Presentation is loading. Please wait.

Presentation is loading. Please wait.

IMAP migration Cutover migration Staged migrationHybrid Exchange 5.5X Exchange 2000X Exchange 2003XXXX* Exchange 2007XXXX Exchange 2010XXX Exchange.

Similar presentations

Presentation on theme: "IMAP migration Cutover migration Staged migrationHybrid Exchange 5.5X Exchange 2000X Exchange 2003XXXX* Exchange 2007XXXX Exchange 2010XXX Exchange."— Presentation transcript:




4 IMAP migration Cutover migration Staged migrationHybrid Exchange 5.5X Exchange 2000X Exchange 2003XXXX* Exchange 2007XXXX Exchange 2010XXX Exchange 2013XXX Notes/DominoX GroupWiseX OtherX

5 Delegated authentication for on-premises/Office 365 web services Enables free/busy, calendar sharing, message tracking & online archive Online mailbox moves Preserve the Outlook profile and offline folders Leverages the Mailbox Replication Service (MRS) Manage all of your Exchange functions, whether Exchange Online or on-premises from the same place: Exchange Admin Center Authenticated and encrypted mail flow between on-premises and Exchange Online Preserves the internal Exchange messages headers, allowing a seamless end user experience Support for compliance mail flow scenarios (centralized transport)

6 On-premises Exchange organization Existing Exchange environment (Exchange 2007 or later) Office 365 Active Directory synchronization Exchange 2013 client access & mailbox server Office 365 User, contacts, & groups via dirsync Secure mail flow Mailbox data via Mailbox Replication Service (MRS) Sharing (free/busy, Mail Tips, archive, etc.)


8 Sign up for Office 365 Register your domains with Office 365 Deploy Windows Azure AD Sync with Office 365 Install Exchange 2013 CAS & MBX Servers (Edge opt) Publish the CAS Server (Assign SSL certificate, firewall rules) Run the Hybrid Wizard Exchange specific deployment tasks (deep dive on next slide) General Office 365 deployment tasks

9 E2010 or 2007 Hub E2010 or 2007 CAS E2010 or 2007 MBX E2013 CAS E2013 MBX E2010 or E2013 EDGE Exchange 2010 or 2007 Servers Intranet site SP3/RU10 Internet-facing site 1.Prepare Install Exchange SP and/or updates across the ORG Prepare AD with E2013 schema 2.Deploy Exchange 2013 servers Install both E2013 MBX and CAS servers Configure Legacy namespace for 2007 (2007/2013) Install E2010 or E2013 SP1 EDGE servers Set an ExternalUrl & enable MRSProxy on the Exchange Web Services vDir 3.Obtain and deploy certificates Obtain and deploy certificates on E2013 CAS servers & E2010 EDGE servers 4.Publish protocols externally Create public DNS A records for the EWS and SMTP endpoints Validate using Remote Connectivity Analyzer 5.Switch Autodiscover namespace to E2013 CAS Change the public Autodiscover DNS record to resolve to E2013 CAS 6.Run the Hybrid Configuration Wizard 7.Move mailboxes EWSSMTP From an existing Exchange 2007 or 2010 environment—Edge Transport server



12 Hybrid wizard history

13 On-Premises Exchange Hybrid Configuration Engine Desired state Internet Step 5 Exchange Management Tools Organization Level Configuration Objects (Exchange Federation Trust, Organization Relationship, Forefront Inbound Connector, & Forefront Outbound Connector) Domain Level Configuration Objects (Accepted Domains & Remote Domains) Hybrid Configuration Object Exchange Server Level Configuration (Mailbox Replication Service Proxy, Certificate Validation, Exchange Web Service Virtual Directory Validation, & Receive Connector) Domain Level Configuration Objects (Accepted Domains, Remote Domains, & Address Policies) Organization Level Configuration Objects (Exchange Federation Trust, Organization Relationship, Availability Address Space, & Send Connector) Step 1 The Update-HybridConfiguration cmdlet triggers the Hybrid Configuration Engine to start. Based on the desired state, topology data, and current configuration, across both the on-premises Exchange and Exchange Online organizations, the Hybrid Configuration Engine establishes the “difference” and then executes configuration tasks to establish the “desired state.” Step 4 The Hybrid Configuration Engine discovers topology data and current configuration from the on-premises Exchange organization and the Exchange Online organization. Step 3 The Hybrid Configuration Engine connects via Remote PowerShell to both the on-premises and Exchange Online organizations. Step 2 The Hybrid Configuration Engine reads the “desired state” stored on the HybridConfiguration Active Directory object. Remote Powershell Remote Powershell 3 3



