" So your CA/Mailbox/Hub servers still have to be exposed to the outside, even if you have an Edge server."
--> That's what our SMTP/AS/AV gateway and VPN and reverse proxies are for. -----Original Message----- From: John Hornbuckle [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2008 2:39 PM To: MS-Exchange Admin Issues Subject: Update: Exchange on VM I just wanted to update everyone on our Exchange migration, since I had mentioned here what we were doing. Maybe it will help some of you if you have to go down the same road as us in the future. Our old server was Exchange 2003 on a Server 2003 32-bit box. A bit over 500 mailboxes, around 40 GB of mail. New server is Exchange 2007 on Server 2008 64-bit Hyper-V VM. We have two VMs--one for Edge and one for Hub Transport, Client Access, and Mailbox. Both are on the same physical machine. For the most part, things worked well--creating the new servers and migrating the mailboxes went smoothly. We ran into a couple of little bumps in the road that had me pulling my hair out after that, but things could've been much worse. The engineers (from an outside company) that worked with me on the move were pretty knowledgeable, although Hyper-V was a bit new to them and one of them was much more knowledgeable about Exchange 2003 than 2007. They did have to engage Microsoft engineers at one stage, and between MS, the outside engineers, and me there were times when there were half a dozen of us on a conference call working on problems at one time. Exchange 2007 seems to work fine in a Hyper-V VM. Granted, we're a smallish organization and we've been running it for less than a week, but still--things look fine. Some gotchas we came across: * A number of our users aren't configured in ADUC to inherit permissions (which apparently users normally would be). For some, this created an issue where they couldn't log into OWA. For others, it created no problems whatsoever. * We had to configure Outlook Anywhere to use plain text instead of NTLM (although we're using SSL, so plain text is still secure). Although NTLM is the preferred method per MS, for some reason when we had it selected our users were being repeatedly prompted to enter their credentials in Outlook--but it would never accept them and would keep asking over and over again. What's even weirder is that this was happening ON OUR NETWORK, where Outlook Anywhere really shouldn't be in use. This confused MS, the outside engineers, and me. This problem--which also prevented Free/Busy and the Out of Office Assistant from working--only affected Outlook 2007 clients, not 2003. * Outlook redirected itself to the new server fine for most of my users, but for around 10% - 15 % it didn't. For them, we've had to delete and recreate their Outlook profile on their machine. Not a hard fix, but kind of a pain to run around and do. We have not determined a pattern as to which machines redirected and which didn't. It appears to affect both Outlook 2007 on Vista and 2003 on XP. * Having to use the Exchange Management Console to do things you used to be able to do directly in Active Directory Users & Computers is a pain and just plain stupid. I don't know what Microsoft was thinking there. * The Exchange Management Shell is great, although there are some tasks that have to be done there that I think would be easier from a GUI. * It seems weird to me that the purpose of the Edge server role is to protect your other servers/roles from the Internet, yet OWA, ActiveSync, etc. don't run at the Edge level. So your CA/Mailbox/Hub servers still have to be exposed to the outside, even if you have an Edge server. John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
