Motivation: Making the Systems Engineers life easier.

Blog

Migrating Exchange 2010 to 2016

Microsoft Exchange

Migrating Exchange 2010 to 2016

Migrating Exchange 2010 to Exchange 2016

I recently migrated Exchange 2010 SP3 to Exchange 2016 for the one of the customer, the migration was done overnight. So I would like to share my experience with the task performed and the steps I had undertaken.

Old Environment running on One Physical Server

  • Active Directory (Windows Server 2008 R2 Enterprise)
  • Exchange 2010 SP3 (Mailbox and CAS Roles)
  • Symantec Antispam
  • DHCP Server
  • RRAS

The issue with the customer was every now and then email flow stops working and because of multiple components installed on one single server it was becoming difficult to isolate the issue. Customer was tired of restoring old working backups but has to bear loosing recent emails every time. Certain employee jobs were on the line. I received a call from my sales guy to migrate everything on to a fresh working environment.

I followed the following steps to bring the mail services online overnight. In my document graphical images are very less but steps are perfect.

 

  1. Prepared a Physical Host with Hyper-V (Windows Server 2016)
  2. Prepared two Virtual Machines with Windows Updates (Windows Server 2016 Standard)

https://docs.microsoft.com/en-us/Exchange/plan-and-deploy/system-requirements?view=exchserver-2016

  • DC01
  • EXCH01
  1. Joined both the VMS to the domain and DC01 installed as an Additional Active Directory and transferred all the FSMO roles after force replication across DC’s using below command on both the DC’s

repadmin /syncall /Aped

  1. Raised Domain and Forest Functional level to Windows Server 2008 R2

(This is the minimum requirement for installing Exchange 2016)

We were lucky to have Exchange 2010 installed with the latest SP3 with the latest rollup update, so we didn’t have to do anything of the Exchange 2010 as prerequisite.

  1. Preparing EXCH01 with the following prerequisites:

https://go.microsoft.com/fwlink/p/?LinkId=624054

  • Run the following command in Windows PowerShell to install the required Windows components:

Install-WindowsFeature NET-Framework-45-Features, Server-Media-Foundation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS

Install-WindowsFeature RSAT-ADDS

 

  • Exchange installation Permission

The permissions you need to successfully install Exchange 2016 are described in the following table.

Task Permissions required
Install the first Mailbox server Local Administrator
Enterprise Administrator
Schema Administrator
Install additional Mailbox servers Organization Management
Install Edge Transport servers Local Administrator

 

  1. Configure the default offline address book on existing mailbox databases.

Open the Exchange Management Shell on your existing Exchange server.

  1. Run the following command to list all of your existing OABs:

Get-OfflineAddressBook

  1. Run the following command to list all mailbox databases in your organization, and the OABs that are assigned to them:

Get-MailboxDatabase | Format-Table Name,Server,OfflineAddressBook -Auto

  1. For every mailbox database that doesn’t have an OAB assigned, assign an OAB by using one of the following procedures:
    • Set the OAB on each individual mailbox database: This example sets the OAB named Default Offline Address Book as the default OAB on the mailbox database named Database on the server named Mail.

Set-MailboxDatabase “Mail\Sales Employees” -OfflineAddressBook “Default Offline Address Book”

  • Set the same OAB on all mailbox databases: This example sets the OAB named Default Offline Address Book as the default OAB on all mailbox databases:

WARNING: This command will replace the OAB that’s currently assigned to every mailbox database in your organization. To verify that the command will have the results you want, you can add the WhatIf switch.

Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Default Offline Address Book”

To verify that you’ve successfully configured a default OAB for every mailbox database in your organization, run the following command to verify that there are no blank values in the OfflineAddressBook column.

