migrate exchange server 2003 / sbs 2003 to Microsoft exchange Online
Configure and implement / migrate Exchange 2003 / SBS 2003 to Microsoft Online Exchange
(Mybaber.com as an example)
0/ assuming you already created customer’s Microsoft Online Account, like admin@mybaber.onmicrosoft.com and can log onto portal: portal.microsoftonline.com
In the Microsoft portal , add mybaber.com to the domain list, then MS want to verify the domain by checking a domain TXT record in the public DNS server. This will looks like MS=ms53554548, see below
1/ make sure, there is a public DNS name pointing to customer’s server. Like mail.mybaber.com
If not, you can add , or contact their DNS provider.
Add / change the domain txt record to MS=ms53554548 ( mybaber for example)
2/ forward port 443 to the exchange server, if not done yet
3/ if no ssl cert on the exchange server, install a public SSL certificate on the exchange 2003 server (or CAS server). No cert or self-signed cert wont work with Microsoft Online Exchange Migration.
To use a public certificate for migration, get a free one from COMODO (or someone else you like). It will be valid for 3 months as trial.
Goto comodo.com, click free ssl certificate, click get it for free, this take you to instantssl.com; you will see “3 steps ...”
- Create your CSR (Certificate Signing Request) - instructions are provided at Checkout for IIS, Apache and all popular web server types.
- Sign up for your Free Trial Certificate - follow the fully automated authentication and issuance process.
- Install your Free Security Certificate - secure your server in minutes!
Click “get it FREE Now”
You will goto step 1, create a CSR (cert sigining request), click on the help link to learn how to generate an IIS 6 CSR for exchange 2003.
When creating the CSR, make sure the cert FQDN name matches the external DNS name, like mail.mybaber.com
You need set crypto strength to 2048 bit.
Follow the instructions on the webpage, paste the CSR to generate the cert (CER).
In the process, you need create a login name and password for your account at COMODO, for example , COMODO username/password: mybaber / =Accsmker, set the email to yoursupport@mybommersystems.com ; the cert file will be sent to this address
You also need have access to customer’s administrator email account, like administrator@mybaber.com. This will verify you have the domain
The next step will be you verify the domain, you will then get the cert.
Once you get the cert in the email, install it on the exchange 2003 server according to COMODO web page instructions (very detailed)
To proceed further, you make sure the RPC folder is in the IIS 6 list. If not, install it in windows 2003 windows components – network . this needs windows 2003 source files.
Now, It is time for outlook anywhere test, at the end of the day all test items need be ticked, in the test page RPC proxy server is mail.mybaber.com (external FQDN); Exchange server: accmail.mybaber.com (internal FQDN)
Click on each fail-item , try to sort it out. A common error will be
The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime
(Please refer to
http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/2b061c75-faa0-4951-ba79-99186f62d5f4#229da2ad-0733-4764-a0cb-898caaf6c59b
)
The trick is to edit registry to make sure
- 1. On the RPC proxy server, start Registry Editor (Regedit).
2. In the console tree, locate the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy
3. In the details pane, right-click the ValidPorts subkey, and then click Modify.
4. In Edit String, in the Value data box, type the following information:
ExchangeServer :6001-6002;ExchangeServerFQDN :6001-6002;ExchangeServer :6004;ExchangeServerFQDN :6004
Note:
ExchangeServer is the NetBIOS name of your Exchange server.
ExchangeServerFQDN is the fully qualified domain name (FQDN) of your Exchange server. If the FQDN that is used to access the server from the Internet differs from the internal FQDN, you must use the internal FQDN.
Once the outlookanywhere test passes, log onto the Microsoft portal.microsoftonline.com, on the admin tab, click exchange manage, click migration, fill in username/password, mail server addresses, it will verify again before starting the migration.
It may take days before it syncs properly.
Eventually , on cut-over day, add dns record autodiscover.mybaber.com pointing to autodiscover.outlook.com
Change domain txt record to a spf record specified by Microsoft Online
No comments:
Post a Comment