how to move a Client Access role and Hub Transport role to a new server
1. I exported the certificate using mmc & while importing this to the new server found the certificate already existed in the personal-certificate directory. However, I completed the import process &igot thepop-up window saying import successful. 2. i ran the Get-ExchangeCertificate -DomainName server2.domain.local (which is the FQDN of the new server). I got the result as Thumbprint Services Subject ---------- -------- ------- 3DB4ECD1F43FC1457FE7A71402C863FA9BBBEFA6 IP.WS CN=SERVER2 However, i ran Get-ExchangeCertificate -DomainName email.domain.com (which is the FQDN on the imported certificate). I got the result as Thumbprint Services Subject ---------- -------- ------- B61BB06A398BE31FAA1C6958EBC1DEABB3022F8D ..... CN=email.domain.com, ... Please advise, if i need to enable the services (POP3 & SMTP) on the email.domain.com? Again, I need to keep OWA on the old server as of now along with the http/https services. Please advise on whats next & how to complete this excercise. -------------------------------------------------------------------------------------------------------------- Now after installing the hub & CAS services on the new server, some Outlook 2007 users are complaining of getting a pop-up Microsoft Office Outlook There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site. Please advise if this is related to our excercise and how we can resolve this asap. ---------------------------------------------------------------------------------------------------------------- May I go ahead the update the new server for the current updates ------------------------------------------------------------------------------------------------------------------- Our current scenario is Edge Services - Mcafee Gateway Appliance Hub, CAS, Mailbox, OWA - Exchange Server All MX records are pointing to the Mcafee Email Security Gateway Appliance We are currently changing our scenario such that we are removing the Mcafee Gateway Appliance & replacing the Mcafee Gateway Client with Symantec Email Cloud Security. Our MX records will point to the Symantec Email Cloud We are moving the Hub & CAS services (POP3 + SMTP) to a new front end server The existing exchange server will run the Mailbox Services & OWA. Now as we complete our excercise, my network team will map the public ip of our mcafee email gateway (which is deactivated) to the local IP of the new server. My task is to ensure the mail flow is enabled & activated between the 2 servers & then I must point the MX records to the symantec cloud. Please advise on how i can complete my task without any downtime & at the earliest. -------------------------------------------------------------------------------------------------------------------------------------
April 28th, 2012 8:46am

Hi Philip, You cannot move the roles as like fsmo roles.. you have to install Exchange 2007 (HUB & CAS) roles on new server and have to remove from existing server.. Kottees : My Blog : Please mark it as an answer if it really helps you.
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 10:18am

Option 1 , Get a HUB and Client access role installed on the new server and Change your mailflow to that Server and Configure OWA to the new server No Downtime Option 2 : Needs downtime , Turn off the server gracefully Ujoin from the domain , Reset the comp account in AD ---- Bring the new server with same name , same ip Do Setup.com /recoverserverSatheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
April 28th, 2012 11:34am

Hi Sathesh, why we need to unjoin the server from domain... we can remove HUB/CAS roles using Exchange Maintenance Mode http://technet.microsoft.com/en-us/library/bb124115(v=exchg.80).aspxKottees : My Blog : Please mark it as an answer if it really helps you.
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 11:40am

Hi Kotees, Removing the Server in Exchange Maintanance mode will remove the Server from Active Directory Then Recover Server wouldn't be possible ---------------- Recoverserver needs an Object in Active Directory. This the Process we do in Disaster Recovery . But we can do it in our Scenario as wellSatheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
April 28th, 2012 11:43am

yeah thanks for the info. Modifying can be tried right.. pls see here http://technet.microsoft.com/en-us/library/bb124273(v=exchg.80).aspx Kottees : My Blog : Please mark it as an answer if it really helps you.
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 12:04pm

Assign the Services to the New Server Will get back to you with the Steps shortly Mean time have a look at this KB below , http://support.microsoft.com/kb/940726Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
April 28th, 2012 1:15pm

Hi Sathesh, I would rather stick with option 1. Please advise on how to change the mailflow to the new server and how to configure OWA to the new server. I am relatively new with the exchange server environment, so my questions may be childish and may need a bit of spoon feeding. How do I remove theroles from the old server & change it to the new server without having a downtime. any links that will help me with this processes.
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 2:25pm

