Very often I receive a question about migrating from one Exchange server to another at the same version of Exchange – or what I refer to as a “like for like” migration.
The common reasons for this type of migration are:
- Physical to virtual (P2V) migration (replacing a physical server with a virtual machine)
- Physical to physical (P2P) migration (replacement of physical hardware with new hardware, usually due to warranty expiring)
The ultimate goal is to migrate all of the data and services from server A to server B. In this article I’ll provide an overview of this process and some resources you can use to make it easier.
But first, some frequently asked questions:
Q: Can I P2V or clone my Exchange server?
A: Technically yes, but I don’t recommend it. If you don’t perform the task correctly you could harm your Exchange server or lose data. Even if you do perform it correctly, a migration to a new server provides you the opportunity to do a clean build.
Q: Can I keep the same Exchange server name/IP address?
A: No. Two servers can’t exist with the same server name or IP address at the same time. And you can’t rename an Exchange server, so rule that option out as well. The name of an Exchange server is largely irrelevant, as end users connect to the namespaces you configure for different services, not to the server’s real name. Yes you can change the Exchange server’s IP address later, but it’s just a simple to update DNS records and firewall rules to point to a new IP address.
Q: Can I just copy the whole database across instead of migrating mailboxes?
A: Technically yes, using database portability. But I don’t recommend it. Database portability is a recovery solution, not a migration solution. It will require a lengthy outage, and it carries the risk that some problem with the new server will impact all of your users at once. Better to do a small pilot migration first to test the new server’s stability, then migrate the rest of the mailboxes in manageable batches.
Scenario Overview
A simple like for like scenario involves a single Exchange server that is responsible for internal and external RPC/HTTPS clients, as well as internal and external SMTP services.
To plan the migration project we can break it down to several steps:
- Install the new Exchange server
- Configure the new Exchange server
- Client access (Outlook, OWA, mobile devices, etc)
- Transport (mail flow)
- Mailbox databases
- Migrate data and services to the new Exchange server
- Client access
- Transport services
- Mailboxes
- Decommission the old server
Installing the New Exchange Server
I’m going to assume that you’ve already designed your new server specifications and acquired the hardware, or provisioned the virtual resources, to build it. Whether you’re installing Exchange Server 2010, 2013 or 2016 doesn’t matter particularly much at this point. If you’re installing the same build (e.g, Exchange Server 2013 Cumulative Update 10) as your existing server then there should be no surprises of additional requirements such as schema updates.
For all versions of Exchange, when you’re introducing a new one into the environment, you need to be aware of the Autodiscover SCP that the new server will be registering in Active Directory, and be prepared to change that immediately to match the Autodiscover URL for the existing server. A more detailed explanation and example is in the following article, which applies equally to 2010, 2013, and 2016:
Make sure your operating system configuration is built to your normal standards and includes any extra considerations such as third party products, updates, backups, monitoring, antivirus, and so on.
Configure the New Exchange Server
In a like for like migration the goal is to configure the new server to match the existing server’s configuration for client access, transport, and mailbox services so that it can seamlessly perform the same role as the previous server.
Client Access
For Exchange Server 2013 and 2016 you should configure the client access namespaces to match the current server. You can read more about how and why to configure client access namespaces in the following articles:
- Avoiding Server Names in SSL Certificates for Exchange Server
- Exchange Server 2016 Client Access Namespace Configuration
Configuring the namespaces on a server can be performed quickly and easily using my ConfigureExchangeURLs.ps1 script.
For Exchange Server 2010 there is an additional consideration for the CAS Array (or RPCClientAccessServer). If there is already a CAS Array defined for the AD Site, then there should be no problems with this. If there is not a CAS Array defined for the site, then you may run into problems when you decommission the old server. To understand this issue more and learn what to do about it review the following articles:
- Outlook Clients Unable to Connect to Exchange After Client Access Role Moved
- Getting Started with Exchange Server 2010 Client Access Server Arrays
The new server will also need a matching SSL certificate. You can re-use the certificate from the existing server if it is still valid.
- Export/import SSL certificates for Exchange Server 2016
- Export/import SSL certificates for Exchange Server 2013
- Export an Exchange 2010 SSL certificate, and import it to another Exchange 2010 server
Transport
Transport refers to mail flow internally and externally for the organization. My personal preference is to pre-configure and test transport at this stage of the project, but not to cut over to the new server just yet. There are two things to consider at this stage.
