Transitioning from an Exchange 2003 to an Exchange 2007 environment

There is no shortage of information out there on transitioning from Exchange 2000 or Exchange 2003 to an Exchange 2007 environment, although when performing the transition myself I found myself relying upon multiple resources to get the job done. Specifically, one of the things that was a problem for me was the fact that there is no real process to “upgrade” to Exchange 2007 retaining your old server name (a problem for third party issues SSL certificates).

I’ve run through the transition in a lab environment three times to capture all of the required steps (and hopefully the most common transitioning problems) in order to create a guide on performing this in your own environment.

There are a few assumptions with this guide (you can factor in any differences pretty easily):

  • This is an Exchange 2003 on Windows Server 2003 to Exchange 2007 on Windows Server 2008 transition process
  • This is a single server exchange environment transitioning to another single server environment
  • The environment uses RPC/HTTPS (now called Outlook Anywhere) for all client access

This guide will also include a transition from your legacy Exchange 2003 environment, to a temporary Exchange  2007 server, and then a migration from that temporary server to a new Exchange 2007 server of the same name as your legacy Exchange 2003 server. A quick summary:

  • Existing Exchange 2003 server (I will refer to this as the legacy server) migrating to…
  • Temporary Exchange 2007 server (I will refer to this as the temporary server) migrating to…
  • New Exchange 2007 server (I will refer to this as the new server) and that’s the end of the line

So let’s get started…

  • Export your SSL certificate (if you have a trusted third party issued certificate) from the legacy server to a .pfx file and copy this .pfx file to a file share to be accessible at the end of the transition
  • Ensure that the account to perform the transition is a Domain Administrator and a Schema Admin
  • Ensure that the legacy server has at least Exchange 2003 SP2 applied
  • Ensure that the schema master domain controller, and any global catalog servers in the same site as the Exchange server have at least Windows 2003 SP1 applied
  • Ensure that the domain functional level is Windows Server 2000 native or higher
  • Add the following registry key to the legacy server

HKLM\SYSTEM\CurrentControlSet\Services\RESvc\Parameters\SuppressStateChanges = 1 (DWORD)

  • Provision the temporary server using Windows Server 2008 and join to the domain
  • Install Windows Powershell, Remote Server Administration Tools (RSAT) and issue the following commands to install IIS dependencies dependencies:

ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-Dyn-Compression
ServerManagerCmd -i Web-Stat-Compression
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Digest-Auth