16 Feedback…Answered Get-Federation Information fallback logic If the on-premises Autodiscover endpoint is not published properly when the wizard executes, it will warn not fail. Autodiscover domain You can now specify which domain is used for the federated Autodiscover query. Set-HybridConfiguration -Domains ",," address policy protection measures New “UpdateSecondaryAddressesOnly” parameter added to Update- AddressPolicy. Protects customers that have manually edited their directory. Only missing proxies will be added. No addresses will be changed/removed. Note: This is still a very bad state to be in. Hybrid Product Key Availability You can now obtain a FREE Exchange 2013 or 2010 Hybrid Edition product key without the dreaded call to support. You can simply go to

17 Hybrid logging improvements

18 Hybrid Product Key ( Short Link: KB Link: For IE 11 only: others will get the link to the KB You get a free Hybrid Edition key if… You have an existing, non-trial, Office 365 Enterprise subscription You currently do not have a licensed Exchange 2013 or Exchange 2010 SP3 server in your on-premises organization. You will not host any on-premises mailboxes on the Exchange 2013 or Exchange 2010 SP3 server on which you apply the Hybrid Edition product key.


20 Topologies Supported Exchange 2013 RTM Single Forest Model: Accounts and Mailboxes in single forest Resource Forest Model: Multiple Account Forests, Single Resource Forest 1:1 relationship between Exchange Organization and single O365 tenant Exchange 2013 Service Pack 1 Supports multiple Exchange Organizations configured against a single O365 tenant Multiple forests, each containing accounts and Exchange organizations Multi-Org Hybrid Support N:1 relationship between Exchange Organization and single O365 tenant Office 365 Hybrid Office 365 Hybrid

21 Not Configured by Hybrid Configuration Wizard FIM Tenant Name: Coexistence Name: Forest: Authoritative for Forest: Authoritative for Shares: Org Relationship (F/B, Sharing) SMTP Mail Flow (TLS connectors)


23 Autodiscover – Single Org 1.) What is the AutoD endpoint for 2.) Send AutoD request to DNS FQDN 3.) Client authenticates, CAS returns profile data in XML format MX = ForestA = ForestA CAS 1 2 3

24 Autodiscover – Two Orgs Owns: Yann Primary: Proxy: 1.) What is the AutoD endpoint for 2.) Send AutoD request to DNS FQDN for 3.) Redirect AutoD request to DNS FQDN for 4.) What is the AutoD endpoint for 5.) Send AutoD request to DNS FQDN for 6.) Client authenticates, CAS returns profile data in XML format MX = ForestA = ForestA CAS = ForestB CAS Yann Primary: TargetAddress: Share: Owns: Forest B Forest A Public DNS Office 365


26 1.Prepare Update each Exchange organization to Service Pack 1 Validate AutoDiscover is properly configured and published in each Exchange organization Validate public certificates for Exchange org are unique Create 2 way forest trust 2.Configure Mail Flow on-prem Configure SMTP domain sharing as required Configure mail flow between on-prem organizations 3.Configure Directory Synchronization Configure FIM + AAD Connector to synchronize mail recipients in each forest and the Office 365 tenant 4.Run Hybrid Configuration Wizard Prepare Office 365 Tenant Run the HCW in and Validate mail flow between all entities 5.Configure ADFS Configure ADFS in Configure ADFS in 6.Configure Organization Relationships Configure an Org Relationship between each Org E2013 ADFS AD E2013 ADFS ADFIM Azure AD Azure AD Auth O365 Directory ADFS Proxy ADFS Proxy SMTP AAD Conn 2 way Forest Trust FIM Management Agent Federated Trust Relationship SMTP/TLS Mail Flow Federated Authentication Organization Relationship