Transport size limits should be configured on the new server to match the existing server. This means verifying that the receive connectors on the new server have the same message size limits.
In addition to size limits, if you have a relay connector on the old server then you should configure a matching relay connector on the new server:
You can test transport by using Telnet to send email via the new server. The tests I like to perform include:
- Telnet from old server to new server (you don’t need to send an email, but verifying that SMTP connectivity is successful is a good idea)
- Telnet from new server to old server (same as above)
- Telnet from a device on your network that should have SMTP relay access to the new server, and send a test email
- Telnet from the new server to a mail server on the internet and send a test email (or at least verify that outbound SMTP connectivity through your firewall is permitted)
Mailbox Databases
For the new server, create and configure your mailbox databases. Make sure you’ve got the database and log files located on the intended volumes, and that the mailbox quota settings match the existing server’s databases.
Make absolutely sure that the new databases are being backed up. And by that I mean don’t just add them to your backup job and hope for the best, actually verify the backup timestamps on the databases, and perform a test restore (you’ll need to place a test mailbox with some email items on the database first).
Migrate Data and Services to the New Exchange Server
I like to break down the migration into each individual service. Yes, you could do them all at once, or a mix of services at the same time, but I prefer to keep it simple and limit the amount of change in each step to make it easier to plan, and much easier to troubleshoot if something goes wrong.
Client Access
The client access cut over is primarily a DNS change. The client access namespaces (including the CAS Array namespace for Exchange 2010) are updated in DNS to point to the new server instead of the old server. As this is a high impact change there are a few things you can do to minimise the risks:
- Configure a low TTL value (1 minute is good for cut over periods) for the client access namespace records in DNS. This allows you to quickly roll back the change to the old server without clients’ DNS caches causing them to continue to try and connect to the new server for a long time.
- Use a hosts file to test the DNS change on one or a few clients first.
Internal DNS changes will take care of your internal clients, but external client connectivity also needs to be cut over. If the public IP address that your public DNS records resolve to is not changing then the cut over will be performed on your firewall or edge device that is NATing connections to Exchange.
Transport
The transport cut over is a combination of DNS changes, Exchange configuration changes, and firewall or smart host configuration changes. For internal devices and applications that are using Exchange as an SMTP service, update the DNS alias that they use to point to the new Exchange server. If you did not use a DNS alias and your devices and applications point to Exchange by the real server name or IP address, then you’ll need to manually update them all (I recommend you implement an alias to avoid that again in future).
For inbound internet email, the cut over may be performed in different ways:
- If the public IP address your MX records resolve to is not changing, then the cut over will be performed at the firewall or edge device that NATs SMTP traffic to Exchange, or it will be performed on the smart host that handles incoming email before routing it to Exchange.
- If your MX records are changing, review this article for some tips.
For outbound email the change is performed by updating the source transport server on your send connector to replace the old server with the new server. If you like you can leave both servers on the connector for a while, but that is up to you. If I’m going to decommissioning the old server I prefer to remove it now so that I have a predictable mail flow for any troubleshooting I need to do.
At this stage, while you’ve still got mailboxes on the old server, Exchange will automatically route email between the two servers as required. There’s no need to create additional connectors for that to occur.
Mailboxes
Finally, move the mailboxes to the new server. Move a small pilot group first just to iron out any last minute issues that might come up, and then proceed with the remainder of the migrations using manageable batch sizes.
Mailbox migrations in Exchange 2010, 2013 or 2016 occur online in a non-disruptive manner for the end users, except for the final cut over step. So you can manage the minor outage required for each batch so that it occurs out of business hours. Autodiscover should handle any Outlook profile updates that may need to occur as part of the move. Otherwise, as long as the client access configuration is all good then the migrations should be problem free.
The main issues with mailbox moves will be speed, and possible failed move requests. Speed is largely impacted by server performance. Exchange will throttle the migrations if the server workload is too high. So rather than expect a consistent rate of moves over a period of time, you should expect them to pause and resume automatically. This also means you should not try to accurately predict the cut over time for a given batch. I prefer to simply wait for the batch to be ready to complete, then plan the cut over time after that.
