Exchange Server Migrations & UpdatesDave StorkArchitect @ OGD ict-dienstenExchange MVP

Mail: dave.stork@ogd.nlTwitter: @dmstorkBlog: https://dirteam.com/davePodcast: www.theUCarchitects.com

Agenda

Updates & Updating– Why?– General process

Server migrations – General process

Questions– If remaining time allows

Updates

Updates

Why update?Updates fixes bugs, improve security and add features and capabilities.– Regular updates– Security updates– Interim updates– Hotfix

What are upgrades?New major build (i.e. Exchange 2007 to 2013)

Updates

Regular Exchange UpdatesExchange 2007-2010– Rollup Updates (RU)– Service packs (SP)

Exchange 2013– Cumulative updates (CU)– Service Pack (just a support distinction)

All updates are cumulative– You can install the latest update without requiring to install

intermediate updates– 2013: It’s best to keep up and miss no more than 1 CU

Updates & Support

Mainstream SupportSecurity updatesPossibly new features and capabilities

Extended SupportSecurity updates

Out of supportNo updatesBusiness risk

Updates & Support

Service Pack extends support

Where can I find this information?– https://support.microsoft.com/en-us/lifecycle

Products Released Lifecycle Start Date Mainstream Support End Date

Extended Support End Date

Service Pack Support End Date

Exchange 2010 Enterprise 11/9/2009 1/13/2015 1/14/2020 10/11/2011

Exchange 2010 SP1 8/23/2010 Not Applicable Not Applicable 1/8/2013

Exchange 2010 SP2 11/28/2011 Not Applicable Not Applicable 4/8/2014

Exchange 2010 SP3 2/12/2013 Review Note Review Note

Exchange 2010 Standard 11/9/2009 1/13/2015 1/14/2020 10/11/2011

Update process

Always test updates in a test/lab environment that is comparable to the live environment

If this is not possible; wait several weeks and watch the Exchange Team blog and/or MVP blogs

http://blogs.technet.com/b/exchange/

Read release notes and check compatibility with third party solutions (Antivirus, backup)

Read every release notes, also those you’ve skipped!

Update process

Single serverCheck server healthEnsure backups are OK– Perform a restore testPlan a maintenance window and inform usersReboot serverInstall updateRebootTestPerform additional actions and release or uninstall update– Uninstall not possible with SP and CU

Update process

Servers in a DAG Check server healthEnsure backups are OK– Perform a restore test

Plan a maintenance window– inform users?

Disable server in Load Balancer– To prevent user connections to a server while updating.

Healthchecks might not correctly detect availability

Update process

Servers in a DAG Put server in maintenance mode– 2010: built-in StartDagServerMaintenance.ps1– 2013: MVP Michael van Horenbeeck script

– http://vanhybrid.com/tag/maintenance-mode/Disable Antivirus (AV, and other processes)Install update– Test & evaluate

Stop maintenance mode– 2010: built-in StopDagServerMaintenance.ps1– 2013: MVP Michael van Horenbeeck script

Update process

Servers in a DAG Enable AV and other processesPerform additionional actionsRedistribute databases– Built-in: RedistributeActiveDatabases.ps1

Enable server in load balancer– Check when client access load is evenly distributed

Start process on other servers– With 2013 you can wait a longer period before updating

other servers

Update process tip

To speed up updating, disable Check for server certificate revocation in Internet Explorer.

However, a reboot is required.

Server migrations

Migrations

Check requirementsCoexistenceTopologyResourcesThird party productsClients

Migrations

General processPrepare Active DirectoryInstall first new Exchange server– Install correct certificate– Configure Internal and External URLs– Other configuration

Install additional servers– Repeat configuration

Migrations

General processConfigure load balancerTest and evaluate– Including backup!

