Loading...
 

Exchange 2016 Migration

Migration Checklist

Domain Controllers

  • Make sure that IPv6 is enabled. While troubleshooting some DNS issues I found several articles stating that Exchange will default to IPv6 for DNS but should fall back to IPv4. Since these servers will have their own DCs I don't see a compelling reason to disable IPv6.

Client Environment

  • Confirm that all Outlook clients are one of the following versions/levels
    • Outlook 2010 SP2 or later with KB2956191 and KB2965295 (These patches provides Mapi/http)
    • Outlook 2013 SP1 or later with KB3020812 (This patch fixes shared mailbox and legacy Public Folders)
    • Outlook 2016
  • Document difference in Exchange server name in Outlook profile
    • Mailbox GUID vs CAS Array
  • Need to confirm that the current Outlook Anywhere authentication settings will work correctly both in and out of the domain, on and off the LAN.
  • Document differences in Outlook profile creation and create a procedure for EDA and TAC on the proper way to create an outlook profile. My high level observations so far are:
    • Exchange 2016 mailbox connecting to an Exchange 2016 server
      • Outlook 2010/2013, selecting "Manually configure server settings......"
        • Profile creation using this method will fail because the outlook client will try to make a direct RPC connection to the Exchange server in order to resolve the user's mailbox info. Exchange 2016 won't support direct RPC connections.
      • Outlook 2010/2013, using "Auto Account Setup" by entering the user's email address.
        • This will succeed because Autodiscover will be used first to determine what the user's mailbox information is and how to configure the client. You will see that using this method the outlook profile will be configured for outlook anywhere which is required to connect to Exchange 2013 and above. (Outlook Anywhere or MAPI/HTTP)
    • Exchange 2016 mailbox connecting to an Exchange 2010 server
      • Outlook 2010, selecting "Manually configure server settings......"
        • The Exchange 2010 server will be able to resolve the location of the user's mailbox and you will successfully be able to create the outlook profile. However you will not be able to connect to the user's mailbox running on the Exchange 2016 server because the outlook profile was not configured for Outlook Anywhere. You can go back into the profile and configure Outlook Anywhere and then you will be able to connect but by default it will not work.
      • Outlook 2010, using "Auto Account Setup" by entering the user's email address.
        • By using this profile setup method, you won't actually be able to connect to an Exchange 2010 server. This method will use Autodiscover to configure the Outlook profile correctly based on where the mailbox is. Since it is on an Exchange 2016 server the profile will be configured for Outlook Anywhere. Profile creation will succeed and you will be able to connect to the mailbox.
    • Exchange 2010 mailbox connecting to an Exchange 2016 server
      • Outlook 2010, selecting "Manually configure server settings......"
        • This will succeed and you will be able to connect to the mailbox but I don't fully understand why. Based on my packet captures, there are direct RPC connections being made to the Exchange 2016 server but about half way through the conversation you see that the RPC connections change from the Exchange 2016 server to one of the Exchange 2010 CAS servers and you are allowed to finish the profile creation. There must be some type of redirection being done here from 2016 to 2010 but I haven't found any documentation that discusses RPC redirection.
      • Outlook 2010, using "Auto Account Setup" by entering the user's email address.
        • As with all other scenarios this method will succeed and you will be able to connect to the mailbox. Even when changing the AutoDiscoverInternalURI to point to the Exchange 2016 server it will figure things out and complete your profile setup. It should be noted here that even though Autodiscover was connected to on a 2016 server the outlook profile is setup with the 2010 Outlook Anywhere settings, meaning use outlook anywhere only on slow networks.......
    • Exchange 2010 mailbox connecting to an Exchange 2010 server
      • Of course this works using any method of profile creation.
    • NOTE: If you are using Outlook 2013 or Outlook 2010 with (kb2956191, kb2965295) and you have an Exchange 2016 mailbox you will not see the "Connection" tab in the properties of your outlook profile. The "Connection" tab is where you would normally go to configure Outlook Anywhere. Since you are now on Exchange 2016 and MAPI over HTTP is enabled by default, you will be connecting to Exchange using MAPI over HTTP. Because of this the "Connections" tab is hidden. If you need to re-enable it to use Outlook Anywhere for troubleshooting, see the article below.

Outlook Profile Test Scenarios

[+] Outlook 2010 using Outlook Anywhere on Windows 7

[+] Outlook 2010 using Direct RPC on Windows 7

[+] Outlook 2013 using Outlook Anywhere on Windows 8

[+] Outlook 2013 using Direct RPC on Windows 8

Exchange 2010 Environment

Exchange 2016 Environment

General

Database

  • Modify RPCClientAccess value for each database prior to moving any users there More testing needs to be done here, according to many articles 2013/2016 doesn't use this value but there do appear to be some situations where it might be used

Client Access


Transport Service

  • Statically configure Internal and External DNS servers for the Transport service on each Exchange 2016 server. See the "Transport Service DNS Issues" on the "Exchange 2016 Administration and Troubleshooting" page.
  • Update the "RemoteIPRanges" from the relay connector on SOCEXHTC01 to the relay connector on SOCEX16C01
  • Test email to Distribution Lists after inbound transport server cutover

Cutover

Client Access

  • From a 2016 CAS Server, configure Outlook Anywhere settings on the 2010 CAS Servers. Perform this step for each 2010 CAS Server. This probably isn't necessary but this is how the lab environment has been configured for all testing so I am doing it in production for consistency.
    • Confirm that the "ExternalHostname" is set to "owa.domain.com" for 2010 CAS
    • Set Internal and External Client Authentication Method to NTLM
    • Set "IISAuthenticationMethod" to "Basic,NTLM"
      Get-OutlookAnywhere -Server <2010_CAS_Server> | Set-OutlookAnywhere -ExternalHostname owa.domain.com -ExternalClientAuthenticationMethod NTLM -InternalClientAuthenticationMethod NTLM -IISAuthenticationMethods Basic,NTLM




Show php error messages