If you experience corruption issues during the moves you can refer to Andrew Higginbotham’s article on the ENow blog for some guidance.
For Exchange 2013 or 2016 the migration should include any public folder mailboxes as well.
Decommission the Old Server
After your migration is complete you can remove the old server. Do not simply shut down the Exchange server and throw it away. The Exchange Server application needs to be cleanly removed or it will leave orphaned objects behind in your Active Directory that will cause you problems later on.
To verify that the server is ready for decommissioning:
- Check that all of your client access and transport namespaces in DNS resolve to the new server.
- Check the IIS logs on the server to see whether it is still receiving client traffic (you may see traffic from the new server’s IP address still).
- Check the SMTP protocol logs on the server to see whether it is still receiving any SMTP traffic. You can also disable any custom receive connectors on the server to see whether that impacts anything on your network.
- Check that the old server has been removed from any send connectors.
- Check that the mailbox databases on the server no longer contain any mailboxes. If they do then you will not be able to remove the database.
- If you’re using Exchange Server 2010 and have public folders you’ll also need to migrate the public folders to the new server before you can remove the public folder database.
If anything has been missed Exchange setup will not let you uninstall the application.
Your own normal server decommissioning process also applies, as far as any backups, monitoring, or other standard disposal procedures go.
What Else?
The example scenario above is a simple like for like migration between two Exchange servers. I’ve covered the most basic items but in your environment there may be more to consider, such as:
- Unified messaging services
- Integration with other Microsoft products such as Lync/Skype for Business
- Integration with Office 365 for Hybrid deployments
- Integration with third party products such as Enterprise Vault or an MDM server
- Capacity management concerns while both servers are operating
So don’t consider the article above to be a complete guide for all scenarios, but hopefully it provides you with enough information to be able to successfully perform your migration.
Team , i want a exchange 2013 , now i want to add another 2013 server and remove the other 2013 server , can someone suggest how can i achieve this , very confusing for me whether i need to go DAG or just normally move the mailbox databases , we have 10 mailbox in same server . please suggest me on how can i add another server and decommision old one.
Hi Paul, have replied to an existing comment, this is a new one as I’m unable to find info on schema changes. You mention like for like doesn’t need to be the same CU, we have 2016 CU5 along with some 2010 too, can we introduce 2016 CU19 without issue and migrate to that, any issue with AD schema changes?
Hi Paul,
Love the article!
Wondering your thoughts on like for like migration between Exchange 2013 SP1(cu4) and Exchange 2013 CU23? I’m way behind on my CU upgrades and only 22 and 23 are currently available. I’m a little worried about the jump because of the .Net Framework upgrade that takes place as a prerequisite. I’ll be upgrading from .Net 4.5.2 to 4.7.2 before I can run CU23 installer. Microsoft’s site says to do it but others have said it’s better to follow an upgrade path where you install .Net and CUs in steps but are never installing a version of either that isn’t compatible with the one you’re on or upgrading to. But I can’t do that because the older CU’s aren’t available. So, I’m hoping a work around would be a like for like migration from 2013 to 2013 but between SP1(CU4) and CU23. Do you think that approach could be successful?
Thanks,
Mike B.
HI Mike,
You can download CU4 from here.
https://www.msexchangeupdates.com/
I’m curious as to how this went? I’m going through the exact same thing right now with an inherited Exchange server.
Hi Paul,
I was wondering if you have any thoughts on whether a like for like Exchange 2013 migration would work if the first server is on SP1 (aka CU4) and the new server is on the latest CU23? I’m hoping to use a like-for-like migration as a work-around to jumping from SP1 to CU23. Unfortunately I’m way behind on CUs and only the latest 2 are available. Microsoft’s site says to make the jump, but I’ve read elsewhere that there are .Net framework concerns. For example, my Exchange 2013 SP1 is running .Net Framework 4.5.2, which is the correct .Net up to CU15. If older CUs were available there would be a path I could follow to always be upgrading the .Net to a version that’s supported by the current and new CU that I’m upgrading to. Alas, I have to go from SP1 .Net 4.5.2 to .Net 4.7.2 then CU23. The risk lies in that first step of upgrading the .Net Framework while the Exchange CU is still SP1 (CU4). So, a workaround might be to do a like for like mailbox migration in my environment. Any input on if that should work if original mailbox server is SP1 and the new one is CU23? Thanks, Mike B.