Hi Satesh, Again,please tell me if this will cause any changes in my existing enviroment. Also, i need to ensure only the SMTP & POP3 services are assigned to the new server.OWA (https/https) needs to remain on the new server. Also, do i need to assigne these services to server2.domain.local (the FQDN of the new server) or email.domain.com (the fqdn on the imported certificate). The result of the Get-ExchangeCertificate -Domainname for each of these are posted above. Please help me
April 28th, 2012 2:38pm

Don't remove anything as of now Philip First Install Exchange on the New server with our required roles Then we will proceed further slowly without downtime. ------------------ Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 2:47pm

Ok Sathesh, please advise,as I am doing custom installation of Exchange Server, i will install HT & Client Access Roles.Do I need to install the Exchange Mgmt console?
April 28th, 2012 3:06pm

Yes , HUB , CAS and MGMT Tools. Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 3:07pm

Hi Sathesh, I am waiting for your help mate. please advise
April 28th, 2012 3:17pm

Go Back to your Old Server - Server Configuration - Check what are the Services assigned Come to your New HUB/CAS Server - Server Configuration - Right click on the Cert - Assign the Same Services This won't affect your Production. Will come back with the Next StepsSatheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 3:30pm

After Assigning the Services to the Cert Apply the following kb Pointing to the new CAS server Applying the kb will resolve the Certificate popup http://support.microsoft.com/kb/940726 Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
April 28th, 2012 3:32pm

Hi Satesh, I am very confused with this process. Like I said I am very new to this so I need some really detailed explanation on how to do this. When you say Server Manager, I understand you want me to look in the Server Configuration under Exchange Management Console. How do I check the Services Assigned under Exchange Management Console in Exchange 2007. Again how do i see the certificates under server configuration & right click on it to assign the same services? From what I can see on my Exchange Management Console, I can see both my servers on the console under ServerConfiguration - Hub & Client Access. Under Hub both the receive connectors are enabled. Under client the owa is disabled. Now Satesh, please help me how do i check what services are enabled in the old server and how do i assign the same services to the certificate in the new server
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 4:22pm

Run Get-ExchangeCertificate -Server "OlderServer | fl Check for Services in that This should show what services assigned in the old server let me know what services are assigned Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
April 28th, 2012 4:26pm

Hi Satesh, I tried to assign the services using Exchange Management Shell using the command Enable-ExchangeCertificate -ThumbPrint "B61BB06A398BE31 FAA1C6958EBC1DEABB3022F8D" -Services "SMTP, IMAP, POP" I get the below Confirm Overwrite existing default SMTP certificate, '3DB4ECD1F43FC1457FE7A71402C863FA9BBBEFA6' (expires 31-Mar-13 10:46:53 AM), with certificate 'B61BB06A398BE31FAA1C6958EBC1DEABB3022F8D' (expires 11-Jul-14 4:00:00 PM)? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Please advise on my way forward. Please help. philip
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 4:43pm

Hi Sathesh, The above KB is applicable only if we are using OWA on the new server or is it applicable to use in my current situation. Will this effect the production enviroment of users connecting to OWA or/and users connecting to exchange using outlook. Do we need to apply this KB only on the new server or also on the old server. please help.
April 28th, 2012 4:46pm

If your Thumbprint is correct Go aheadSatheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 4:49pm

We are not doing anything for External We are applying this kb only to set things for your Internal Autodiscover Do it only for Our New server Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
April 28th, 2012 4:50pm

I ran the below on the new server, Get-ExchangeCertificate -DomainName email.platcorp.com Thumbprint Services Subject ---------- -------- ------- B61BB06A398BE31FAA1C6958EBC1DEABB3022F8D IP..S CN=email.platcorp.com, ... I believe I have assigned the POP3, IMAP & SMTP services to the certificate on the new server.
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 5:11pm

Please advise if I can apply this KB at a later stage. Please advise on what are the further steps ahead & how do we go about this. what all processes are left
April 28th, 2012 5:13pm

Hi Philip We are almost done we are on the later stage i guess Applying the KB won't affect your Production Just before that Click on Server Configuration - in your New Server - Click for OWA Default Web Site properties Set your External URL as Similar from your Old Server Do the Same For all the Tabs like Active Sync,OAB etc,. Do we use OL anywhere ?Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 5:17pm

