Forum Discussion

pk_fwd's avatar
pk_fwd
Copper Contributor
Feb 19, 2023

Migrating on prem 2016 to a cloned Azure VM in a hybrid environment

We have a multipath hybrid setup with connectors set up between the following: 1. On Prem 2016 exchange CU 23 2. Exchange 365 3. Mimecast What options do I have to move the on prem exchange...
exchange online
Exchange Server
hybrid
Dan_Snape's avatar
Dan_Snape
Bronze Contributor
Feb 21, 2023
Best practice is that you build a new server in Azure and migrate all mailboxes and services from the old server to the new. You can try the clone method and it may work, but I don't believe Exchange is designed for this type of migration. As long as the server is in maintenance mode prior to cloning it should be OK. Just make sure that everything referencing that server is updated after the change of IP (Mimecast connector, SPF, send/receive connectors etc). Also, Azure blocks port 25 traffic by default unless you have certain subscriptions, so make sure those prerequisites are met too.
  • pk_fwd's avatar
    pk_fwd
    Copper Contributor
    Feb 27, 2023

    Dan_Snape 

    Thank you for your reply Dan

    The cloning sounded risky.

    I am looking at recreating the exchange server from a fresh install and then using the "move to a different database" option in EAC to move any on prem mailboxes to the new server.

    I found 7 arbitration mailboxes and am unsure whether I need to move these or if these are unique and are created by default on each exchange installation.

    I am in the process of recreating all on prem recipients (mailboxes, groups, resources, contacts, shared) in 365 so that there are none on prem.

    IIS is another area I am looking at as there are default sites like EAC etc. which are recreated by default however others look manually created.
    Apart from using on prem exchange server as an SMTP relay I don't see any other reason for continuing the hybrid setup in the future, however as our ERP team may be using this functionality (including IIS) I have to continue being hybrid until a new solution is found there.

    • Dan_Snape's avatar
      Dan_Snape
      Bronze Contributor
      Feb 28, 2023
      The Arbitration mailboxes will also need to be migrated. You shouldn't need to create anything in IIS for Exchange manually. Hybrid requires AAD Connect, so you shouldn't need to recreate any recipients...they should just be synced to Azure AD from on-prem AD
      • pk_fwd's avatar
        pk_fwd
        Copper Contributor
        Mar 02, 2023
        Thank you Dan
    • Rana_Banerjee's avatar
      Rana_Banerjee
      MCT
      Feb 28, 2023

      Hello pk_fwd,

      First of all cloning will be a bad idea and will not work as the guts of exchange resides in AD.

      Please use the following steps in the same order. 

      • Setup a subscription in Azure. Select the correct type of subscription as not all subscription will allow port 25 access. Pay as you go and enterprise subscription allows. 
      • After the correct subscription log a ticket with Microsoft to open and exempt port 25
      • Create required Vnet / landing zone if one does not exist. Stick to atleast Hub-Spoke topology with some sort of firewall like Azure Fw or even Pfsense with one public ip for exchange. Extend the on premise connectivity using gateway VPN or express route.
      • Deploy new exchange 2016 in Azure with latest CU and patches. Add the Azure Public ip in mimecast as "authorized outbound ips" so that the new exchange server can send email to Mimecast as an upstream server. You may need to configure delivery routes in mimecast to add this too
      • Move all mailboxes including arbitration to the new exchange server. Configure the server with all the services and cert
      • For the send connector edit the send connector and add this server too and for the receive connector edit and create it as needed.
      • Move all mailboxes including arbitration mailboxes etc to the new server, address book etc. Run hybrid configuration wizard to configure the new server. You will need dns changed to the new public ip for successfully running hybrid configuration wizard 
      • Then put the old server in maintenance mode and turn it off and leave it off for 2 weeks. 
      • When you are confident all services are successfully migrated to the new server, Uninstall the old exchange server. You will also need to remove any delivery routes to in prem in mimecast.

      Let me know if you did not understand any part. Happy to assist. 

       

      Kind Regards 

      Rana

      • pk_fwd's avatar
        pk_fwd
        Copper Contributor
        Mar 02, 2023
        Hi Rana
        I have been advised by MS to use port 587 rather than 25. Will this be an issue?