27 Mail Routing



30 Cause: XTC has been retire and (undocumented) OAuth was the replacement Documented: Resolution: Implement OAuth for hybrid Discovery Searches I cannot see cross-premises Free/Busy? Happy Retirement Consumer MFG!! Cause: Consumer MFG retired on February 25, 2014 Resolution: recreate federation trust and org relationships Documented:

31 Cause: TLS Certificate Name is greater than 256 characters Documented: Resolution: coming soon, for now you need to get a different certificate Often, customers need guidance on how to configure their perimeter devices Here is a Wiki on how to configure TMG for hybrid: us/wikis/exchange/1042.aspx?sort=mostrecent&pageindex=1 us/wikis/exchange/1042.aspx?sort=mostrecent&pageindex=1

32 Error: “Mailbox move to the cloud fail with error: Transient error CommunicationErrorTransientException has occurred. The system will retry” Cause: Intrusion Detection Systems can often see migration traffic as an attack Flood mitigation in TMG can cause this as well Flood mitigation This Wiki explains how to address the issue: with-transient-exception.aspx with-transient-exception.aspx

33 Cause: Timeout issues are not handles well by the HCW (we are getting better) Running the HCW a second time is often all that is needed… Cause: There are certain words such as “bank”, profanity, and large org names that are blocked from federating Calling Support is the only option to resolve issue Documented:

34 Cause: IIS is missing a handler mapping which causes connection to EWS and AUTOD to fail Errors: Get-Federation Information returns “405 Method Not Allowed” Resolution: from a cmd prompt run “ServiceModelReg.exe –r” Documented: Cause: If you have an outbound proxy, you may be blocking required traffic Resolution: ensure that your server have access to the proper IP and URLproper IP and URL Recommendation: If you require an outbound proxy try to use URL filtering instead of IP, it is easier to maintain Documented: There is an EHLO blog on this herehere

35 Layer 4 LB Cloud FB request Internet facing site E2013 MBX E2013 CAS Intranet site E2010 MBX E2010 CAS HTTP PROXY Cross site proxy request Set 2010 externalURL to: ` Common Issues – Runtime Resolution:

36 Cause: Bad password for admin, publishing issues, MRS disabled, etc…. Errors: NONE The error in Wave 14 was the following, but in Wave 15 there isn’t an indication of failure: Resolution: Use the EAC in EXOthe EAC in EXO

37 "Free/Busy information couldn’t be retrieved because the attendee's Mailbox server is busy" Cause: TargetSharingEPR is configured More Information: SOAP request will include the following element: When an Exchange 2010 CAS server receives the EWS call, it will throw an HTTP 500 response Autodiscover response will have the following element:

38 Issue: Hybrid OWA redirection does not work as expected, this was addressed in CU3 This is not an issue on 2010 hybrid environments Common Issues – Runtime

39 From Exchange 2010 sp3 ru2 you will see the domain proof missing Workaround: use Shell Get-FederatedDomainProof This is addressed in Exchange 2010 SP3 RU3 From Exchange 2010 SP3 RU2 you will not be able to add additional domains to a federation trust from the UI, you have to use the Shell as a workaround. This has been addressed in Exchange 2010 SP3 RU3

40 Common Issues – Runtime Cause: Exchange cannot manage “newer version” objects This means 2010 EMC cannot manage org settings for an Exchange 2013-based tenant. Resolution: Use EAC instead for org management


42 Summary

43 Related Sessions Session NameSession TypeDateTimeSpeaker MVP Follow upQ & AToday12:10 PMUs MNG-IN 301BreakoutWednesday2:45 PMVincent Yim DMI 301BreakoutWednesday8:30 AMMichael Van Horenbeeck PAR 003Hands on labWednesday12:00 PMFederic Bourget MNG 301BreakoutWednesday10:15 AM Warren Johnson





Download ppt "IMAP migration Cutover migration Staged migrationHybrid Exchange 5.5X Exchange 2000X Exchange 2003XXXX* Exchange 2007XXXX Exchange 2010XXX Exchange."

Similar presentations

Ads by Google