Get-MailboxDatabase | Format-Table Name,Server,OfflineAddressBook -Auto

 

  1. Install the Exchange 2016 Mailbox server role

Assuming you already have downloaded the latest ISO for Exchange 2016 (which has the latest CU)

  1. On the computer where you want to install Exchange, open File Explorer, right-click on the Exchange ISO image file that you downloaded, and then select Mount.
  2. Browse DVD ROM and start Exchange Setup by double-clicking Setup.exe.
  3. The Exchange Server Setup wizard opens. Select Don’t check for updates right now and click Next

The Copying Files page shows the progress of copying files to the local hard drive. Typically, the files are copied to %WinDir%\Temp\ExchangeSetup, but you can confirm the location in the Exchange Setup log at C:\ExchangeSetupLogs\ExchangeSetup.log.

  1. On the Introduction page, we recommend that you visit the Exchange Server deployment planning links if you haven’t already reviewed them, and then click Next.
  2. On the License Agreement page, review the software license terms, select I accept the terms in the license agreement, and then click Next.
  3. On the Recommended settings page, choose one of the following settings and then click Next:

Use recommended settings.

Don’t use recommended settings.

  1. On the Server Role Selection page, configure the following options, and then click Next:
    1. Mailbox role: Select this option, which also automatically installs the Management Tools.
    2. Automatically install Windows Server roles and features that are required to install Exchange: Select this option to have the Setup wizard install the required Windows prerequisites. You might need to reboot the computer to complete the installation of some Windows features. If you don’t select this option, you need to install the Windows features manually.
  2. On the Installation Space and Location page, accept the default location (C:\Program Files\Microsoft\Exchange Server\V15) or click Browse to choose a new location that has enough available disk space to install Exchange. Click Next to continue.
  3. On the Malware Protection Settings page, choose whether you want to disable malware scanning. Malware scanning is enabled by default (the value No is selected). If you disable malware scanning, you can enable it in the future. Unless you have a specific reason to disable malware scanning, we recommend that you keep it enabled. Click Next to continue.
  4. On the Readiness Checks page, verify that the organization and server role prerequisite checks completed successfully. If they haven’t, the only option on the page is Retry, so you need to resolve the errors before you can continue.

After you resolve the errors, click Retry to run the prerequisite checks again. You can fix some errors without exiting Setup, while the fix for other errors requires you to restart the computer. If you restart the computer, you need to start the Setup wizard from the beginning.

When no more errors are detected on the Readiness Checks page, the Retry button changes to Install so you can continue. Be sure to review any warnings, and then click Install to install Exchange.

  1. On the Setup Progress page, a progress bar indicates how the installation is proceeding.

NOTE: If you didn’t separate your Active Directory schema preparation from the installation of Exchange, the amount of time it takes to install Exchange depends on the size and complexity of your Active Directory site topology. It might take some time for the changes to replicate across your organization.

  1. On the Setup Completed page, click Finish, and then restart the computer

 

  1. Install Office Online Server

I didn’t install this as I had to migrate it very quickly, after configuring the Exchange Server. Below is the process:

  1. From VLSC download Office Online Server.
  2. Run Setup.exe and click Install Now (You can also deploy the language packs)
  3. You will require the certificate, you can have the same name for Internal and External FQDN. (example: oos.domainname.com)
  4. Configure the DNS records for Office Online Server
  5. In Windows PowerShell on the Office Online Server computer, replace the example FQDN and certificate friendly name with your values and run one of the following commands:

Same internal and external FQDN value:

New-OfficeWebAppsFarm -InternalURL “https://oos.domainname.com” -ExternalURL “https://oos. domainname.com” -CertificateName “Office Online Server Certificate”

  1. Configure the Office Online Server endpoint at the Mailbox server level
    1. In the Exchange Management Shell, replace the example server name and URL with your values and run the following command:

Set-MailboxServer -Identity MBX01 -WacDiscoveryEndpoint “https:// oos.domainname.com/hosting/discovery”

  1. Restart the MsExchangeOwaAppPool by running the following command:

Restart-WebAppPool MsExchangeOwaAppPool

  1. Configure the Office Online Server endpoint at the organization level
    1. In the Exchange Management Shell, replace the example URL with your value and run the following command:

Set-OrganizationConfig -WacDiscoveryEndpoint “https:// oos.domainname.com/hosting/discovery”

  1. Restart the MsExchangeOwaAppPool by running the following command:

Restart-WebAppPool MsExchangeOwaAppPool

 

  1. Create an Exchange 2016 Administrator Mailbox and add the mailbox to Organization Management.

 

  1. Configure the external URL values on Exchange 2016 virtual directories
    1. Login into ECP
    2. Go to Server > Servers and Select the Exchange 2016 Mailbox Server and click Edit.
    3. Click Outlook Anywhere
    4. Specify the internal and external hostnames (in my case I used webmail.domainname.com
    5. Click Save.
    6. Go to Servers > Virtual Directories.
    7. Select the Exchange 2016 (Internet Facing) and click Edit.

And configure the Internal and External links for all the Virtual Directories.

 

  1. Configuring Exchange Certificate
    1. Export the Exchange Certificate from Exchange 2010 using Private Key:
      1. Click File > Add/Remove Snap-in.
      2. In the Add or Remove Snap-ins window, select Certificates, and then click Add.
  • In the Certificates snap-in window that appears, select Computer account, and then click Next.
  1. Select Local computer, click Finish, and then click OK.
  2. Under Console Root, expand Certificates (Local Computer) > Personal > Certificates.
  1. Import the Certificate in Exchange 2016
    1. Click File > Add/Remove Snap-in
    2. In the Add or Remove Snap-ins window, select Certificates, and then click Add.
  • In the Certificates snap-in window that appears, select Computer account, and then click Next.
  1. Select Local computer, click Finish, and then click OK.
  2. Under Console Root, expand Certificates (Local Computer) > Personal.
  3. Right-click on Personal, select All Tasks, and then click Import.
  • In the Certificate Import Wizard, click Next.
  • Click Browse, select the exported .pfx file, click Open, and then click Next.

NOTE: You might need to change the File name filter in the Open window to All Files (*.*) to see the .pfx file.

  1. In the Password box, enter the password you used to export the certificate.
  2. Verify that Include all extended properties is selected, and then click Next.
  3. Verify that Place all certificates in the following store is selected and that Personal is shown in Certificate store. Click Next and then Finish.
  1. Assign the services to certificate imported in Exchange 2016
    1. Open the EAC by browsing to the URL of your Exchange 2016 Mailbox server (for example, https://EXCH01/ecp).
    2. Enter your username and password, and then click Sign in.
  • Go to Server > Certificates.
  1. In the Select server list, verify that your Exchange 2016 Mailbox server is selected.
  2. Select the certificate you imported, and then click Edit.
  3. On the Services tab, in the Select the services you want to assign this certificate to section, select the services. You can add services, but you can’t remove them later. At minimum, you should select IIS, but you can also select IMAP, POP, and UM call router if you use those services.

For TLS encryption of external SMTP client and server connections, or mutual TLS authentication between Exchange and other email servers, you can also select SMTP. Note that when you assign a certificate to SMTP, you’re prompted to replace the default Exchange self-signed certificate that’s used to encrypt SMTP communication between internal Exchange servers. Typically, you don’t need to replace the default SMTP certificate that’s used for internal communication.

When you’re finished click Save.

  1. Move arbitration Mailboxes from Exchange 2010 to Exchange 2016
    1. In the EAC, go to Recipients > Migration.
    2. Click New, and then click Move to a different database.
    3. On the New local mailbox move page, click Select the users that you want to move, and then click Add.
    4. On the Select Mailbox page, add the following mailboxes:

DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}

FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042

SystemMailbox{1f05a927-XXXX-XXXX-XXXX-XXXXXXXXXXXX} (for example, SystemMailbox{1f05a927-7bd0-47e5-9b6a-0b5ec3f44403}; most of the mailbox name is unique to your organization)

SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}

When you’re finished, click OK, and then click Next.

