question

YGKLA avatar image
0 Votes"
YGKLA asked AndyDavid commented

Decommision last Exchange 2010

We have a 2010 Exchange on premises configured with Hybrid right now. We have 3 mailboxes left on prem that should be moved to 365 in the next week or so. The objective is not to have any mailboxes hosted on prem, but install one 2016 or 2019 server for management, since that's still the requirement from MS. My questions are:

  1. Should we install 2016 while 2010 is still in production? If so, I'm having some issues with that where 2016 throws a "Deserialization error:..." and would not let me proceed with the installation.

  2. Should we decommission 2010 completely, then install 2016 or 2019 and use that for recipient management?

Would really appreciate some clarification and guidance on that.

office-exchange-hybrid-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid avatar image
1 Vote"
AndyDavid answered AndyDavid commented

Put a valid, trusted cert on that server and assign the IIS services to it via the Exchange mgmt tools or set the autodiscover on it to $null

https://docs.microsoft.com/en-us/exchange/architecture/client-access/assign-certificates-to-services?view=exchserver-2019

or even better:

 Set-ClientAccessService –Identity 2016Server -AutoDiscoverServiceInternalUri $null

then move the arbitration mailboxes to the new server after you have moved all the remaining mailboxes to 365

 get-mailbox -arbitration | new-moverequest -targetDB <2016DB>

Then remove the hybrid config IF you do not want to be in Hybrid!

https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange#scenario-two






FYI:
For that error, you have a send connector that has that server as a source server.
Go into EAC and remove it or use Powershell

Using EAC under Mail Flow/ Send Connectors. Remove the server there from that send connector

33822-image.png




image.png (16.5 KiB)
· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you, AndyDavid.

For autodiscover, I removed the 2016 SCP via ADSIEdit, which is effectively the same thing as doing it in Powershell (not as elegant, though :) ).

You put a big IF in your Hybrid statement; please clarify. If all of my mailboxes are in 365, and the source of authority (AD) is still on-prem, and we're using DirSync, why would I have a need for Hybrid? The plan, at least while the AD is still on-prem, is to create users and mailboxes via the New-RemoteMailbox command, and not have to rely on any Hybrid features. Am I missing something?

0 Votes 0 ·

Nope, no need for Hybrid in that case.

But, if you want to create or enable remote mailboxes you will need to keep that mailbox server you just brought up around to do that.
It sounds as if you are good to go once you move the remaining mailboxes and then you can remove the hybrid config.

Be sure to follow all those steps:

https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange#scenario-two

1 Vote 1 ·

Thank you, AndyDavid. Yes, I will follow the Scenario-Two steps for sure.

0 Votes 0 ·
Show more comments

A follow-up question to your "...if you want to create or enable remote mailboxes you will need to keep that mailbox server..." :

is there another way, besides using the New-RemoteMailbox cmdlet, to create an on-prem user with the cloud mailbox?

0 Votes 0 ·
Show more comments
AndyDavid avatar image
0 Votes"
AndyDavid answered AndyDavid edited

I would install 2016 now before removing 2010.

What is the exact error and have you prepped the AD Forest and are following the guidance to install 2016 into the forest and installing the latest 2016 CU?

https://docs.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2019

https://docs.microsoft.com/en-us/windows-server/get-started/system-requirements

· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Andy,
Thanks for the quick reply. Well, according to this article - https://docs.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2016#step-1-extend-the-active-directory-schema, I can have the wizard do the prep for me, but like I said, the wizard throws the error (see attached image).
33324-image.png


0 Votes 0 ·
image.png (38.9 KiB)

Thats referring to the Exchange Setup Wizard, not the hybrid wizard.

I would recommend you break out each step and prepare from the command line using an account with the correct permissions as noted in that doc

 Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
 Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD 
 Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains


0 Votes 0 ·

Got through that hurdle :). Thanks! Now, do I really need mailbox role or will only management tools suffice?

0 Votes 0 ·

If you want to use the 2016 server for a Hybrid endpoint, you need the mailbox role.
https://docs.microsoft.com/en-us/exchange/server-roles#exchange-2016-hybrid-deployment



0 Votes 0 ·

If I'm only going to use 2016 for user management (no on-prem mailboxes, no SMTP services, no mail routing of any sort, all new mailboxes will be created in 365), please help me understand the need for the mailbox role on-premises.

0 Votes 0 ·

If you are going to remove the hybrid configuration
In this case, use scenario 2
Scenario 2 applies if using ADFS or AADConnect.

https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange#scenario-two

0 Votes 0 ·
LydiaZhou-MSFT avatar image
0 Votes"
LydiaZhou-MSFT answered LydiaZhou-MSFT edited

@YuriyK-1490

As Andy mentioned, we can install and upgrade to Exchange 2016 before uninstalling Exchange 2010.
There are two Exchange server roles for Exchange 2016. They are Mailbox server role and Edge Transport server role. If you still need to manage users from on-premises, Mailbox server role is suggested to install. You can check this for more information about Exchange 2016 server roles: Server role architecture.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LydiaZhou, I followed your advice and installed the mailbox role to my own demise. Now, some Outlook clients are seeing the certificate error pop-up, because 2016 registered as the SCP and clients are apparently trying to talk to it, but there is no cert on it. I'm now trying to uninstall exchange and re-install just the tools, and getting this error:
33871-image.png


0 Votes 0 ·
image.png (8.7 KiB)

If you want to keep the hybrid configuration and manage users from on-premises, Exchange mailbox server is required and you cannot just install the Exchange management tool to manage users.

If there are some user mailboxes on on-premises Exchange, you should configure the AutoDiscoverServiceInternalUri with appropriate FQDN and use valid certificate, then move them to Exchange 2016. If all user mailboxes are moved to O365, set AutoDiscoverServiceInternalUri to null for Exchange 2016.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 Vote 1 ·

Thank you for clarification, LydiaZhou.

I don't think I need to keep hybrid configuration. As I mentioned to AndyDavid...

If all of my mailboxes are in 365, and the source of authority (AD) is still on-prem, and we're using DirSync, why would I have a need for Hybrid? The plan, at least while the AD is still on-prem, is to create users and mailboxes via the New-RemoteMailbox command, and not have to rely on any Hybrid features.

Please help me fill any gaps I have in my understanding of the process and requirements.

0 Votes 0 ·
Show more comments
YGKLA avatar image
0 Votes"
YGKLA answered AndyDavid commented

anonymous userDavid @LydiaZhou-MSFT Thank you both for your assistance!

When you get a moment, no rush, I'm curious which user attributes are being managed by the on-prem exchange in this configuration? Other people are talking about using ADSIEdit to manage them.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

All the Exchange attributes and features. Yes, you can use adsiedit, but not supported :)

1 Vote 1 ·

Right. Hence the reason for keeping exchange server on prem :)

2 Votes 2 ·

Exactly! :)

0 Votes 0 ·