13 September 2016

OGD ICT Services

Dave Stork

Exchange Server Migrations &

Updates

2016

Dave Stork

Solution Architect at OGD ICT services

I am an MCT and and Office Server and Services MVP

I tweet from @dmstork

I blog at https://dirteam.com/dave

I am also one of the Contributors of The UC Architects Podcast @theucarchitects / www.theucarchitects.com

Email me dave.stork@ogd.nl

#GWAVACon

2016

TITLE

HERE

• Updates & Updating

• Why?

• General process

• Server migrations

• General process

• Questions

CONTENTS

#GWAVACon

Updates & Updating

2016

TITLE

HEREUpdates & Upgrades

• What are updates?• fixes bugs, improve security and add features and capabilities.

• Regular updates• Security updates• Interim updates• Hotfix

• What are upgrades?• New major build (i.e. Exchange 2007 to 2013)

#GWAVACon

2016

TITLE

HEREUpdates & Upgrades

• Regular Exchange Updates• Exchange 2007-2010

• Rollup Updates (RU)• Service packs (SP)

• Exchange 2013 & 2016• Cumulative updates (CU)• 2013 only: Service Pack (just a support distinction)

#GWAVACon

2016

TITLE

HEREUpdates & Upgrades

• All updates are cumulative• You can install the latest update (SP or CU) without requiring to install intermediate

updates• It’s best to keep up and miss no more than 1 CU

• You can skip CUs, however Microsoft only tests CU-2 to CUx• Read all release notes of all CU in between

• Some CU’s also update the Active Directory Schema

#GWAVACon

2016

TITLE

HEREWhy Update?

• Mainstream Support• Security updates• Possibly new features and capabilities• Exchange Hybrid with Office 365

• Extended Support• Security updates

• Out of support• No updates• Business risk

#GWAVACon

2016

TITLE

HEREWhy Update?

https://support.microsoft.com/en-us/lifecycle

#GWAVACon

2016

TITLE

HEREUpdate process

• Always test updates in a test/lab environment that is comparable to the live environment

• If this is not possible; wait several weeks and watch the Exchange Team blog and/or MVP blogs• http://blogs.technet.com/b/exchange/

• Read release notes and check compatibility with third party solutions (Antivirus, backup)• Read every release notes, also from updates you’ve skipped!

#GWAVACon

2016

TITLE

HEREUpdate process – Single server

• Check server health

• Ensure backups are OK• Perform a restore test!

• Plan a maintenance window and inform users

• Reboot server

#GWAVACon

2016

TITLE

HEREUpdate process – Single server

• Disable Anti Virus

• Install update & reboot

• Test

• Perform additional actions and release or uninstall update• Uninstall not possible with SP and CU!

#GWAVACon

2016

TITLE

HEREUpdate process – DAG 1/3

• Check server health

• Ensure backups are OK• Perform a restore test!

• Plan a maintenance window• Inform users?

• Disable server in Load Balancer• To prevent user connections to a server while updating. Healthchecks might not

correctly detect availability

#GWAVACon

2016

TITLE

HEREUpdate process – DAG 2/3

• Put server in maintenance mode• 2010: built-in StartDagServerMaintenance.ps1• 2013: MVP Michael van Horenbeeck script

• Disable Antivirus (AV, and other processes)

• Install update

• Test & evaluate

• Stop maintenance mode• 2010: built-in StopDagServerMaintenance.ps1• 2013: MVP Michael van Horenbeeck script

#GWAVACon

2016

TITLE

HEREUpdate process – DAG 3/3

• Enable AV and other processes

• Perform additional actions (.Net Framework updates)

• Redistribute databases• Built-in: RedistributeActiveDatabases.ps1• Note: 2016 CU2 can do this automatically

• Enable server in load balancer• Check when client access load is evenly distributed

• Start process on other servers• With 2013/2016 you can wait a longer period before updating other servers

#GWAVACon

2016

TITLE

HEREUpdate tip

To speed up updating, disable Check for server certificate revocation in Internet Explorer.

However, a reboot is required.

Don’t forget to turn it on again (and reboot)!

#GWAVACon

Server Migrations

2016

TITLE

HEREDisclaimer

This presentation is a mainly a short guide (checklist if you will) for Exchange

transitions and does not encompass every possible scenario. Be sure to do your

own research and adjust when required.

#GWAVACon

2016

TITLE

HEREDefinitions

• Migration = From product x to Exchange or vice versa

• Transition = From one version of Exchange to another

• Legacy Exchange =• Your previous version of Exchange• Anything older than Exchange Server 2016

#GWAVACon

2016

TITLE

HEREBefore you begin

Check the technical requirements

• Coexistence

• Topology

• Resources• Session: Exchange 2016 Architecture and Sizing, 9:00, Zurich

• Third party products

• Clients

#GWAVACon

2016

TITLE

HEREMigrations –General Process

• Prepare Active Directory

• Install first new Exchange server• Install correct certificate

• Configure Internal and External URLs: • First Autodiscover!

• Other configuration

• Install additional servers• Repeat configuration

• Configure load balancer

#GWAVACon

2016

TITLE

HEREMigrations –General Process

• Test and evaluate• Including backup!

• Change DNS records pointing to Exchange• This will most likely impact users!