Hi All,
We are doing a like-to-like migration of Exchange Server 2013 CU23. Our exchange is configured as hybrid (so we can move mailboxes on-prem to online and vice-versa).
After the migration, we cannot anymore move mailboxes either way.
Do we still need to re-run the Hybrid Configuration wizard? If yes, should we run it after we uninstall the old exchange server?
Hi Paul
I Have an existing exchange 2013 rtm 15.0.516.32 that i am moving to new hardware is it ok to just install exchange 2013 sp1 on the new server then move all mailboxes etc to new server. or should i update existing server to sp1 first
Hey Paul
Would it be possible to add additional database copies on the new exchange servers instead of migrating mailboxes in batches? Once the seeding has completed I would theoretically be able to remove the original copies before decommissioning the servers for existing mailbox databases.
Thanks
-Andrew
I’ve installed Exchange on my new servers (went from VMware to HyperV) and added them to the DAG. I completed the virtual directory modifications. and imported the certificates to the new servers. My servers have an identical storage/mount point configuration and are technically ready for the original databases to be seeded over.
I understand your guide focuses on migrating the users from the original DB’s to net new DB’s. Do you foresee any potential issues with creating copies of the databases on the new environment as opposed to migrating?
Paul,
This is my second migration following your detailed instructions. The first time worked flawlessly. This time, however, I have mailboxes that I can’t disable using Disable Mailbox or migrate to the new server and this is preventing me from deleting the old DB so I can decommission remove the server from the network.
Using Get-Mailbox -Database BTDB02 -(all the recommended parameters) return no mailboxes yet when I use
Get-MailboxDatabase BTDB02 | Get-MailboxStatistics | sort displayname -desc | ft displayname
I get the following return from the query. I get an error that my comment is too long when I post the full list but it breaks down as follows
Any help or suggestions would be greatly appreciated.
DisplayName
———–
SystemMailbox{4143b742-1039-48e1-a1b7-fd5fc484195c}
MsExchDiscoveryMailbox D919BA05-46A6-415f-80AD-7E09334BB852
10 total – In-Place Archive -HealthMailbox-name
11 total – HealthMailbox-name
and
HealthMailboxa0719b6
Here is the actual list
DisplayName
———–
SystemMailbox{4143b742-1039-48e1-a1b7-fd5fc484195c}
MsExchDiscoveryMailbox D919BA05-46A6-415f-80AD-7E09334BB852
In-Place Archive -HealthMailbox-BTExchange02-BTDB02
In-Place Archive -HealthMailbox-BTExchange02-003
In-Place Archive -HealthMailbox-BTExchange02-001
In-Place Archive -HealthMailbox-BTExchange02-001
In-Place Archive -HealthMailbox-BTEX01-003
In-Place Archive -HealthMailbox-BTEX01-003
In-Place Archive -HealthMailbox-BTEX01-001
In-Place Archive -HealthMailbox-BTEX01-001
In-Place Archive -HealthMailbox-BTEX01-001
In-Place Archive – HealthMailbox-BTExchange02-BTDB02
HealthMailbox-BTExchange02-BTDB02
HealthMailbox-BTExchange02-BTDB02
HealthMailbox-BTExchange02-003
HealthMailbox-BTExchange02-001
HealthMailbox-BTExchange02-001
HealthMailbox-BTEX01-003
HealthMailbox-BTEX01-003
HealthMailbox-BTEX01-003
HealthMailbox-BTEX01-001
HealthMailbox-BTEX01-001
HealthMailboxa0719b6
I have a situation where the current Exchange 2010 SP3 server is installed on a physical Windows 2008 R2 machine while being the DC as well. We recently moved the client to a vSphere environment and did several P2V conversions except for the Exchange/DC server. I have split the two servers up into separate VMs with one having the same Exchange 2010 SP3 as the physical server. Right now, both the old Physical and Virtual Exchange servers are running, and the new Exchange VM has acquired information somehow to where it has found pretty much everything about the Physical Exchange server, Mailboxes, Client Access, Transport HUB, etc… I was following this guide and I believe I may be ready to migrate all Mailboxes over. But I do have a question. I took a mailbox that was seated on the Physical Exchange server and moved its mailbox over to the new VM Exchange server with no problem. I even setup the email account on Microsoft Office, and it pulled all the account information and setup the mailbox on the local machine. When I navigate to the Email Account Settings, it shows that it is seated on the new VM Exchange server. Does that mean, I have gotten things configured properly? I was able to test inbound and outbound emails with success.
