Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

tranistion to 2010 internet facing server

  • Filter
  • Time
  • Show
Clear All
new posts

  • tranistion to 2010 internet facing server

    I AM currently in mid transition from exchange 2003 to 2010 and am at the point of making the 2010 CAS server the internet facing server and would like some advice on the steps I am about to perform before doing so to make sure I am of the right thinking.
    I purchased my SAN certificate with the names of, , and server.glb.local and have added it to the 2010 server ok but have not assigned services yet.
    As our user use outlook anywhere and active sync a lot my concerns is that these services have no downtime.
    My next steps were going to be to:
    1. Edit the internal DNS record for mail to point to the new 2010 server.
    2. Create a internal/external DNS record for legacy and point the internal one to the 2003 server and the external to the 2010 server.
    3. Create a internal/external DNS record for autodiscover and point to the 2010 server.
    4. Edit the rule on my ASA for incoming email to point to the new 2010 server.
    Run the script on 2010 for OWA redirection (Enable-OutlookAnywhere -Server:MAIL2010 -SSLOffloading $false
    5. )Change the attribute on the 2003 server to 6 within ADSIedit to allow Kerberos authentication between servers for active sync

    6. Export the SAN certificate off of the 2010 server and import into the 2003 server
    7. Disable Outlook anywhere on the 2003 server

  • #2
    Re: transition to 2010 Internet facing server

    You need to sort the certificates out before you change the firewall, because it will be used immediately. If you are using OWA at the moment, then the Exchange 2003 server will also need to be directly exposed to the Internet - as all Exchange 2010 does is redirect to the legacy host name. Nothing more. It doesn't proxy it.
    Therefore you will need two external IP addresses, with the DNS configured correctly, NAT in the firewall etc.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.