Again, 1. do we need to edit the OWA default web site properties on the new server when my actual scope is to let the OWA service (http/https) stay on the old server. 2. Outlook Anywhere Enabled, is "True" on the old server & "False" on the new server. 3. OWA(Default Website) is Enabled on the old server. OWA (Default Website) is Disabled on the new server. 4. The Internal URL for the OLD Server is https://oldserver.domain.local/owa, the External URL is https://email.domain.com/owa 5. I am presuming The Internal URL for the NEW Server is https://oldserver.domain.local/owa, the External URL is https://email.domain.com/owa, please correct me if I am wrong, Or must the Internal URL be https://newserver.domain.local/owa and the External URL be https://email.domain.com/owa
April 28th, 2012 5:27pm

hmmm Applying the KB will Fix only your Certificate Pop up philip Nothing else will happen Setting the External URL doesn't affect anything. if your old server crashes you can reroute everything to the new CAS easily on DR scenarios Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 5:58pm

Hi Philip , Sorry for the Delay, That Popup is normal . We can Proceed further . Export the Exchange Certificate from the Old CAS and import to the New CAS now Will get the steps for you soon Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
April 28th, 2012 7:08pm

Am Terribly Sorry Philip Little held up with work hereSatheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 7:09pm

Server Configuration - See Exchange Certificates in the bottom Part - Export the Exchange Certificate your using before - you will get some pfx file Your using a 3rd party Cert right ? Go to the New CAS and import the same . And Right click on the cert - assign the same servicesSatheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
April 28th, 2012 7:14pm

Ok Satesh, I have added the external URL for all the services. I have left the internal URL as the default. What next?
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 10:01pm

If you doesn't want to Change your OWA to the New Server, This would be your last step.Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
April 28th, 2012 10:07pm

hmmmm. yes i do not want to change owa to my new server as of now but yes at a later stage once I know the other services are working on the new server. Is this my last step? How do i make sure the hub & cas services on the new server are functional & have entered production? Also, i havent removed these services from the old server. my scope is to move the hub & client access services to the new server. please advise.
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 10:11pm

Once you moved your OWA to your New Server - Pubic Ip Nats to your New Server -- If your using any smart host - Then make appropriate changes Then only the New Server will become Active fully. Untill That it will be used just for internal Mailflow ---------------- And you should not decommission the old Server just like that ------------- After moving everything - Closing outlook and reopening will recognize your New CAS server. By going into your Old server and Old server will tell where the new server is if you decomission before that - outlook won't reopen , you got to re configure the profile After moving everything you got to wait for some months or Make everyone to close and reopen outlook before you decomission Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
April 28th, 2012 10:15pm

Hi Satesh, Our scope is to only move the hub & cas services into the new server for internal mail flow. The old server will be used for Mailbox & OWA services. Our main idea is to split the roles between 2 servers to ensure one server is not fully loaded with all the roles and the 2nd server (our new server) shares the load. we will NEVER be decommisioning the old server. my objective is to MOVE the hub & CAS services to the new server. Once the roles on the new services are activated, i need to disable this on the old server. please help me on how to ensure the hub & client access roles are only running on the new server not on the old.
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 10:25pm

You must understand onething CAS Server handles Clientaccess - That cannot be shared Now HUB is sharing your mailflow already. Cause it works like round robin, You can't disable any services in your old server Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
April 28th, 2012 10:48pm

Satesh, Please help me understand what happens if I disable the HUB & CAS on the old server. will this affect my production. as my objective is to ensure the HUB & CAS roles are no more on the old server
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 10:55pm

============================================================================= Hi Satesh, Our scope is to only move the hub & cas services into the new server for internal mail flow. The old server will be used for Mailbox & OWA services. Our main idea is to split the roles between 2 servers to ensure one server is not fully loaded with all the roles and the 2nd server (our new server) shares the load. we will NEVER be decommisioning the old server. my objective is to MOVE the hub & CAS services to the new server. Once the roles on the new services are activated, i need to disable this on the old server. please help me on how to ensure the hub & client access roles are only running on the new server not on the old. ============================================================================== Satesh, Please help me understand what happens if I disable the HUB & CAS on the old server. will this affect my production. as my objective is to ensure the HUB & CAS roles are no more on the old server ============================================================================== PLEASE MAKE ME UNDERSTAND - WHAT YOUR COMING TO SAY Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
April 28th, 2012 11:04pm