Change DNS records pointing to ExchangeMigrate dataDecommission legacy Exchange

Prepare Active Directory

Prepare Schema & Active Directory Domainvia setup of Exchange installer– Setup /PrepareSchema or /PrepareAD– Note: most 2013 CU’s have AD Schema updatesNot required to perform on Exchange server– Schema MasterCan be done before or during installation of first new Exchange serverCheck successful preparation– https://technet.microsoft.com/en-us/library/jj937132(v=exchg.141).aspx

You cannot install new “legacy” Exchange server after this action

Install first new Exchange server

New Exchange serverMicrosoft recommends installing in separate AD site (another subnet), configure and then change IP addressInstall certificate – Certificate request made by Exchange

Configure Internal/External URI– OWA, ECP, EWS, OAB, Outlook Anywhere

Install first new Exchange server

New Exchange serverConfigure AutoDiscover URL– Set-ClientAccessServer –Identity <server> –

AutoDiscoverServiceInternalUrihttps://autodiscover.contoso.com/AutoDiscover/AutoDiscover.xml

Other (server) configuration– Database Availability Group– Databases– Antivirus, backup, third party solutions

Same process for subsequent servers

Load Balancer

Configure your load balancerChoose a Virtual IP (VIP)Add real serversAdd required protocols– HTTPS, SMTP, IMAP etc.Healthcheck– https://mail.contoso.com/owa/healthcheck.htmOther options– SSL Offloading– Content SwitchingWhen migrating from 2013 to 2016 you can add 2016 servers to existing 2013 VIP

Test and evaluate

How to test?Change local host file to point towards Virtual IPMove test or pilot users to new Exchange– This is an immediate test for mailbox migration

Use OWA, Outlook etc.Let users interact with other users not on new Exchange– Delegates, Access to Mailbox and Public Folders etc.– Note changes/issues reported by pilot users

Change DNS

Change DNS records pointing to ExchangeDo this in a maintenance windowFrom old server to new server– Or Virtual IP

Valid for Exchange 2010->2013 & 2016When coming from Exchange 2007– Change Exchange 2007 to other namespace, i.e. legacy– Point “normal” URLs to new Exchange

This is a major milestone; real coexistence

Migrate Data

MailboxesMailbox moves are online from 2007 upwards– This means you can migrate a mailbox without locking out

the user up until the very last moment

You can suspend mailbox moves in 2010+– After Initial Sync the suspended mailboxes will be kept in

sync

If there are issues you can resolve them and then let the move resume– Bad Item or Large item limit, other corruption, permissions

etc.

A 2013 MigrationBatch is a collection of mailbox-moves

Migrate Data

MailboxesBe aware: Mailbox moves generate a lot of transaction logs– Monitor disk space– Temporarily enable circular logging (risk!)

After completing a mailbox move or Migration batch an Outlook restart is requiredActiveSync devices might have to be reconfigured– Remove and re-add configuration in device

Migrate Data

Public FolderFrom legacy public folders to Modern Public Folders (2013+)– Prepare anytime, but cutover only after all mailboxes are on

new server– You have to use several scripts

– https://technet.microsoft.com/en-us/library/jj150486(v=exchg.150).aspx

– Some additional tips– https://dirteam.com/dave/2014/06/30/migrating-legacy-

public-folders-to-exchange-2013-tips/From 2013 to 2016– Public Folder mailbox move

Decommission legacy servers

When satisfied and data is migratedRun setup on server– This is the only supported way to uninstall Exchange!

Setup warns when you cannot uninstall– For instance: Arbitration mailboxes

Resolve issues and try againRemove legacy server objects from load balancer etc.Remove computer account from AD and remove hardware/VM

DONE!

Questions?Mail: dave.stork@ogd.nlTwitter: @dmstorkBlog: https://dirteam.com/davePodcast: www.theUCarchitects.com

Microsoft Ignite 2015 sessions

Meet Exchange Server 2016Exchange Server Preferred ArchitectureDeploying Exchange Server 2016Exchange on IaaS: Concerns, Tradeoffs, and Best Practices

https://channel9.msdn.com/Events/Ignite/2015