Friday, April 29, 2016

Migrating from Exchange 2010 to Exchange 2016 Part-6

Till now in last 5 part i have covered process, assessment, installing Exchange Server 2016 & configuration of the Exchange 2016 such as virtual directory, Outlook anywhere,Exporting the Exchange 2010 certificate, Configuring receive connector and configure autodiscover url. Now in this part will focus on moving the mailboxes from Exchange 2010 Exchange 2016 and checking the all functionality.


Configure High Availability for Mailbox Server


Before moving the mailbox, we have to configure the out mailbox servers database properly, right now we do have two mailbox servers and we need to configure high availability for those servers as Database Availability Group (DAG). As you know Exchange 2016 DAG can contain up to 16 mailbox servers, each of which hosts copies of one or more databases that are replicated with database copies on other members of the same DAG.


Configure Database Availability Group (DAG)


As we discussed for high availability we need to create DAG for Exchange 2016, when a DAG is first created it has zero members. A minimum of two members is required for the DAG to provide high availability. You can click here for how we can configure the DAG in my post.

Testing Exchange 2016 base functionality


Before we can move namespaces and mailboxes across to Exchange Server 2016  we need to do test the new server is fully functional.

I created some mailboxes in Exchange 2016 and test the email flow, i sent email from my Exchange 2010 admin account to Exchange 2016 admin it work fine.




Updating the Exchange 2010 Virtual Directory URLs


As you know Exchange 2016 can support as a proxy for Exchange 2010 servers. It means that it is easy to allow Exchange 2010 and Exchange 2016 to co-exist using the same URLs to accessing the services.

Now we can move the autodiscover.tech.com from Exchange 2010 to Exchange 2016, along with this we have to change the DNS/Firewall so that Https client traffic will go via Exchange 2016 to Exchange 2010 servers.
We have to update our core URLs for Exchange 2010 to remove the External URL value. We will also enabled Outlook anywhere, configure with the Https name that will move to Exchange 2016, you can follow same as in Exchange 2013 process.


Update Internal DNS records and switching External HTTPS Connectivity


We need to update the internal DNS record to direct traffic internally at the Exchange 2016 server, we need to change internal DNS records so that both the autodiscover name and HTTPS namespace are configure with the new IP address (Exchange 2016).

Client will not be immediately redirect to use the Exchange 2016 server as the proxy for client access, as soon as client can access the server retry login and client access to ensure no issues exit. If internal client can access works fine than update the external HTTPS publishing.

Change Mail Flow Routing


In above we see we already tested Exchange 2016 can receive mail and delivered to Exchange 2010 users, default Exchange 2016 is already configured to receive email from the Internal using Anonymous permissions on the default receive connector.
Also we have to ensure that inbound mail flow is not interrupted before moving on to migrating.

Next step is to make changes outbound mail flow and allow to Exchange 2016 take the outbound email flow rather than via Exchange 2010 server. We have to make sure firewall rules allow the Exchange 2016 server IP address to initiate connections to Internet hosts on TCP port 25.

Once ensure that the Exchange 2016 server is allowed  to relay outbound mail, than we are ready to update the Send Connector. For updating the Send Connector click here  step by steps.


Creating New Offline Address Book (OAB)


As part of the installation of Exchange 2016, a new offline address book was created and set the default. Now i want to create new OAB so that i will remove old Exchange 2010 OAB.

If you want to whats new in OAB you can click here

Open the PowerShell and type below command

New-OfflineAddressBook –Name “OAB16” –AdressLists “\Default Global Address List”

now you can see the status of the OAB by using the Get-OfflineAddressBook command.



Assigning an OAB in Exchange 2016


Open Exchange 2016 ECP with Administrator account.
Click on “Servers” and select “Databases” select database you want to assign the OAB

Click on “Edit” and Click on “Client Setting” 
Click on Brows.
Select the OAB16, which we created newly.
Click on save.

