. Current SAN: DNS Name=oldserver, DNS Name=oldserver.domain, DNS Name=oldserver.domain, DNS Name=mail.domain,

Do I need to recreate this certificate?

Please check my article regarding SANs and configuration.

http://social.technet.microsoft.com/wiki/contents/articles/26721.oof-autodiscover-and-outlook-certificate-issues.aspx

Hello,

I still need help with creating the certificate. I created a certification request in exchange (.req file) and now, I want to create a self signed certificate with IIS.

Do you know, how this is working? If not, must I create a new CA? Cant this be done on the exchange server?