  • Install the Exchange Best Practices Analyzer (ExBPA) on any server that has an internet connection and access to the domain controllers, and run an Exchange 2007 readiness check to determine if there are any warnings or recommendations
  • Run /PrepareAD from the Exchange 2007 install media (make sure to “Run as Administrator” if UAC is turned on)
  • Install Exchange 2007 on the temporary server as a “Typical Exchange Server Installation” and select the legacy Exchange server when prompted for mail flow settings (make sure to “Run as Administrator” if UAC is turned on)
  • Using the Exchange Management Console (EMC) on the temporary server, migrate all mailboxes using the “Recipient Configuration | Mailbox” menu
  • Remove all mailbox databases from the legacy server
  • Ensure that the new mailbox databases are configured to use the new public folder database as their default
  • Migrate all public folder replicas by running moveallreplicas.ps1 –server <legacyserver> -newserver <temporaryserver> from the temporary server
  • Wait for all of the records under the “Public Folder Instances” node in the public folder database in ESM to disappear on the legacy server (this can take a while, sometimes days to complete depending on the amount of data)
  • Using Exchange Server Manager (ESM) on the legacy server, create a new “Public Folder Container” directly under the new Exchange 2007 administrative group
  • Drag the existing “Public Folders” tree under the “Folders” tree in the new administrative group
  • Remove the public folder store from the legacy server, selecting the temporary server’s public folder database when prompted for a new store
  • Remove all storage groups from the legacy server
  • Remove the routing group connectors that were created during the Exchange 2007 install, using ESM on the legacy server, under both the legacy and the new administrative groups
  • Delete the domain and enterprise Recipient Update Services (RUS) object using adsiedit.msc
  • Uninstall Exchange 2003 from the legacy server
  • Using adsiedit.msc on the temporary server, delete the legacy administrative group
  • Delete the legacy Exchange Domain Servers and Exchange Enterprise Servers groups (if they aren’t being used for other custom purposes in your environment)
  • If the legacy server is being entirely decommissioned, remove it from the domain and shut it down
  • Provision the new server using Windows Server 2008 and join to the domain
  • Install Windows Powershell and the IIS dependencies as per the temporary server build
  • Install Exchange 2007 on the new server as a “Typical Exchange Server Installation”
  • Install the latest Exchange 2007 updates, including service packs and update rollups (this is important) and then restart the server
  • Rename the storage group and mailbox databases as desired
  • Configure the location for the storage group and mailbox database as desired
  • Create a new public folder database with the desired name and location
  • Migrate all mailboxes from the temporary server to the new server using the “Recipient Configuration | Mailbox” menu
  • Remove the mailbox database(s) from the temporary server
  • Change the default public folder database on the mailbox database(s) on the new server to be the new public folder database (it’s under the “Client Settings” tab of the mailbox database properties)
  • Move all offline address book by running Move-OfflineAddressBook -identity “\<oabname>” -server <newserver> -confirm:$false
  • From the temporary server, move all public folder replicas to the new server by running moveallreplicas.ps1 –server <temporaryserver> -newserver <newserver>
  • Monitor the status of the replica move by running Get-PublicFolderStatistics -server <temporaryserver> until no items are returned, or you can append | Measure-Object -Line to count the number of lines returned to monitor the public folders moving (this can take hours, days or weeks depending on the amount of data)
  • Remove the public folder database from the temporary server
  • Remove Exchange 2007 from the temporary server, remove the server from the domain and shut down
  • Create a new wildcard (*) send connector using the “Organization Configuration | Hub Transport” menu
  • Configure the “Default <servername>” receive connector to allow “Anonymous users” to connect using the “Server Configuration | Hub Transport” menu
  • Copy the exported .pfx file from earlier and use the “Server Certificates” option on the parent node in IIS7 to import the certificate
  • Change the certificate used by OWA by selecting the Default Web Site, clicking the “Bindings” menu on the right hand side, and editing “https”
  • Select the imported certificate from the drop-down box and save settings
  • Install the “RPC over HTTP Proxy” feature
  • Enable Outlook Anywhere using the “Server Configuration | Client Access” menu in EMC on the new server, right clicking on the server and selecting “Enable Outlook Anywhere”
  • Allow 15 minutes before testing (check the event logs for event ID 3006 which indicates that Outlook Anywhere is configured)
  • Edit the hosts file to comment out the IPv6 localhost line (::1) and add the following lines <hostname> <hostname.domain>

  • Restart the new server and test the connection

I have a fairly complicated environment regarding permissions, address lists and the like, so I found that I had to go through and make sure that my showInAddressBook attributes were set correctly on all of my mailboxes (the address lists were fine, but the global address lists were not). This may not be an issue in your environment, but feel free to drop me a line if you’re having issues.

Migrating from Virtual Server 2005 to Windows Server 2008 with Hyper-V

I’ve recently migrated all of my Virtual Server 2005 machines to Windows Server 2008 with Hyper-V. The migration isn’t as smooth as it could be, but it’s not too difficult either.

Here are the steps that I took, keeping in mind that all of my guest operating systems are running Windows Server 2003 R2. I was going to take screenshots, but it’s been a long day.