Migrating the Pilot Mailbox


We do have number of methods that can be used to migrate mailboxes from Exchange 2010 to Exchange 2016, such as Exchange Admin Center 

Open ECP select recipients and select migration tab, than click on + sign and select move to a different database
Select the mailboxes which you want to migrate.

give the Batch name and select the target database and select other required options.
Select the recipients which will get the notification after complete the Job and select preferred option to complete the batch.
Once finish it will sync 

Second easy option to use the Power Shell to migrate the mailboxes.

Open Power Shell and type below command, as i have multiple mailbox so i'm using export csv option.
Import-CSV "C:\Move.CSV" | Foreach (New-MoveRequest _identity $_.Identity -TargetDatabase MDB01)


Now you can monitor the move request with command Get-MoveRequestStatistics



if you want you can check the Exchange 2010 EMC for mailbox hosting database and servers.


Once i moved pilot users, now i have Exchange 2010 and Exchange 2016 users, before moving forward i will check the client end functionality.

From Exchange 2016 i sent email to Exchange 2010 and getting smooth delivery vice versa its working.


Also i verify the Outlook calendar whether availability is working or not, and found its working as expected vice versa.



It means my end user don't have any issues.

In above articles we have describe the configure high availability as a DAG for mailbox servers, updating the  Exchange 2010 virtual directories URLs, updated Internal DNS records and switching External Https connectivity, change the email flow from Exchange 2010 to Exchange 2016, created new Offline Address Book (OAB) and assigning to Exchange 2016 database and migrating the pilot mailboxes finally tested the end users functionality.

Hope it will help you to understand the migration process from Exchange 2010 to Exchange 2016.

Next part i will focus on bulk mailbox migration and public folder migration process.

Thank you!


Click here for Part-5                                                                         Here for Part-7




Wednesday, April 27, 2016

Configure DAG on Exchange 2016

Exchange 2016 DAG are very similar to Exchange 2013 DAG, however there are some new features.

There are some basic rules for DAG

No shared storage required for Exchange DAG.
All member servers must be in the same AD domain.
16 copies for each database support.
Mailbox server can not be domain controller.
Windows failover cluster is set up when DAG is set up.
Data Center Activation Coordination (DAC)  is configure for site resistance for prevents a split brain syndrome.
DAG is only high availability for the Mailbox servers.

Set up MAPI and Replication Network


First of all we have to add one more network card to configure MAPI & Replication network in your mailbox servers, you can rename the for avoiding the confusion.

We are using 192.168.209.0/24 for MAPI and 172.10.0.0/16 for Replication network.

Next step is to disable the network features that are not require in MAPI adapters, IPv6 should be enabled.

For replication network adapters we need to disable "Client for Microsoft Network" and "File and Printer Sharing for Microsoft networks".

Set the IP address for Replication adapter
next set the DNS tab and uncheck the "Register this connection's addresses in DNS".

Configure Witness Server


You must have an odd number of voters in a cluster. If you have an even number of mailbox servers in the DAG, the DAG will use a node and file share majority quorum model where it will use a file share witness which is created on a witness server during the DAG setup. If you have as odd number of mailbox servers in the DAG then the DAG will use the node majority quorum model and the file share witness will not be used.

As per recommendation  domain controller or DAG member should not be witness server, When we create the DAG, Exchange will create a witness directory and share on the witness server. For this you the " Exchange Trusted Subsystem" AD group is a local administrator on the witness server.
also add the Exchange Trusted Subsystem group as a local administrator on the witness server.

Configure Exchange 2016 Database Availability Group


I will start to use PowerShell to configure DAG, DAG Name is DAG01 and witness Server is my DC (I don't have any option in my lab).

 we can run the following PowerShell command:
New-DatabaseAvailabilityGroup -Name DAG01 -WitnessServer DC.tech.com -FileSystem ReFs

now add the mailbox servers, we do have two mailbox server E16 and E16-1, we can use the below cmdlet :

Add-DatabaseAvailabilityGroupServer -identity DAG01 -mailboxServer E16
Add-DatabaseAvailabilityGroupServer -identity DAG01 -mailboxServer E16-1


After that we can check the status of the DAG with below command:

Get-DatabaseAvailabilitygroup DAG01 -Status


Now you can check the where is our witness server also:

We can verify into witness server also

As you know the Exchange 2016 DAG will configure Network automatically, so now you can check the status of the DAG Network:

You can check some other configuration such as :
Now you check the mailbox database
Now you have to add database one by one on DAG

Now we can check the database copy status:

Testing the DAG


Once configuration complete, i want to check the fail over, so now i have disable one of the my mailbox server MAPI Network card for testing the actual fail over:

Once NIC disabled, checked the Database copy status now

Now we checked the database getting active on another server properly, now i enabled the MAPI network for mailbox server.