  1. On the Move configuration page, enter the name of the migration batch, and then click Browse next to the Target database
  2. On the Select Mailbox Database page, add the target mailbox database. Be sure to select an Exchange 2016 database (Version 15.1), click OK, and then click Next.
  3. On the Start the batch page, select the options to automatically start and complete the migration request, and then click New

 

To Verify that the System Mailboxes are successfully moved to Exchange 2016 version 15.1, run the following command on Exchange 2016:

Get-Mailbox -Arbitration | Format-List Name,Database,ServerName,AdminDisplayVersion

 

  1. Configure Outlook Anywhere on Exchange 2010 servers

If you’re currently using Outlook Anywhere (RPC over HTTP) in your Exchange 2010 environment, you’ll need to enable and configure Outlook Anywhere on all Exchange 2010 servers in your organization. This will allow your Exchange 2016 servers to proxy connections to your Exchange 2010 servers. If you’re not currently using Outlook Anywhere in your Exchange 2010 environment, and you don’t want to use it, you can skip this step. When you use the steps below to configure Outlook Anywhere, the following configuration is set on each Exchange 2010 server:

Do the following steps to enable and configure Outlook Anywhere on your Exchange 2010 servers:

  1. In the Exchange Management Shell on an Exchange 2010 server, replace mail.domainname.com with the external host name of your internet-facing Exchange 2016 Mailbox server, and run the following command:

$Ex2016HostName = “webmail.domainame.com”

  1. To configure all Exchange 2010 Client Access servers that already have Outlook Anywhere enabled to accept connections from Exchange 2016 servers, run the following command:WARNING: The following command will change the existing configuration of Outlook Anywhere on any Exchange 2010 Client Access server where it’s already enabled.Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $True} | ForEach {Set-OutlookAnywhere “$_\RPC (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Ex2016HostName -IISAuthenticationMethods NTLM,Basic}

 

  1. To enable Outlook Anywhere on all Exchange 2010 Client Access servers and configure them to accept connections from Exchange 2016 servers, run the following command:

Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable-OutlookAnywhere -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Ex2016HostName -IISAuthenticationMethods NTLM,Basic

To Verify that Outlook anywhere is configured successfully on Exchange 2010 to accept redirect connections from Exchange 2016, run the following command in Exchange Management Shell on Exchange 2010 Server:

Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-OutlookAnywhere | Format-Table Server,ClientAuthenticationMethod,IISAuthenticationMethods,SSLOffloading,ExternalHostname –Auto

 

  1. Configure the Exchange 2016 service connection point

Autodiscover uses an Active Directory object called the service connection point (SCP) to retrieve a list of Autodiscover URLs in the Exchange Active Directory forest. When you install Exchange 2016, you need to update the SCP object to point to the Exchange 2016 server, because Exchange 2016 provides additional Autodiscover information that improves the discovery process.

 

  1. Configure the SCP object on your Exchange 2010 servers:

 

    • In the Exchange Management Shell on an Exchange 2010 server, replace autodiscover.domainname.com with the Autodiscover host name of your internet-facing Exchange 2016 Mailbox server, and run the following command:

$AutodiscoverHostName = “autodiscover.domainname.com”

    • To set the SCP object on every Exchange 2010 Client Access server, run the following command:

Get-ExchangeServer | Where {($_.AdminDisplayVersion-Like “Version 14*“) -And ($_.ServerRole -Like “*ClientAccess*”)} | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://$AutodiscoverHostName/Autodiscover/Autodiscover.xml

 

    • Configure the SCP object on your Exchange 2016 servers:

 

    • In the Exchange Management Shell on an Exchange 2016 Mailbox server, replace autodiscover.domainname.com with the Autodiscover host name of your internet-facing Exchange 2016 Mailbox server, and run the following command:

$AutodiscoverHostName = “autodiscover.domainame.com”

    • To set the SCP object on every Exchange 2016 Mailbox server, run the following command:

Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 15.1*“) -And ($_.ServerRole -Like “*Mailbox*”)} | Set-ClientAccessService -AutoDiscoverServiceInternalUri https://$AutodiscoverHostName/Autodiscover/Autodiscover.xml