Hello,
Thank you for you great description. I just run into a problem and I wanted to ask you if you could help me.
After I did all the steps, I paused the main Exchange Server (VM). When the main Exchange Server is not accessible, I can’t open ecp or owa (html error 500) anymore on the new exchange server. When I start the first Exchange Server again everything works like it should.
The clients however (outlook) works fine with or without the first Exchange server.
Do you have an idea?
Thank you
François
Hi Paul,
I want to virtualize 2 Exchange 2010 SP1 servers with VMware hosts. My current domain and forest levels are in Windows 2003, even my 2 DCs are running Win2012R2. The two physical servers (Edge transport server and CAS) are standalone, not in a Database Access Group array. So, what’s my best path for this migration?
1. Should I raise the DCs to Win 2012R2 domain and forest level first?
2. Should I upgrade the 2 existing physical Exchange servers to SP3, then the most current Rollup20? or, can I leave them as they are, proceed to building up 2 new VMs, install Exchange 2010, upgrade to SP3, then install Rollup20, then, start the migration process outlined in your guide? I don’t intend to keep the existing physical servers after migration.
Many thanks!
Thanks,Very good article!!!
I need to migrate my exchange 2010 servers to new site.
2 CAS HUB Virtual machine with windows NLB
2 Mailbox Physical machine with DAG
Both sites are Same domain
Can you please advise the best possible method to move to new Data center.
The confusing part is for the CAS server move and changing cas array site.
what is the steps to move CAS server to new site?
Appreciate if you can advise on this.
We are getting ready to do this migration as well. This is a very detailed and informative article. Very much appreciated.
Paul,
I’d like to use this guide to go from a CU12 VM to a CU17 VM. I am unable to get CU12 to update correctly and am considering spinning up a fresh VM to migrate to. I’ve tossed around the idea of having Microsoft try and diagnose what is going on with updating CU12 but have had nightmares about that scenario.
What are your thoughts?
You don’t describe your issue so it’s hard to say. Migrate to a new server if you think that will be cheaper than a support call?
When installing CU17, it went to remove CU12 but could not find the installation source and failed. During the failed update it of course disabled the Exchange services and set the components to inactive. In order to get the server operational, I had to restore files from backup and now when I run the update it fails immediately saying it can’t find a file in a temp folder. I have a free call available with Microsoft and plan on using it for this. I am considering spinning up a VM from backup for them to work on in case they break it completely. Unfortunately, I didn’t take a snapshot before I did the update, lesson learned.
Is it still “like for like” if the CUs are different?
Restoring files from backup was probably the wrong step, and a snapshot won’t help you because rolling back Exchange servers using snapshots is not supported. A recovery install the correct way to resolve a failed server.
Like for like doesn’t require them to be the same CU.
Hi Paul, you mention like for like doesn’t need to be the same CU, we have 2016 CU5 along with some 2010 too, can we introduce 2016 CU19 without issue and migrate to that, any issue with AD schema changes?
Could a certificate issue be causing this? Both Autodiscover ur’s point to the same thing, https://mail/Autodiscover/Autodiscover.xml
I updated my Autodiscover to point to the old server and certificate but my Outlook users are having weird connection issues when I installed the second Exchange server. They keep getting prompted for their username/password and it just rejects it even when it is right.
You did what do your Autodiscover?
Paul,
When running get-clientaccessserver | fl name,AutoDiscoverServiceInternalUri
both servers are showing the same url which points to https://sitename/Autodiscover/Autodiscover.xml
You’re going to have to describe your scenario in a lot more detail, and explain what you’ve already done when you installed the new server.
Paul, I can manually fix my Outlook connection if I go to the properties of my mail profile and under Outlook Anywhere I go into Exchange Proxy Settings. From there if I change “Use this URL to connect to my proxy server for Exchange” to my new server where I migrated my mailbox to everything will connect. I don’t know why this hasn’t changed automatically.
