How to use OWA for both Exchange 2003/2007 during migration and extra things to consider

owa2007A customer asked me if it was possible during migration from Exchange 2003 to Exchange 2007 to use Outlook Web Access for both mailbox servers, during the migration period. Medium sized companies are not able to migrate everything during a big bang migration, and needs access to both the old system and the new internally as well as externally i.e. using OWA during the migration.

Exchange 2007 has been designed with the CAS role serving the OWA website and it has been designed to work with both Exchange 2007 and Exchange 2003 mailbox servers, so out of the box it will support the customers wishes. In this case they had asked another company to make the design plans for the migration but the system administrator felt uneasy with the plan and asked me to have a look at it.

It turned out the design did not allow OWA access to both mailbox servers during the migration, due to a small oversight, an easy one to make and even easier to fix. If You are planning to or in the progress of migrating to Exchange 2007, make sure you read the following things to consider!

When the Client Access Server role is placed on the same server as a Mailbox role, the CAS is unable to redirect to other Mailbox servers, this is documented from Microsoft and should be common knowledge. In most cases this is not a problem, because the roles are usually split on multple servers to load balance and create redundancy, even smaller companies split the Mailbox role on to one server, and join the HUB and CAS role on one or two servers, usually virtual servers to save hardware.

But if all roles are on one server, it will mean that during the migration from Exchange 2003 to Exchange 2007, only the Exchange 2007 mailboxes will be accessible from the CAS OWA website.

A list of random things to remember during a migration to Exchange 2007.

  • If access to both 2003 and 2007 is needed, have CAS run on a non mailbox server during migration or recommended even permanently. (this will also remove the RPC over HTTPS bug in Exch2007+Windows Server 2008)
  • As soon as the Exchange 2007 servers are operational, move access from internet on OWA, OA, SMTP, etc. to the new Exchange servers either in the firewall configuration or by moving the DNS pointer or IP address used from the firewall.
  • Test external access to the Exchange 2007 servers with before going live.
  • Ensure access to backup SSL certificate files or order new SSL certificate for Exchange 2007. Best practice would be a SAN certificate including autodiscover.domain for each e-mail domain used, and mail. or, and the internal server names of the Exchange 2007 servers.
  • You need new hardware/virtual servers, Exchange will not software upgrade to 2007, a new installation and moving of mailboxes is needed.
  • Update the different policies that automatically convert to Exch2007 as compatible rules.
  • Make sure you have access to firewalls, external SPAM/AV engines, etc. before starting. – Also update ISA 2006 to at least Service Pack 1 before using SAN certificates.
  • Consider installing Exchange 2007 on Windows 2008 Servers – It will stay current longer and generally perform better for example you dont need to align disks.
  • Remember to use 64bit operating system for Exchange 2007
  • Design the Exchange 2007 environment to ensure correct configuration – even if you dont use the feature, require description of features like: Mobile Access, Outlook Anywhere, Redundancy, Authentication shemes used, Antivirus and SPAM filtering, AutoDiscover, SMTP, IMAP, POP3, SSL certificates, Firewall configuration, Time synchronization, and more!

Have more things You should think of during a migration ? Feel free to leave a comment.

One Response to “How to use OWA for both Exchange 2003/2007 during migration and extra things to consider”

  • Joy:

    This explains why we could not get OWA working for our old Exchange 2003 server, after adding a new CAS server (took 10 minutes) we now have a working OWA for both our Exchange 2003 and 2007 servers. Thanks!

Leave a Reply