so does this mean my new server is already in production? is the below scenario possible or acheivable in my environment i need to move the hub & cas to the new server & then remove it from the old server.if i did this, how will it effect my production. how do i enable OWA on the new server, as i need to do this in the near future. lastly, i need to ensure that all client access is through my new server. you have mentioned "CAS Server handles Clientaccess - That cannot be shared" - does this mean, the CAS can only be one one server, either the old or the new? it cannot be between the 2? am i correct? In my current scenario, are u sure that all SMPTP & POP3 access is now only through my new server? I do not want Client access through my old server. I hope you are getting what I am trying to communicate. simply put it, why is that i cannot have the CAS & HUB on one server & the MAilbox on another server?
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 11:06pm

Seems like you are irritated. I am very sorry. I am just trying to ensure everything is seamlessly done. My objective in this excercise is to ensure we move the CAS & HUB roles to the new server. My understanding during this excercise was to setup the 2 roles on the new server, import certificate, assign the services, and remove the roles from the old server. With our excercise, we have done all of this except, removing the roles from the old server. What happens if we remove the roles from theold server? is the new server & the HUB & CAS roles in it, already in production? how do i make sure the HUB & CAS roles on the new server are fully in production & working? if they are fully functional why cannot these roles be disabled on the old server? or to be precise, does these roles need to run on both the servers to ensure communication between the old & new server? cause my scope was only to create a front end server with CAS & HUB, leaving the old server as backend with the mailbox services. hope i am clear in my communication
April 28th, 2012 11:15pm

Now Everything is Done One Last thing is You got to Activate your New Server where all your Firewall will be pointing to your old Server and you got to change it to your new server then Only the New Server will be Completely Active. You need some Guidance For that That cannot be provided in chat Please open up a Ticket with Microsoft and get the last part done 1-800-936-4900Satheshwaran Manoharan | Exchange 2003/2007/2010 | Blog:http://www.careexchange.in | Please mark it as an answer if it really helps you
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2012 11:20pm

Hi Satesh, Thanks for the response mate. Just a quick one before I import-export the certificates, will this effect my current scenario. the reason i am asking this is to ensure all 4000+ users will not have any impact/downtime at the sametime the move will be seamless. also, what are the next steps involved. Thank You & Kind Regards Philip
April 29th, 2012 12:25am

Well done Sathesh. Thank you so much. Explained a lot.Kottees : My Blog : Please mark it as an answer if it really helps you.
Free Windows Admin Tool Kit Click here and download it now
April 29th, 2012 3:16am

Hi Sathesh, I installed all of the above. All of a sudden a certificate security window popped up for all users using Outlook 2007/Outlook 2010. Is this normal? I hope I havent made any AD wide changes by just making the installation. Please advise, if the Certificate window that popped is normal? Hope it doesnt effect the existing setup? Also, please advise whats next? Can I update the exchange as its showing one important update. Awaiting your prompt response & advise. Thank You & Kind Regards Philip
April 29th, 2012 3:18am

We a re currently on MS Exchange 2007 SP1 on Windows 2008 Enterprise SP2. The Hub Transport, Client Access & Mailbox roles are all in one server box. I understand this is not ideal. We are to move the Hub Transport Role & The Client Access Role to a new server. Please help me on the process to do this without having to face any major downtime. Currently we have setup a new server with Windows 2008 Enterprise SP2. DO we need to install MS EXchange 2007 with SP1 on this server? Taking it further, how do I move the exisiting Hub Transport Rule & Client Access Role to this new server. Please advise. Thank You & Kind Regards Philip
Free Windows Admin Tool Kit Click here and download it now
April 29th, 2012 4:16am

Hi Satesh, 1. I am using Exchange 2007. I cant see the certificate import export option in the exchange management console. I understand we must use the exchange cmdlet for this. please advise. 2. Please advise on how to enable the services on this certificates after importing them to the new server. 3. i need to enable the POP3, SMTP services on the new server but keep the HTTP/HTTPS on the old server, meaning we want to keep the OWA on the old server. 4. how to enable mailflow? we need to ensure all of the above is done without any downtime or effecting any of our users in various time zones. 5. Can i proceed with all the updates on the new server with regards to exchange 2007.
April 29th, 2012 6:55am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics