Part 1 of this article covered the basics, i.e., Exchange 2016 installation and side-by-side hybrid license activation. In this part 2, we will cover the configuration update and migration of Hybrid Exchange 2010 to Hybrid Exchange 2016.
Update the Service Connection Point (SCP)
Open Exchange Management Shell to run the following command.
Get-ClientAccessServer -Identity “Server Name” | fl
Note the auto discover URL https://<FQDN>/Autodiscover/Autodiscover.xml
Set-ClientAccessServer -Identity “New Server Name FQDN “ -AutoDiscoverServiceInternalURI https://<FQDN>/Autodiscover/Autodiscover.xml
To check the update, run this command.
Get-ClientAccessServer -Identity “New Server name” |fl
Import the Exchange UCC certificate
Note: Before importing the certificate, make sure you have added the new Exchange Server FQDN as DNS in your exchange certificate.
To import the certificate from the Exchange Admin Center, the file path should be \\Localhost\c$\Cert\cert.pfx
Put the certificate password if you are running ECA from the new Exchange Server.
Update Exchange Virtual Directories & Outlook Anywhere settings
$ServerName = “Exch01(FQDN For server)”
$FQDN = “Web address you want to use” (Ie. Webmail.company.com)
Get-OWAVirtualDirectory -Server $ServerName | Set-OWAVirtualDirectory -InternalURL https://$($FQDN)/owa -ExternalURL “https://$($FQDN)/owa”
Get-ECPVirtualDirectory -Server $ServerName | Set-ECPVirtualDirectory -InternalURL “https://$($FQDN)/ecp” -ExternalURL “https://$($FQDN)/ecp”
Get-OABVirtualDirectory -Server $ServerName | Set-OABVirtualDirectory -InternalURL “https://$($FQDN)/oab” -ExternalURL “https://$($FQDN)/oab”
Get-ActiveSyncVirtualDirectory -Server $ServerName | Set-ActiveSyncVirtualDirectory -InternalURL https://$($FQDN)/Microsoft-Server-ActiveSync -ExternalURL “https://$($FQDN)/Microsoft-Server-ActiveSync”
Get-WebServicesVirtualDirectory -Server $ServerName | Set-WebServicesVirtualDirectory -InternalURL “https://$($FQDN)/EWS/Exchange.asmx” -ExternalURL https://$($FQDN)/EWS/Exchange.asmx -BasicAuthentication $true
Get-MapiVirtualDirectory -Server $ServerName | Set-MapiVirtualDirectory -InternalURL “https://$($FQDN)/mapi” -ExternalURL “https://$($FQDN)/mapi”
Get-OutlookAnywhere -Server $ServerName | Set-OutlookAnywhere -ExternalHostname $FQDN -InternalHostname $FQDN -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true -DefaultAuthenticationMethod NTLM
IIS setting to make sure everything works.
SSL Settings and HTTP Redirect settings for all virtual directories in Exchange 2016 and ensure it is set properly.
Virtual Directory SSL enabled HTTP Redirect
Default website NO Yes
aspnet_client Yes NO
Autodiscover Yes NO
ecp Yes NO
EWS Yes NO
owa Yes NO
Microsoft-Server-ActiveSync Yes NO
OAB Yes NO
PowerShell NO NO
Rpc Yes NO
Add anonymous SMTP relay connector
PowerShell to create custom Receive Connector
New-ReceiveConnector -Name "External" -Usage Custom -TransportRole FrontendTransport -AuthMechanism Tls,Integrated,BasicAuth,ExchangeServer -PermissionGroups AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers, Partners -Bindings X.X.X.X:25 -RemoteIPRanges Y.Y.Y.Y -MaxMessageSize 25MB
X.X.X.X will be your Exchange Server IP
Y.Y.Y.Y will be your client Application Server or IP pool
Update DNS and firewall rules, and update send connectors
Now, we can update any local DNS entries like “mail.” or “autodiscover.” The traffic on the local LAN segment will start to flow through the new Exchange Server.
To make the same change for external users/services, you can just update your firewall NAT rules to point at the new server as well update the send connectors to new Server For Outbound to EOP and Outbound to Office 365
Uninstall the Legacy Exchange Server
#Remove default Public folders
Get-PublicFolder "\" -Recurse -ResultSize:Unlimited |
Remove-PublicFolder -Recurse -ErrorAction:SilentlyContinue
#Remove system Public folders
Get-PublicFolder "\Non_Ipm_Subtree" -Recurse -ResultSize:Unlimited |
Remove-PublicFolder -Recurse -ErrorAction:SilentlyContinue
#Remove Offline Address Book
Get-OfflineAddressBook -Server “Old Server “ | Remove-OfflineAddressBook
#Remove Public Folder database (Exchange 2010 Only)
Get-PublicFolderDatabase | Remove-PublicFolderDatabase
#Remove arbitration mailboxes (Exchange 2010 Only)
Get-Mailbox -Arbitration | Disable-Mailbox -Arbitration -DisableLastArbitrationMailboxAllowed
#Remove mailboxes
Get-Mailbox -server “ Old Server “ | Disable-Mailbox
Exchange uninstaller -- Run command Prompt as administrator, Navigate to C:\Program Files\Microsoft\Exchange Server\v14\Bin and run:
setup.com /mode:uninstall
Run the new hybrid configuration wizard
By running Hybrid Configuration wizard we update all the setting between Exchange Online and Exchange On-Prem. Like Send connector, Receive connector, and certificate for Secure mail flow.
In this part we have covered Step by Step configuration update and migration of Hybrid Exchange-2010 to Hybrid Exchange 2016.
Feel free to reach out if you have any question or concerns.
Thank you for reading.