Hello ChristianWickham, It’s a standard upgrade operation recommended by Microsoft. If you do not have any difficulties, you can follow the article exactly to do the upgrade. In my opinion, if you have Exchange 2007 and Exchange 2010 servers in one site, the Exchange 2010 CAS server must be the internet facing server. If you have Exchange 2007 users, the Exchange 2010 CAS will proxy the request to the Exchange 2007 CAS via the internal url on the Exchange 2007 OWA VD. For more details, please see: Understanding Proxying and Redirection http://technet.microsoft.com/en-us/library/bb310763.aspx ============= Simon Wu Exchange Forum Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

I have answered the questions inline below: 1) Looking at the process at http://technet.microsoft.com/en-us/library/dd351133.aspx, do I need to do something like "Set-OwaVirtualDirectory -Server Exchange2007CAS -Url https://access.company.com/owa" on both the Exchange 2007 CAS servers? How long does it take this to take effect? Will existing ActiveSync clients get redirected automatically? Do I also need to change the certificates on the Exchange 2007 CAS servers at the same time - or can I pre-install them? I believe this change will take effect immediatley after IIS service has been restarted. T The activesync clients will get redirected with a 451 redirect the "legacy" namespace if maibox is legacy. Note I believe some activesync clients may not support the redirect so this is worth testing. Certs can be changed in advance, just adding the additional legacy namespace. 2) Currently all Outlook 2010 laptop users have their Outlook Anywhere configuration set by GPO to go to "owa.company.com" and to use Basic authentication. When we switch over to "owa1.company.com" with NTLM authentication, will the existing Outlook Anywhere configuration fail? Do I need to configure the replacement "owa.company.com" TMG rule to allow Basic authenthication? Can I pre-configure Outlook 2010 users to use "owa1.company.com" with NTLM before their mailbox is moved to Exchange 2010? Unfortunately we don't have DirectAccess and so remote users who use OutlookAnywhere and get their settings through GPO will effectively fail and not be able to be fixed unless Outlook/Exchange can cope with an authentication/sitename change. I believe you would need to configure the clients correctly with GPO before switching over. This is really something that would need tests in a lab and is going to be dependant upon the TMG conifguration. 3) For each CAS server, the OWA Internal URL is https://outlookEast.company.local/owa and the External URL is https://owa1.company.com/owa (and in the other datacentre Internal is OutlookWest.company.local and External is OWA2.company.com) - where do I specify the name https://owa.company.com ? The address that is in everyone's favourites (and on ActiveSync, OutlookAnywhere etc) is https://owa.company.com - where does this get configured in Exchange 2010? The currently configured owa.company.com will point to internet facing excahnge 2010 cas servers. The requests will then be re-directed to a legacy namespace if required.

I believe this change will take effect immediatley after IIS service has been restarted. T Great - that's what I wanted to know. I tried making changes like this before, but it took over night to take effect. If I just need to restart IIS services, then I will know when it has happened. I believe you would need to configure the clients correctly with GPO before switching over. No. Can't do that. Can't change a client configuration from the working OutlookAnywhere server to the future OutlookAnywhere server as this will break their connection. Plus, as I pointed out, this will have no effect for remote users who have not had a GPO update (because they are remote). But... This is really something that would need tests in a lab and is going to be dependant upon the TMG conifguration. Yes, I tested this, and as soon as a client (Outlook 2010) was moved over to the new Exchange 2010 system, their OutlookAnywhere settings were changed by Exchange/Outlook and no GPO change was required.

Thanks for the reply This recommendation for two DAGs is no longer as valid for Exchange 2010 SP1 as the DAC (Datacentre Activation Coordination) mode helps with this situation. Also, I should have pointed out that we have 5 seperate links between our datacentres so they will not lose communication with each other and end up in a split brain scenario where the same databases try to activate in each site. So, anyone got any advice on my original questions?

These datacenters have active users in both or is one Datacenter for DR purposes? sounds like active\active user distribution. Please see the 3 part article below which explains why you would want 2 DAGs for active\active user distribution. http://www.msexchange.org/articles_tutoria ls/exchange-server-2010/high-availability-recovery/designing-site-resilient-exchange-2010-solution-part1.html