To Verfiy

On Exchange 2010

Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*“) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Format-Table Name,AutoDiscoverServiceInternalUri –Auto

On Exchange 2016

Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 15.1*“) -And ($_.ServerRole -Like “*Mailbox*”)} | Get-ClientAccessService | Format-Table Name,AutoDiscoverServiceInternalUri –Auto

 

 

  1. Configure your Exchange 2016 DNS records
    • Public DNS Records
FQDN DNS record type Value
domainname.com MX webmail.domainname.com
webmail. domainname.com A xx.xx.xx.xx
autodiscover. domainname.com A xx.xx.xx.xx

Before you make any changes to your DNS records, we strongly recommend that you reduce their time to live (TTL) to the lowest possible value

 

    • Internet DNS Records
QDN DNS record type Value
wemail.domainname.com CNAME Exch01.domainname.com
autodiscover.domainname.com A xx.xx.xx.xx

 

  1. Move user mailboxes to Exchange 2016

 

  1. Open the EAC by browsing to the URL of your Mailbox server (for example, https://Ex2016/ecp).
  2. Enter your username and password, and then click Sign in.
  3. Go to Recipients > Migration, click Add, and then select Move to a different database.
  4. Under Select the users that you want to move, click Add.
  5. In the Select Mailbox window, select the mailboxes you want to move, click Add and then click OK.
  6. Verify that the mailboxes you want to move are listed, and then click Next.
  7. Enter a unique and descriptive name for the mailbox move job, and verify that Move the primary mailbox and the archive mailbox, if one exists is selected.
  8. Under Target database, click Browse.
  9. In the Select Mailbox Database window, select a target mailbox database on the Exchange 2016 server, click Add, and then click OK.
  10. Verify that the mailbox database in Target database is correct, and then click Next.
  11. By default, the current user will receive the move report. To send the report to someone else, click Browse and select a different user.
  12. Verify that Automatically start the batch is selected.
  13. Decide whether you want the mailbox move to complete automatically. During the finalization phase, the mailboxes will be unavailable for a short time. If you choose to manually complete the mailbox move, you can decide when the move is finalized (for example, after working hours). Select or clear Automatically complete the migration batch.

NOTE: If you chose to manually complete the mailbox move, you’ll need to finalize the move by going to Recipients > Migration, selecting the mailbox migration, and clicking Complete this migration batch in the details pane. The Complete this migration batch link will be available only after the batch is ready to be completed. When you finalize the move, the affected mailboxes will be unavailable for a short time.

  1. Click New.

After the Exchange 2016 is installed and Mailboxes are moved, there are certain tasks that you need to consider, like:

 

  • Product Key

https://docs.microsoft.com/en-us/Exchange/plan-and-deploy/post-installation-tasks/enter-product-key?view=exchserver-2016

  • High Availability Options for Exchange Servers

https://docs.microsoft.com/en-us/Exchange/high-availability/manage-ha/manage-ha?view=exchserver-2016

  • Removing Exchange 2010 Server

https://docs.microsoft.com/en-us/previous-versions/office/exchange-server-2010/ee332361(v=exchg.141)?redirectedfrom=MSDN

  • Maintaining and growing an Exchange Organization

Mail flow issues that I faced after configuration.

After Exchange 2016 configuration, we had a plan to use an external Anti-spam solution because I wasn’t sure how the existing Anti-spam is flawless.

We configured the external Anti-spam and face the following error:

“451 4.4.395 target host responded with error 421 4.4.2 connection dropped due to socket error”

Below is the solution:

Comments (4)

  1. Derek

    Excellent post!!!

    January 8, 2020 at 3:36 pm
    |Reply
    1. amirmoiz

      Thank you Derek!

      January 8, 2020 at 3:37 pm
      |Reply
  2. Naren

    VeryNice

    January 8, 2020 at 4:04 pm
    |Reply
    1. amirmoiz

      Thank you 🙂

      January 8, 2020 at 7:30 pm
      |Reply

Leave your thought here

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Categories