What is the best way to migrate PDA’s or Tablets from a legacy version of Exchange to Exchange 2010.

Microsoft released November 2010 a great document: Publishing Exchange Server 2010 with Forefront Unified Access Gateway 2010 and Forefront Threat Management Gateway 2010.

One thing that I misted in that document: What is the best way to migrate PDA’s or Tablets from a legacy version of Exchange to Exchange 2010.

In most cases you wil use TMG als a firewall. Between the Internet and your internal Network.

Some weeks ago I did a Exchange 2010 migration en I don’t wanted a big bang scenario.

But I had the all the sort of phone’s that are on the marked today (Iphone, Android, Windows Phone 7.5 and some Windows Mobile phones and all so Ipad’s)

The First thing what is asked my self when design the new infrastructure.

Domain Joining Forefront TMG or Leaving in a Workgroup

In most organizations, the decision whether to domain join the server hosting Forefront TMG your production domain may be one of the most important parts of the deployment.

Forefront TMG deployments are more complex to discuss because Forefront TMG is considered a firewall and can protect the network edge. Domain joining Forefront TMG offers many advantages: it allows certificate based authentication to be used at Forefront TMG, using Kerberos Constrained Delegation to communicate to Exchange; it allows easy use of Active Directory groups and user objects in publishing rules to restrict access; and it provides other benefits. If your are not sure to domain join Forefront TMG, see Debunking the Myth that the ISA Firewall Should Not be a Domain Member.

I thinks that the best practice is to domain join TMG. Because is makes your live a lot easier.

First I created a Exchange 2010 group in the Active Directory.

Second you make the Exchange 2010 group available in TMG

Third you make four rules 2 for Exchange 2010 (OWA & ActiveSync) and 2 for your legacy server of servers (OWA & ActiveSync)

Fourth makes sure that the Exchange 2010 rules are above the legacy rules.

Fith: You change on the Exchange 2010 rules the all authenticated users to Exchange 2010. (After the migration you delete the legacy rules and change on the 2010 rules the Exchange 2010 back to all authenticated users).

pdasync2010pic2

Sixth: When you do a mailbox move you puth the user in de Exchange 2010 group.
Why you thing. When the user is in the Exchange 2010 group the PDA wil use the Exchange 2010 rule. When there user is not in the Exchange 2010 group the legacy rule will do the trick.

I migrated at this way about 300 users with random pda’s and tablets with no downtime at all Knipogende emoticon

Screenshot from the TMG rules.
 pdasync2010pic1

FTP toegang door een ISA 2006 Firewall

1. Firewall Policy –> New –> Access Rule
image

2.
image

3.
image

4. All Protocols –> FTP
image

5. Ik heb hier even gekozen voor dat iedereen mag ftp maar dat kun je natuurlijk ook beperken.
image 
6. We willen natuurlijk wel naar buiten FTP.
image

7. Je kunt dus beperken op gebruiker of op machine naam.
image

8.
image

9. Open vervolgens de FTP Rule.

10. Ga naar het tapje Protocols.
image

11. Edit
12. Tabblad Parameters
13. Haal het vinkje weg bij Application Filers bij FTP Access Filter.
image 

Er zijn meerdere soorten ftp commando’s. De isa server herkent niet alle commando’s. Deze zijn ook niet handmatig toe te voegen. Daardoor werkt FTP niet. Door het FTP access filter uit te schakelen los je dit probleem op.

Error Code: 403 Forbidden. ISA Server is configured to block HTTP requests that require authentication. (12250)

 

Ik had een probleempje met ISA 2006. Ik kreeg telkens de volgende error.

Error Code: 403 Forbidden. ISA Server is configured to block HTTP requests that require authentication. (12250).

Een collega van mij René Jorissen die ook een blog heeft genaamd Booches. Je kunt zijn blog HIER bekijken.

Hij heeft een mooi ARTIKEL geschreven waarin het probleem opgelost wordt. 

Oplossing is als volgt:
To allow Authentication over HTTP go to the Listener configuration. Go to the Authentication tab and Select Advanced. In the next tab enable the option Allow client authentication over HTTP.