I need a bit of clarification on some details about the final stages of our transition from Exchange 2007 to Exchange 2010, specifically around the "legacy" url for OWA for 2007, for Outlook Anywhere and ActiveSync. We have 2 datacentres with 3 Exchange servers, where there was one Exchange 2007 MBX/HT/CAS server in one site (East) and an Exchange 2007 MBX and an Exchange 2007 HT/CAS server in the other datacentre (West). The reverse proxy for the OWA/OutlookAnywhere/ActiveSync service was provided by a hardware appliance. For this reason, we only had one access point for this - https://owa.company.com - and this then meant that OWA was configured to use plain-text authentication, Outlook Anywhere was Basic authentication too. We are changing this to Kerberos and NTLM through TMG. We are now moving to 8 Exchange 2010 servers, in each datacentre we have 2 mailbox servers (all 4 are in a DAG) and each site has 2 CAS/HT servers in an NLB array - OutlookWest.company.local and OutlookEast.company.local - we have implemented TMG 2010 in each datacentre and have a single SAN certificate, which contains owa.company.com, owa1.company.com, owa2.company.com, access.company.com and autodiscover.company.com We are using owa1.company.com as the public name for the OutlookWest.company.local CAS array, and owa2.company.com for the public name for OutlookEast.company.com and access.company.com as the "legacy" name for Exchange 2007 (the idea is, that once we have got rid of Exchange 2007, we will re-use that name/certificate for other sites like SharePoint or the URLs needed for Lync, just by reconfiguring TMG). So far, we have tested that access.company.com provides access to the Exchange 2007 CAS server So, here are my questions; 1) Looking at the process at http://technet.microsoft.com/en-us/library/dd351133.aspx, do I need to do something like "Set-OwaVirtualDirectory -Server Exchange2007CAS -Url https://access.company.com/owa" on both the Exchange 2007 CAS servers? How long does it take this to take effect? Will existing ActiveSync clients get redirected automatically? Do I also need to change the certificates on the Exchange 2007 CAS servers at the same time - or can I pre-install them? 2) Currently all Outlook 2010 laptop users have their Outlook Anywhere configuration set by GPO to go to "owa.company.com" and to use Basic authentication. When we switch over to "owa1.company.com" with NTLM authentication, will the existing Outlook Anywhere configuration fail? Do I need to configure the replacement "owa.company.com" TMG rule to allow Basic authenthication? Can I pre-configure Outlook 2010 users to use "owa1.company.com" with NTLM before their mailbox is moved to Exchange 2010? Unfortunately we don't have DirectAccess and so remote users who use OutlookAnywhere and get their settings through GPO will effectively fail and not be able to be fixed unless Outlook/Exchange can cope with an authentication/sitename change. 3) For each CAS server, the OWA Internal URL is https://outlookEast.company.local/owa and the External URL is https://owa1.company.com/owa (and in the other datacentre Internal is OutlookWest.company.local and External is OWA2.company.com) - where do I specify the name https://owa.company.com ? The address that is in everyone's favourites (and on ActiveSync, OutlookAnywhere etc) is https://owa.company.com - where does this get configured in Exchange 2010? Thanks for any help.

I have answered the questions inline below: 1) Looking at the process at http://technet.microsoft.com/en-us/library/dd351133.aspx, do I need to do something like "Set-OwaVirtualDirectory -Server Exchange2007CAS -Url https://access.company.com/owa" on both the Exchange 2007 CAS servers? How long does it take this to take effect? Will existing ActiveSync clients get redirected automatically? Do I also need to change the certificates on the Exchange 2007 CAS servers at the same time - or can I pre-install them? I believe this change will take effect immediatley after IIS service has been restarted. T The activesync clients will get redirected with a 451 redirect the "legacy" namespace if maibox is legacy. Note I believe some activesync clients may not support the redirect so this is worth testing. Certs can be changed in advance, just adding the additional legacy namespace. 2) Currently all Outlook 2010 laptop users have their Outlook Anywhere configuration set by GPO to go to "owa.company.com" and to use Basic authentication. When we switch over to "owa1.company.com" with NTLM authentication, will the existing Outlook Anywhere configuration fail? Do I need to configure the replacement "owa.company.com" TMG rule to allow Basic authenthication? Can I pre-configure Outlook 2010 users to use "owa1.company.com" with NTLM before their mailbox is moved to Exchange 2010? Unfortunately we don't have DirectAccess and so remote users who use OutlookAnywhere and get their settings through GPO will effectively fail and not be able to be fixed unless Outlook/Exchange can cope with an authentication/sitename change. I believe you would need to configure the clients correctly with GPO before switching over. This is really something that would need tests in a lab and is going to be dependant upon the TMG conifguration. 3) For each CAS server, the OWA Internal URL is https://outlookEast.company.local/owa and the External URL is https://owa1.company.com/owa (and in the other datacentre Internal is OutlookWest.company.local and External is OWA2.company.com) - where do I specify the name https://owa.company.com ? The address that is in everyone's favourites (and on ActiveSync, OutlookAnywhere etc) is https://owa.company.com - where does this get configured in Exchange 2010? The currently configured owa.company.com will point to internet facing excahnge 2010 cas servers. The requests will then be re-directed to a legacy namespace if required.

I believe this change will take effect immediatley after IIS service has been restarted. T Great - that's what I wanted to know. I tried making changes like this before, but it took over night to take effect. If I just need to restart IIS services, then I will know when it has happened. I believe you would need to configure the clients correctly with GPO before switching over. No. Can't do that. Can't change a client configuration from the working OutlookAnywhere server to the future OutlookAnywhere server as this will break their connection. Plus, as I pointed out, this will have no effect for remote users who have not had a GPO update (because they are remote). But... This is really something that would need tests in a lab and is going to be dependant upon the TMG conifguration. Yes, I tested this, and as soon as a client (Outlook 2010) was moved over to the new Exchange 2010 system, their OutlookAnywhere settings were changed by Exchange/Outlook and no GPO change was required.