Forum Discussion
Exchange Hybrid Clarifications
I currently have a single Exchange 2016 server and planning to migrate to 365 by deploying an additional Hybrid server. Have a couple of questions with regards to Hybrid deployment and appreciate if anyone can shed some lights !
1. My current server has a Wildcard certificate with these SANs. Do I need a dedicated new certificate for the new Hybrid server or can I use the existing wildcard without any changes ?
SANS - *.abc.com , abc.com
2. Should I change any records to point to the new Hybrid server from the current mailbox server (autodiscover etc.. etc..) ? At which point should I change these? Just trying to make sure I follow the right steps to keep the mailflow running after executing the HCW.
Thank you all very much !
5 Replies
- Is there a reason you want an additional server? The existing server can function as the hybrid server just fine as long as it's had the latest CUs installed and it's patched...this will save a lot of work and compute resources.
A wildcard certificate is fine, and gives you a bit of flexibility in the namespace you use for hybrid connectivity.Dan_Snape,
Thanks for your response!.
A second server (dedicated for Hybrid) Is simply because the current server runs Windows Server 2012. Apparently the minimum supported Windows for Hybrid is 'Windows Server 2012 R2'. I just wanted to stay out of 'In-place upgrade' and a migration to a new server which takes even more effort.
Wildcard cert - Thanks for that Dan. Happy days then I can easily use the existing cert with no modifications to SANs given it covers the domain entirely.
Additional Question though - In terms of Autodiscover record, I should be able to leave it as is (continue to point to the current Mailbox server) and let the new server solely act as the Hybrid EndPoint for 365 connectivity, I suppose? should there be any DNS record level modifications o to point to the Hybrid Server in this scenario ?
Thank you so much again Dan !>A second server (dedicated for Hybrid) Is simply because the current server runs Windows Server 2012.
>Apparently the minimum supported Windows for Hybrid is 'Windows Server 2012 R2'.
>I just wanted to stay out of 'In-place upgrade' and a migration to a new server which takes even more effort.
On what OS are you running Exchange 2016?
Supported OS are from 2008 R2 up to Windows Server 2022.
https://learn.microsoft.com/en-us/exchange/plan-and-deploy/system-requirements?view=exchserver-2016
The Problem would most likely be that the OS is running out of Support. The Extended Support for Windows Server 2012 R2 ends in October 2023.
https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
If you want to upgrade Exchange to a newer OS you will need to install a new Server with Exchange and make a Swing Migration from Exchange 2016 (with old OS) to Exchange 2016 (with new OS).
Don't be confused with "Hybrid Server" - such a Role does not exist. It's just a Configuration that applies to the whole Exchange Organization and makes sure Mailflow, Free/Busy and EWS Access (for Mailtips and Migration) are configured correctly.
Make sure you run a supported Version of AAD Connect
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-version-history
And also make sure that all Servers have TLS1.2 enabled
Regards
Andres Bohren
- there's several steps to follow indeed, first off create your tenant and register your domain in the tenant. you can find all the required steps easily in Microsoft documentation.
https://learn.microsoft.com/en-us/microsoft-365/education/deploy/create-your-office-365-tenant
deploy azure ad connect on a server not the hybrid exchange server !
follow the link info provided.
