Миграция с MS Exchange 2010 на MS Exchange 2016. Часть 3. Перенастройка транспорта.

19 August 2019

После того, как мы настроили DAG и увидели, что он отказоустойчив, необходимо перенастроить транспорт и пути по которым будет ходить наша почта. Добавить сертификат. Изменить DNS имена и ip для, того чтобы клиенты подключались к новым серверам. Пока ящики находятся на старых серверах Exchange будет проксировать все запросы с новых на старые сервера в прозрачном режиме. Exchange 2016 больше не поддерживает подключение по протоколу RPC/IP , а использует MAPI over HTTP. Поэтому перед переключением транспорта необходимо убедится, что все клиенты MS Outlook 2010 SP2 или выше. Далее делаем следующее:

1. Заходим в Posh Exchange

2. Переключаем в режим Unrestricted: Set-ExecutionPolicy Unrestricted

3. Запускаем выполнение скрипта. ConfigureExchangeURLs.ps1 . Данный скрипт проходит по тем серверам, которые указали и прописывает пути и виртуальные директории, которые вы укажите . Сразу на всех серверах. Очень удобно.

<#

.SYNOPSIS

ConfigureExchangeURLs.ps1

.DESCRIPTION

PowerShell script to configure the Client Access server URLs

for Microsoft Exchange Server 2013/2016. All Client Access server

URLs will be set to the same namespace.

If you are using separate namespaces for each CAS service this script will

not handle that.

The script sets Outlook Anywhere to use NTLM with SSL required by default.

If you have different auth requirements for Outlook Anywhere use the optional

parameters to set those.

.PARAMETER Server

The name(s) of the server(s) you are configuring.

.PARAMETER InternalURL

The internal namespace you are using.

.PARAMETER ExternalURL

The external namespace you are using.

.PARAMETER DefaultAuth

The default authentication method to set for Outlook Anywhere. Defaults to NTLM.

.PARAMETER InternalSSL

Specifies the internal SSL requirement for Outlook Anywhere. Defaults to True (SSL required).

.PARAMETER ExternalSSL

Specifies the external SSL requirement for Outlook Anywhere. Defaults to True (SSL required).

.EXAMPLE

.\ConfigureExchangeURLs.ps1 -Server sydex1 -InternalURL mail.exchangeserverpro.net -ExternalURL mail.exchangeserverpro.net

.EXAMPLE

.\ConfigureExchangeURLs.ps1 -Server sydex1,sydex2 -InternalURL mail.exchangeserverpro.net -ExternalURL mail.exchangeserverpro.net

.LINK

http://exchangeserverpro.com/powershell-script-configure-exchange-urls/

.NOTES

Written by: Paul Cunningham

For more Exchange Server tips, tricks and news

check out Exchange Server Pro.

* Website: http://exchangeserverpro.com

* Twitter: http://twitter.com/exchservpro

Find me on:

* My Blog: http://paulcunningham.me

* Twitter: https://twitter.com/paulcunningham

* LinkedIn: http://au.linkedin.com/in/cunninghamp/

* Github: https://github.com/cunninghamp

License:

The MIT License (MIT)

Copyright (c) 2015 Paul Cunningham

Permission is hereby granted, free of charge, to any person obtaining a copy

of this software and associated documentation files (the "Software"), to deal

in the Software without restriction, including without limitation the rights

to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

copies of the Software, and to permit persons to whom the Software is

furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all

copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

SOFTWARE.

Change Log:

V1.00, 13/11/2014 - Initial version

V1.01, 26/06/2015 - Added MAPI/HTTP URL configuration

V1.02, 27/08/2015 - Improved error handling, can now specify multiple servers to configure at once.

V1.03, 09/09/2015 - ExternalURL can now be $null

#>

#requires -version 2

[CmdletBinding()]

param(

[Parameter( Position=0,Mandatory=$true)]

[string[]]$Server,

[Parameter( Mandatory=$true)]

[string]$InternalURL,

[Parameter( Mandatory=$true)]

[AllowEmptyString()]

[string]$ExternalURL,

[Parameter( Mandatory=$false)]

[string]$DefaultAuth="NTLM",

[Parameter( Mandatory=$false)]

[Boolean]$InternalSSL=$true,

[Parameter( Mandatory=$false)]

[Boolean]$ExternalSSL=$true

)

#...................................

# Script

#...................................

Begin {

#Add Exchange snapin if not already loaded in the PowerShell session

if (Test-Path $env:ExchangeInstallPath\bin\RemoteExchange.ps1)

{

. $env:ExchangeInstallPath\bin\RemoteExchange.ps1

Connect-ExchangeServer -auto -AllowClobber

}

else

{

Write-Warning "Exchange Server management tools are not installed on this computer."

