Hi,

I currently have an Exchange 2010 SP3 CAS/MBX/HUB single server.

Internal DNS

Hi!

1. Do I need an additional public IP / FQDN configured to point to EX2013 (e.g. legacy.domain.com). Or can I just re-use my existing webmail.company.com and repoint the IP?

***Yes, for the coexistence scenario you need another ip address for the new server, and if you want to put in production in coexistence you need another IP Public address, the old ip is put in legacy and apply the new MXRecord to the EX13, move all the virtual directories to the new mxrecord. All of this for the coexistence scenario when you need stay all the time in production.

2. At installation E2013 will set the URLs to server FQDNs. Which URLs should I change to webmail.company.com and which URLs should I set to $null?

No, just put the new FQDN of the server EX13 in the new server and the Edge (if you have), you need to move all the connection to the new server.

This is the best guide to make the migration: http://msexchangeguru.com/2013/05/10/exchange2013-migration/

Regards

Hi 

Based on my experience I have collected few guidelines before configuring autodiscover in Exchange 2010/2013 coexistence.

First and the foremost step that i would recommend you is to

Follow the steps from Exchange server deployment guide which is pretty simple and straightforward.

https://technet.microsoft.com/en-us/exdeploy2013/Checklist?state=2419-W-AAAAAAAAQAAAAAEAAAAAAAA~&f=255&MSPPError=-2147217396&startOver=True

We need to consider below things before we proceed with the full fledged operation of autodiscover in Exchange 2010/2013 coexistence.

First we need to decide on using which internal and external urls in Exchange 2013.

The following Steps needs to be configured in this order: 
Configure Exchange 2013 external URLs.
Configure Exchange 2013 internal URLs.
Enable and configure Outlook Anywhere in Legacy i.e, (Exchange 2010 & 2013).
Configure service connection point,Change SCP of Exchange 2010 CAS VIP to Exchange 2013 CAS VIP.
Configure DNS records.
DNS entries(Both public and your internal) should be pointed to Exchange 2013 CAS from Exchange 2010 CAS if you decide to use the same old url.

Note: To allow your Exchange 2013 Client Access server to redirect connections to your Exchange 2010 servers, you must enable and configure Outlook anywhere on all of the Exchange 2010 servers.

You can probably run Get-Outlookanywhere on both Exchange 2010 and 2013 and see all the 
internal and external urls assigned and configured accordingly.

Note: We need to have legacy url for legacy users if they want to access outlook anywhere externally.

For Outlook Anywhere
Change authentication on Exchange 2010 CAS server client auth method to NTLM

Run the following commands on Exchange 2013 server to set outlook anywhere settings

Set-outlookanywhere -InternalHostname hostname -identity 
serverRpc (Default Web Site)-InternalClientAuthenticationMethod ntlm -internalclientsrequiressl $True
Set-outlookanywhere externalHostname hostname identity 
serverRpc (Default Web Site) -ExternalClientAuthenticationMethod ntlm -externalclientsrequiressl $true
Set-outlookanywhere -iisauthenticationmethods basic,ntlm,negotiate -identity Rpc (Default Web Site)

Imp Note : Exchange 2013 supports Negotiate for Outlook Anywhere HTTP authentication,
this option should only be used when all the servers in the environment are running Exchange 2013.

To configure certificate based authentication we need to ensure following things

1. Please check if Certificate Mapping Authentication is installed on the server
2. Go to IIS manager and check if Active Directory Client Certificate Authentication is enabled.
3. Check if required Client certificate is enabled on ActiveSync VD. If not, enable it.
4. Check if basic authentication is disabled on ActiveSync VD. If not, disable it.
5. Check if the ClientCertificateMappingAuth is set true.

Apply a new certificate with all the required site names included in Exchange 2013 CAS.

For OWA - 
Enable FBA authentication + windows Integrated authentication on OWA VD on exchange 2010 CAS server.
Users with mailboxes still on 2010 will be connecting to CAS 2013 and then proxy to CAS 2010.

Hi,

My understanding of this is that EX13 and EX10 in coexistence uses proxy and not redirect. So I can simply switch over EX13 URLs to use my existing EX10 URLs and no additional legacy namespace is required?

Hi,

In you scenario, we can configure the Coexistence URLs by the following suggestions:

For DNS configuration, we need to publish the following DNS records:

Internal DNS

External DNS

Then for Exchange 2010 users, CAS 2013 would proxy the service request to Exchange 2010. For more information about Client Connectivity in an Exchange 2013 Coexistence Environment, please refer to:

http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx

Re

Hi Supra,

As told above Exchange 2013 and Exchange 2010 can share the same namespace, so there is no need to add additional 2007-style namespace. Please see http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx for infrastructure picture examples and configuration guidance.

Regards,
Martin