Paul, I can manually fix my Outlook connection if I go to the properties of my mail profile and under Outlook Anywhere I go into Exchange Proxy Settings. From there if I change “Use this URL to connect to my proxy server for Exchange” to my new server where I migrated my mailbox to everything will connect. I don’t know why this hasn’t changed automatically.
If you’re doing a like for like migration as describe in this article then the URL that clients connect to shouldn’t be changing. I don’t understand your actual scenario because you’re not describing it in enough detail for me to get an idea of what you’ve done.
Sorry about that, I’m kinda of jumping all over the place. I have 2 exchange 2013 servers setup and before I migrate everyone over to the new server i’m doing a few tests with users. People with OWA are fine. People that use Outlook will get prompted for users credentials when launching Outlook. It doesn’t matter what they put in as the screen just flashes. Right now I have all urls on both servers pointing to the same namespace which in DNS points to the current Exchange server. I have no DAG setup, I was just planning on doing a move of the mailbox. I’m able to resolve the problem by adding the “Exchange Trusted Subsystem” in Local Administrators group on each server but I feel like that is just masking a problem. Besides we have Group Policies in place that sets the Local Admin Groups accounts so whatever I put in there just gets erased after the Group Policy refresh. Should adding the Exchange Trusted Subsystem to the Local Admins be a part of the process? It seems like the servers don’t have permissions to talk to each other.
Exchange Trusted Subsystem and Organization Management are both added to local Administrators by Exchange setup. Removing them will break Exchange.
Paul, I have used your site for all kinds of Exchange nuggets. I am in a bit of a tight spot but need to make some changes.
I have 2 (VMWare) Exchange 2013 cu15 in a DAG. both house 2 databases with only one database active on each one (server a, has db1; server b has db2; but both servers have db1 & 2 on them). The OS for both servers is Windows Server 2012 Std. The kick in the pants is as of FEB ’17, I can no longer run windows updates.
I spun up another vm with 2012 on it, but I still get the never ending checking for updates (what am I missing).
Is there a way to spin up a couple of 2012 R2 vms, install exchange, setup or reuse the current DAG, and copy over my databases?
What is the best method?
Thank you in advance.
You would basically do a like for like migration as shown above, but adjusted slightly. Setup the two new servers in a DAG, make sure it’s all tested and working properly, then cutover the client access namespaces, mail flow, and migrate the mailboxes.
Hello Paul,
Thanks for this great article. I’m doing a Like for Like Exchange 2013 move and noticed that you didn’t touch on moving the Offline Address Book or the Public Folder Mailbox to the new Exchange 2013 server. I’m just wondering, if this is something that I would need to do or does this happen automatically after you start the removal process of the old Exchange 2013 server?
In Exchange 2013 the OAB generation is handled by one of the system mailboxes, so as long as you move all the mailboxes to the new server the OAB will continue to work fine. Same goes for public folders, just move the mailboxes.
Hi Paul, your articles are always incredibly helpful. I am having an issue with two Exchange 2016 boxes. Particularly, I am having an issue routing mail between the two internally. I copied over a test mailbox from the existing server to the new one and am getting a 451 4.4.0 error in the Queue but only on the SMTP Relay queue when sending to that mailbox on the new server.
What am I missing? Thanks!
Hi Paul,
Thank you for your articles.
I have a question about the like-for-like migration. We have a single Exch2013 server (inherited from another company we bought) which is currently on CU 2 (build number: 15.00.0712.024).
Is it fine to do a P2V to the latest CU?
Regards,
Is it possible on the server we are migrating to, to go ahead and get it to the latest SP3/Rollup while leaving the original server on the older SP1?
Thanks
You’ll need to be clearer about your scenario. Which Exchange versions are you referring to?
Hi Paul, Thank you for the article.
I have an old Exchange 2010 box and need to do a like for like migration to new hardware.
Would you be so kind as to confirm that when installing my new serve I should put the identical namespace in. e.g mail.company.com. Then follow the steps as per your article.
Regards
Hi Paul ,
Paul as usual you are one of the best MVP. Thanks for spending time for creating such documents which will benefit the the Exchange society.
Regards
Qayoum.
Another great article, with fantastic illustrations. Keep up the good work!