EXIT

}

}

Process {

foreach ($i in $server)

{

if ((Get-ExchangeServer $i -ErrorAction SilentlyContinue).IsClientAccessServer)

{

Write-Host "----------------------------------------"

Write-Host " Configuring $i"

Write-Host "----------------------------------------`r`n"

Write-Host "Values:"

Write-Host " - Internal URL: $InternalURL"

Write-Host " - External URL: $ExternalURL"

Write-Host " - Outlook Anywhere default authentication: $DefaultAuth"

Write-Host " - Outlook Anywhere internal SSL required: $InternalSSL"

Write-Host " - Outlook Anywhere external SSL required: $ExternalSSL"

Write-Host "`r`n"

Write-Host "Configuring Outlook Anywhere URLs"

Get-OutlookAnywhere -Server $i | Set-OutlookAnywhere -ExternalHostname $externalurl -InternalHostname $internalurl -ExternalClientsRequireSsl $ExternalSSL -InternalClientsRequireSsl $InternalSSL -DefaultAuthenticationMethod $DefaultAuth

if ($externalurl -eq "")

{

Write-Host "Configuring Outlook Web App URLs"

Get-OwaVirtualDirectory -Server $i | Set-OwaVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/owa

Write-Host "Configuring Exchange Control Panel URLs"

Get-EcpVirtualDirectory -Server $i | Set-EcpVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/ecp

Write-Host "Configuring ActiveSync URLs"

Get-ActiveSyncVirtualDirectory -Server $i | Set-ActiveSyncVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/Microsoft-Server-ActiveSync

Write-Host "Configuring Exchange Web Services URLs"

Get-WebServicesVirtualDirectory -Server $i | Set-WebServicesVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/EWS/Exchange.asmx

Write-Host "Configuring Offline Address Book URLs"

Get-OabVirtualDirectory -Server $i | Set-OabVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/OAB

Write-Host "Configuring MAPI/HTTP URLs"

Get-MapiVirtualDirectory -Server $i | Set-MapiVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/mapi

}

else

{

Write-Host "Configuring Outlook Web App URLs"

Get-OwaVirtualDirectory -Server $i | Set-OwaVirtualDirectory -ExternalUrl https://$externalurl/owa -InternalUrl https://$internalurl/owa

Write-Host "Configuring Exchange Control Panel URLs"

Get-EcpVirtualDirectory -Server $i | Set-EcpVirtualDirectory -ExternalUrl https://$externalurl/ecp -InternalUrl https://$internalurl/ecp

Write-Host "Configuring ActiveSync URLs"

Get-ActiveSyncVirtualDirectory -Server $i | Set-ActiveSyncVirtualDirectory -ExternalUrl https://$externalurl/Microsoft-Server-ActiveSync -InternalUrl https://$internalurl/Microsoft-Server-ActiveSync

Write-Host "Configuring Exchange Web Services URLs"

Get-WebServicesVirtualDirectory -Server $i | Set-WebServicesVirtualDirectory -ExternalUrl https://$externalurl/EWS/Exchange.asmx -InternalUrl https://$internalurl/EWS/Exchange.asmx

Write-Host "Configuring Offline Address Book URLs"

Get-OabVirtualDirectory -Server $i | Set-OabVirtualDirectory -ExternalUrl https://$externalurl/OAB -InternalUrl https://$internalurl/OAB

Write-Host "Configuring MAPI/HTTP URLs"

Get-MapiVirtualDirectory -Server $i | Set-MapiVirtualDirectory -ExternalUrl https://$externalurl/mapi -InternalUrl https://$internalurl/mapi

}

Write-Host "Configuring Autodiscover"

Get-ClientAccessServer $i | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://$internalurl/Autodiscover/Autodiscover.xml

Write-Host "`r`n"

}

else

{

Write-Host -ForegroundColor Yellow "$i is not a Client Access server."

}

}

}

End {

Write-Host "Finished processing all servers specified. Consider running Get-CASHealthCheck.ps1 to test your Client Access namespace and SSL configuration."

Write-Host "Refer to http://exchangeserverpro.com/testing-exchange-server-2013-client-access-server-health-with-powershell/ for more details."

}

#...................................

# Finished

#...................................

4. Далее, заходим в ECP и в разделе сертификаты, привязываем к сервису IIS на каждом сервере сертификат. Сертификат должен находится в СЕТЕВОЙ папке обязательно. Права на сетевую папку должны быть выданы группе Exchange Trust Subsystem.

5. И последним шагом будет изменение DNS записей на новые сервера.

Подписывайтесь в соц сетях на мои группы:

В контакте https://vk.com/club171741699

Группа в телеграмме https://t.me/SysOP_tavern