Migration to new exchange server 2016 with sophos web proxy

Brass Contributor


I currently have one of my customers who has an Exchange Server 2016 installed on Windows 2012 R2.
Since support for Windows 2012 R2 ends at the end of the year, my customer wants to migrate Exchange Server 2016 to Windows Server 2016.
So a windows 2016 server will be installed on which exchange 2016 will be installed and then everything will be migrated to this new machine.
My doubt is that currently the exchange services are published via sophos reverse proxy with this configuration https://support.sophos.com/support/s/article/KB-000040209?language=en_US
No third-party certificate is loaded on the current exchange server as the certificate has been uploaded to Sophos.
At the virtual directories level the names point to the reverse proxy (except for autodiscover) and are:
https://webmail.pippo.it /owa
https://webmail.pippo.it /ecp
https://webmail.pippo.it /EWS/Exchange.asmx
https://webmail.pippo.it /mapi
https://webmail.pippo.it /Microsoft-Server-ActiveSync
https://webmail.pippo.it /OAB
http://webmail.pippo.it /powershell
https://sever.ad.pippo.it /Autodiscover/Autodiscover.xml
Since I have never done migrations to exchanges where there were reverse proxies, I wanted to understand how to do the migration.
Usually the first thing you do when migrating an exchange is to set the name of the virtual directories the same as the existing server and upload the certificate.
In this case, since the name of the autodiscover is the default one and the certificate used is the native one and not a third-party one, what should I do?


Thank you



2 Replies
I've never done this so I can only guess that you build the server and configure it the same as the existing one and it's in Sophos that you make all the changes. Just be mindful of the virtual directory configuration (ie SSL offloading etc). You'll need PowerShell to get a lot of that information. I would question you putting in Server 2016 and Exchange 2016 where mainstream support has ended already for both of them. I'd go for the latest version of the OS and Exchange. There's not a lot of difference going Exchange Server 2019

@Dan Snape 

Thanks for the reply.
My customer does not install Exchange 2019 because it requires 128 GB of RAM and would need to upgrade the entire VMware cluster.
it is true that mainstream support has ended but extended support lasts until October 2025 for the exchange and for windows 2016 it lasts until January 2027.
So both products will still receive security patches.
Also next year my customer will migrate to o365.
For the topic of migration with the reverse proxy I will try to set up a laboratory to simulate the migration.