  1. Firstly, you need to record the TCP/IP information from each of your VM’s to migrate, as you’ll need to reconfigure the NIC from scratch a bit later;
  2. When you’ve record the TCP/IP information, you should uninstall the Virtual Machine Additions from the guest operating systems – This is a fairly important step, as I’ll explain further on;
  3. Now you should shut down your guests to prepare for the migration;
  4. Using the Hyper-V Manager on your Windows Server 2008 machine, you should first configure the Hyper-V settings – You can do this by right clicking on the server in the Hyper-V Manager console, and clicking on Hyper-V Settings;
  5. I configured the Virtual Machines location to point to D:\Virtual Server, as the default is in an unusual location (like Virtual Server 2005);
  6. With your new path specified, you can create your first machine – On the right hand pane, click New -> Virtual Machine;
  7. Go through the options, naming your machine, allocating the appropriate RAM and assigning the NIC;
  8. When you get to the step to add a hard disk, select Attach a virtual hard disk later and then Finish;
  9. You should now have your machine visible in the Virtual Machines section;
  10. Use Explorer to open the location that you specified in step 5, and notice that Hyper-V has created a folder named “Virtual Machines” which contains a subfolder and an XML file with the same GUID (hexidecimal string) name;
  11. The XML file is the equivalent of the .vmc file from Virtual Server 2005 (where the machine configuration is stored), and the folder will be empty for now, but will be where the virtual machine’s running state (.vsv) will be stored;
  12. I recommend you create a folder underneath the D:\Virtual Server directory called Virtual Hard Disks and then create a subfolder for each of your machines under here – I copied the GUID name of the machine, to keep consistency;
  13. Locate your legacy Virtual Hard Disk (.vhd) file and copy it in to the appropriate Virtual Hard Disk subfolder;
  14. In the Hyper-V Manager console, right click on your machine and click Settings;
  15. Click on IDE Controller 0 and then click on Add on the right hand side, ensuring that Hard Drive is selected from the combo box above;
  16. Click on Browse and then locate your copied .vhd file;
  17. If you have additional disks, you can either add them on a virtual IDE controller, or a virtual SCSI controller (you need to add the SCSI controller via the Add Hardware option in the machine settings) – Note that Hyper-V does NOT support SCSI boot devices (I’m not sure why);
  18. Now you can start your VM by right clicking on it and selecting Start – Connect to the console by right clicking on it and selecting Connect;
  19. When it boots up and you log in, you’ll probably notice a few things – Firstly, if you are logged in via RDP you won’t be able to use the mouse to control the guest. This makes life pretty difficult, because of course your shortcut keys generally target to your local machine, or to your RDP window, depending on how you’ve configured your RDP client. This is why I recommend uninstall Virtual Machine Additions before moving your .vhd because navigating through Add/Remove is a bit tricky without a mouse and shortcut keys like ALT+TAB, etc… You should be able to follow the next steps without a mouse (note that if you need a mouse, you can either log on to the Hyper-V server locally, or you can install the Hyper-V Manager on a Vista machine, and if needed delegate access to remotely manage the machine – Third party remote server administration tools that don’t utilise the RDP protocol would likely work as well).
    The second thing you’ll probably notice, is that your machine is detecting new hardware – Escape out of these dialogues.
  20. Press CTRL+ALT+Left Arrow to lose focus to your virtual machine, and then click on Action -> Insert Integration Services Setup Disk (you can also just press CTRL+I);
  21. The setup disk will auto-run, and will ask you if you want to install the Integration Services – It will also prompt you to update the HAL;
  22. After you’ve confirmed the prompts and the tools are installed, your machine should reboot – When it comes back from a reboot, log in again and it should continue to install some more drivers – Note that you may also receive another “hardware detected” dialogue box which you’ll need to close before the drivers can finish installing (it seems to wait indefinitely otherwise);
  23. Your VM should reboot again, and at last you should have control of the mouse (I can’t remember if you get control in the last step, but you’ll definitely have it now);
  24. When you log in this time, you’ll probably notice that there’s a network error icon in the system tray complaining of limited connectivity – We need to remove the legacy NIC from Virtual Server 2005 before we configure the new NIC (well, we don’t need to, but Windows will complain that you’ve already allocated the IP if you use the same one);
  25. To remove this old NIC, run the following commands from the Command Prompt

    set devmgr_show_nonpresent_devices=1
  26. This will set a flag to allow devices that are not present to be displayed when hidden devices are unhidden in the Device Manager, and it will open Device Manager;
  27. In Device Manager, click on View -> Show hidden devices, and then expand Network Adapters;
  28. You should see your old NIC(s) which should be either a DEC 21140 or an Intel 21140 – Right click the NIC(s) and uninstall;
  29. Close Device Manager, and then run the following command to reset the non-present device flagset devmgr_show_nonpresent_devices=0
  30. Using the information recorded in step 1, reconfigure your TCP/IP configuration as normal.

That should be it – You should now have a machine happily living in your new Hyper-V environment.