Outlook Minimum Version Requirements and Modern Authentication
While many of us are still holding onto summer, it is mid-September and Fall is just around the...
Years ago, you moved successfully from Exchange 2003 to Exchange 2010 and to be honest, you’re still very satisfied with it. Update rollups appear frequently and your Office 2010 still functions properly, so everybody is happy. But all good things come to an end.
January 14, 2020 is an important date. Why? Because it’s the end date for extended support for Exchange 2010 and with all the social networking on this topic you shouldn’t have missed it.
Now Exchange 2010 won’t stop working after that date, but you won’t get any updates anymore, including security updates so administering an Exchange 2010 environment becomes more and more of a challenge. And to make things a bit worse, End of Life of Windows 2008 R2, Windows 7 and Office 2010 is also approaching rapidly.
So, what are your options when still running exchange 2010?
Microsoft’s preference is to move everybody to Office 365. I have several customers that are not moving to the cloud and most have valid reasons to do so. If you are in this situation as well, you can move directly to Exchange 2016. Why not Exchange 2019? Microsoft supports only N-2 when it comes to versioning, so Exchange 2013 is the oldest version supported when moving to Exchange 2019.
Exchange 2016 can be integrated into an existing Exchange 2010 environment, just like you could when moving from Exchange 2003 to Exchange 2010, but then with less complexity then in the past. You can integrate Exchange 2016 into the Exchange 2010 organization, but you still need to build a completely new Exchange 2016 server farm, there’s no way you can perform an in-place upgrade.
Once you have installed and configured the Exchange 2016 server platform you can switch the client access from the Exchange 2010 CAS server to Exchange 2016, i.e. change the VIP on the load balancer. All clients will now connect to the new Exchange 2016 platform for Autodiscover, Webservices, POP3 and IMAP4, and they are using the same URL as in Exchange 2010 to make you migration life easier! When a client connects it will be authenticated on the Exchange 2016 server, and when a mailbox is still on Exchange 2010 the request is proxied from Exchange 2016 to the Exchange 2010 CAS server where the data is retrieved.
This is a down-level proxy, so client traffic can be proxied from Exchange 2016 to Exchange 2010. Please note that an up-level proxy is not possible in this scenario, so when a client hits the Exchange 2010 CAS directly, the request cannot be proxied to Exchange 2016 as shown in the following figure:
Important to note as well is that when you have multiple sites in your environment, you must move the Internet facing sites first because of the down-level proxy functionality.
When this is working you can start moving mailboxes from Exchange 2010 to Exchange 2016. This is an online move, so Outlook clients will hardly be impacted, they only must restart when the mailbox move has been finished.
SMTP mail flow must be changed as well. Is there a golden rule when to change this? Not really... You can change it at the beginning of the project, in the middle or at the end. Mail flow is transparent, so it doesn’t really matter. I prefer to do this in the beginning since the new Exchange 2016 has a much better performance than the old Exchange 2010 server.
The last part is to decommission Exchange 2010. I see customers just turning off their Exchange 2010 VMs and deleting them. After a while they come back with all kinds of complaints. This makes sense, because the servers are not available anymore, but they still are in Active Directory, and Exchange 2016 still is not aware they have been removed. So, a regular uninstall via the Windows control panel is the only solution to remove Exchange 2010 servers.
Et voila, you are now running on Exchange 2016, and fully supported until the year 2025.
Another option, and in Microsoft’s opinion the best option is to move from Exchange 2010 to Office 365. To be honest, I see a lot of customers doing this, but a large portion of these customers are making their life difficult during a migration…. For some reason there are IT partners that insist on installing Exchange 2016 servers into the existing Exchange 2010 as so called “hybrid servers”. Microsoft fully supports an Exchange 2010 hybrid scenario, without the need for installing Exchange 2016 servers. Microsoft recommends create an Exchange 2010 hybrid scenario, move your resources from Exchange 2010 to Office 365 and the upgrade the Exchange 2010 servers to Exchange 2016. This is shown in the following figure:
Note. Of course, it is always possible to create a coexistence scenario with Exchange 2010 and Exchange 2016 before building an Exchange Hybrid environment, but then you are already halfway a migration to Exchange 2016 as outlined in the first section of this blog. Needless to say, this will cost you extra money, extra resources, extra complexity and most likely additional issues. Not my preferred way.
The first step is to install an Azure AD Connect server into your existing environment. This will synchronize users and groups from your on-premises Active Directory to Azure Active Directory. This is the underlying directory for all Office 365 servers. And when implemented, your mailboxes will show up as mail-enabled users in Exchange Online.
The second step is to build the hybrid configuration. For this you need to run the Hybrid Configuration Wizard (HCW). This is becoming an issue, the HCW needs the .NET Framework 4.6.2 or higher and most customer do not have this version of .NET Framework installed on their Exchange 2010 servers. You can install .NET Framework 4.6.2 on the Exchange 2010 servers (should be supported), but I prefer to run the HCW from another servers. This can be another server, but it can also be a Windows 10 client or even a Domain Controller, as long as the machine where you are running has full internet access it should work.
Another pitfall when building an Exchange hybrid configuration is the connectivity. You must have external Autodiscover configured, and Exchange 2010 should be published to the Internet. So, Microsoft should be able to access your Exchange 2010 environment via a FQDN like webmail.contoso.com. At the same time your Exchange 2010 servers need access to the Internet, at least to the Exchange Online servers. If not, it won’t work!
Did you notice the absence of the hybrid.contoso.com FQDN? Not needed since Exchange Online will use Autodiscover.contoso.com and webmail.contoso.com to access your environment. In a future blogpost I will explain in detail when you need to use additional FQDNs.
Now start moving your mailboxes. Just like when moving to Exchange 2016, the move to Exchange Online is also an online move. Outlook needs to be restarted when a mailbox move is finished, but that’s it. Outlook will pickup the changes, connect to Exchange Online and you can continue working. Even the .OST file when running Outlook in cached mode is not downloaded again.
When all mailboxes have been moved to Exchange Online you can decommission your Exchange 2010 servers, except for the last one. Install an Exchange 2016 server before decommissioning the last Exchange 2010 server. Why? You still need an Exchange 2016 for management purposes. All user accounts are managed on the on-premises Active Directory and that includes all Exchange related properties. These are then synchronized to Office 365; therefore you still need an Exchange server on-premises.
As a warning, the Exchange 2010 servers should be uninstalled using Windows control panel, just don’t throw away your VMs.
When you are still running Exchange 2010 you must start thinking about upgrading your environment. Support for Exchange 2010 will stop in less then a year from now!
The question is whether you want to move to the cloud or not. If not, you can move to Exchange 2016 and you’re good until 2025 when it comes to support. Please note that you have to upgrade your clients as well. Lost of customers with Exchange 2010 are also running Windows 7 with Office 2010, and these need some TLC as well.
If you want to go the cloud you can move directly to Office 365. Don’t make your life too difficult, just create an Exchange 2010 hybrid scenario and move all resources to Exchange Online and then upgrade the last server to Exchange 2016.
Watch all aspects of your Exchange environment from a single pane of glass: client access, mailbox, and Edge servers; DAGs and databases; network, DNS, and Active Directory connectivity; Outlook, ActiveSync, and EWS client access.
Jaap is a Microsoft MVP for Office Apps and Services. Jaap is an independent consultant, primarily focusing on Exchange server, Skype for Business and Office 365.
While many of us are still holding onto summer, it is mid-September and Fall is just around the...
Customizing and configuring an Exchange organization has been a daily task for Exchange...