• Migrate data• This will most likely impact users!

• Decommission legacy Exchange

#GWAVACon

2016

TITLE

HEREPrepare Active Directory

• via setup of Exchange installer• Setup /PrepareSchema or /PrepareAD

• Not required to perform on Exchange server

• Can be done before or during installation of first new server

• Check successful preparation

• You cannot install new “legacy” Exchange server after this action

#GWAVACon

2016

TITLE

HEREPrepare Windows Server

• Domain Joined

• Fully updated

• Install prerequisites• Be careful with .Net Framework

• Check the Exchange Server Supportability Matrix

• Install Antivirus/Backup agents etc.

• Size accordingly; CPU, memory and storage

• Perform Jetstress to validate storage

#GWAVACon

2016

TITLE

HEREInstall first new Exchange

• Microsoft recommends installing in separate AD site (another subnet), configure and then change IP address

• Use the most recent SP or CU

• Install certificate • Certificate request made by Exchange

• Configure Internal/External URI• AutoDiscover• OWA, ECP, EWS, OAB, Outlook Anywhere

#GWAVACon

2016

TITLE

HEREInstall first new Exchange

• Configure AutoDiscover URL• Set-ClientAccessServer –Identity <server> –

AutoDiscoverServiceInternalUri

https://autodiscover.contoso.com/AutoDiscover/AutoDiscover.xml

• Set-ClientAccessServer –Identity <server> –

AutoDiscoverServiceInternalUri $null

• Other (server) configuration• Database Availability Group• Databases

• Antivirus, backup, third party solutions

• Same process for subsequent servers

#GWAVACon

2016

TITLE

HEREConfiguring Load Balancer

• Choose a Virtual IP (VIP)

• Add real servers (Exchange)

• Add required protocols (HTTPS, SMTP, IMAP etc.)

• Healthcheck• https://mail.contoso.com/owa/healthcheck.htm

• Other options• SSL Offloading

• Content Switching

• When migrating from 2013 to 2016 you can add 2016 servers to existing 2013 VIP

#GWAVACon

2016

TITLE

HERETest and Evaluate

• Change local host file to point towards Virtual IP

• Move test or pilot users to new Exchange• This is an immediate test for mailbox migration

• Use OWA, Outlook etc.

• Let users interact with other users not on new Exchange• Delegates, Access to Mailbox and Public Folders etc.

• Note changes/issues reported by pilot users• Authentication popups• Certificate error popups• No Free/Busy info• New Outlook config failures

#GWAVACon

2016

TITLE

HEREChange Client Access

• Change DNS records pointing to new environment• Do this in a maintenance window

• From old server to new server (or Virtual IP)

• Valid for Exchange 2010->2013 & 2016

• When coming from Exchange 2007

• Change Exchange 2007 to other namespace, i.e. legacy• Point “normal” URLs to new Exchange

• Optional: change mailflow

• This is a major milestone; real coexistence

#GWAVACon

2016

TITLE

HEREMigrate Mailbox Data

• Mailbox moves are online from 2007 upwards (pre-staging)• This means you can migrate a mailbox without locking out the user up until the very last moment

• You can suspend mailbox moves in 2010+• After Initial Sync the suspended mailboxes will be kept in sync

• If there are issues you can resolve them and then let the move resume• Bad Item or Large item limit, other corruption, permissions etc.

• Note: Quota calculations are different since 2013, so increase quota’s by 30-40%

#GWAVACon

2016

TITLE

HEREMigrate Mailbox Data

• Be aware: Mailbox moves generate a lot of transaction logs• Monitor disk space• Temporarily enable circular logging (risk!)

• Might have performance impact on source servers

• After completing a mailbox move or Migration batch an Outlook restart is required

• ActiveSync devices might have to be reconfigured• Remove and re-add configuration in device

#GWAVACon

2016

TITLE

HEREMigrate Public Folder Data

• From legacy public folders to Modern Public Folders (2013+)• Prepare anytime, but cutover only after all mailboxes are on new server• You have to use several scripts

• https://technet.microsoft.com/en-us/library/dn912663(v=exchg.160).aspx• Some additional tips• https://dirteam.com/dave/2014/06/30/migrating-legacy-public-folders-to-exchange-2013-

tips/

• From 2013 to 2016• Public Folder mailbox move

#GWAVACon

2016

TITLE

HEREDecommission Legacy Servers

When satisfied and data is migrated

• Run setup on server• This is the only supported way to uninstall Exchange!

• Setup warns when you cannot uninstall• For instance: Arbitration mailboxes

• Resolve issues and try again• Remove legacy server objects from load balancer etc.• Remove computer account from AD and remove hardware/VM

Be alert for issues like authentication popups. It’s possible there are remnants in Active Directory

#GWAVACon

2016

TITLE

HERECongratulations!

#GWAVACon

Questions?

2016

Dave Stork

OGD ICT ServicesSolution Architect

Thank You!

Twitter: @dmstorkBlog: https://dirteam.com/davePodcast: @theucarchitects / www.theucarchitects.comMail: dave.stork@ogd.nl

Other sessions 14 September (tomorrow):9:00 - Exchange 2016 Architecture and Sizing (Zurich)9:50 - Current State of Exchange On-Prem Overview, Updates and Future (London)