Enable Datacenter Activation Coordination Mode


If you have the two site and DAG configure you can use the DAC mode to avoid the split-brain. You can use below command to enable the DAC mode in DAG. you can click here for deep dive for DAC MODE.

Set-DatabaseAvailabilityGroup DAG01 -DatacenterActivationMode DagOnly


In this post we have seen how we can configure the DAG in Exchange 2016, it is same as Exchange 2013 DAG configuration.
Hope this post help you.

Thank you!

Tuesday, April 19, 2016

Migrating from Exchange 2010 to Exchange 2016 Part-5

Last 4 part we have covered process, assessment and introducing the Exchange Server 2016, now we will focus on configuration part of the Exchange Server 2016 for moving forward to move mailboxes.

Once installation complete open Exchange Administrative Center
When launching EAC via local host we are getting the certificate error because  we have not installed the SSL certificate, just click on "continue to this website to access" the EAC
After successfully login we can see the all legacy mailboxes under the recipients

Updating Autodiscover (SCP)


After installing the Exchange server 2016 we have to update the SCP. The default SCP is default url is
https://E16.tech.com/Autodiscover/Autodiscover.xml.
https://E16-1.tech.com/Autodiscover/Autodiscover.xml.

which is not suitable because we don't have the trusted SSL and domain joined clients will get the certificate warning error.
So we will update the URL as per Exchange 2010


After making the changes, any client trying to connect the Exchange 2016 SCP (autodiscover)  before we make co-existence will be direct to use the Exchange 2010.

Exporting the certificate from Exchange 2010


We are going to migrate the HTTPS name from the Exchange 2010 to Exchange 2016 so we can re-use the same SSL certificate by exporting the from Existing Exchange 2010 servers.

you can click here for follow the complete steps Exporting Certificate from Exchange 2010, which i export from Exchange 2010 to Exchange 2013, same steps we can follow for Exchange 2016.

Configure Exchange URLs (virtual Directories):


Next steps is configure the Exchange 2016 virtual directories, for configure the virtual directories you can use either Exchange Admin Center or Exchange PowerShell, in my case i used Powershell


Configure Outlook Anywhere


After updating the Exchange 2016 virtual directories, we have to configure Outlook anywhere  for HTTPS name authentication. As you know Outlook Anywhere is the protocol Outlook client will use by default to communicate to Exchange 2016 replacing the MAPI/RPC within the LAN.
It is very important all setting must be correct, still if you are not publishing Outlook Anywhere externally.

First open the Exchange Admin Center, select the Servers tab select the server, click on edit, once you get the edit page select the Outlook Anywhere than set the correct configuration such as External Host Name, Internal Host Name and authentication Method

Configure Receive Connector


Next step is to configure the receive connector on Exchange 2016 as per Exchange 2010. Default and client connector are already created.

Open the Exchange Admin Center select mail flow tab and select receive connectors


Click on + sign it will give you new wizard for new receive connector, give the name of the connector and select "Frontend Transport" from Role and select "Customize" from the type.


Next page, we will select the Network and default port will be 25 for SMTP
Next page we have to choose IP addresses that the receive connector will accept mail.

once complete you can see the connector in EAC.
now click on edit for newly created receive connector and select the security tab and select the"Externally secured" from authentication and select Exchange servers and Anonymous users from permission groups.



In this article we have configure Exchange 2016 for moving mailboxes from Exchange 2010 smoothly, which is the very critical for any of the migration such as receive connector, Outlook Anywhere, Autodiscover, Exchange Virtual directories etc.

Hope this will help you.

In next part i will start moving the mailbox and end users functionality.


Click here for Part- 4                                         Click here for Part-6