This article is an excerpt from the Exchange Server 2010 to 2013 Migration Guide.
With all of the services and data migrated to Exchange Server 2013 we can begin the removal of the legacy Exchange servers from the organization.
Exchange servers must be correctly uninstalled from an organization to avoid future issues due to orphaned objects. It is not enough to simply shut down the server.
Aside from your own regular server decommissioning steps such as taking a final backup, removing from monitoring systems, disposing of hardware etc, the Exchange Server application itself needs to go through a few simple decommissioning steps. These will depend on the server roles that were installed, but can generally be broken down as follows.
Note: When you remove the last Exchange 2010 server from the organization any Exchange 2010 management tools (eg on admin workstations) will stop working (although the management shell may still connect to Exchange 2013 servers). This may seem obvious, but I have seen people be surprised by this. By the time you are removing the last Exchange 2010 server all of your administrators should be using the Exchange 2013 management tools.
Edge Transport Servers
To decommission an Exchange 2010 Edge Transport server verify that no more mail is flowing through the server. This is achieved by configuring transport and cutting over SMTP namespaces. You can use protocol logs and message tracking logs to verify this.
In a typical case you may still see some traffic hitting the server. This could be due to incoming SMTP connections still hitting the server, eg spammers hitting an open firewall port that still allows access to that server. Or it may be due to the occasional outbound email still routing over that Edge subscription. Review any evidence of ongoing email traffic and either address it or choose to ignore it and proceed with the decommissioning anyway.
Before an Edge Transport server can be uninstalled the Edge Subscription must be removed, which can be done from the Exchange Management Console.
And from the Exchange Management Shell on the Edge Transport server run Remove-EdgeSubscription.
[PS] C:\>Get-EdgeSubscription Name Site Domain ---- ---- ------ HO-EX2010-EDGE exchangeserverpro... [PS] C:\>Remove-EdgeSubscription HO-EX2010-EDGE Confirm Are you sure you want to perform this action? Removing Edge Subscription "HO-EX2010-EDGE". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y Confirm Do you want to remove recipients? You don't need to remove the recipients that have already synchronized to this Edge server if you will re-subscribe it to the same organization. This would improve the performance of Edge synchronization when you re-subscribe. [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y
Launch the uninstall from Programs and Features in the Control Panel. If the readiness check passes you can click Uninstall to complete the process.
Client Access Servers
Client Access servers can be removed when they are no longer serving any client requests. This is achieved by completing the cutover of the client access namespaces to Exchange Server 2013.
You can verify that no more traffic is hitting the Client Access server by reviewing the IIS logs on the server. Note that you will likely see continued hits in the logs from the Exchange 2013 servers themselves, or from any connections to the /PowerShell virtual directory by administrators.
If there is too much log data to analyse visually you can use Log Parser to determine which users (if any) are still making connections to the server. For example:
C:\Program Files (x86)\Log Parser 2.2\>logparser "select Count(cs-username) as Count, cs-username as Username from 'C:\inetpub\logs\logfiles\w3svc1\*.*' group by Username order by Count(Username)" -i:IISW3C Count Username ----- -------------------- 0 - 598 ESPNET\Administrator Statistics: ----------- Elements processed: 100861 Elements output: 2 Execution time: 0.27 seconds
Just be aware that querying a wildcard like ‘C:\inetpub\logs\logfiles\w3svc1\*.*’ will return results from any log file in that directory, which may be months or even years worth of log data. You can refine the search by removing older log files from the directory, or changing the query to only search file names of a smaller date range, eg ‘C:\inetpub\logs\logfiles\w3svc\1u_ex1407*.*’.
If the server is a dedicated Client Access server then you can launch the uninstall from Programs and Features in Control Panel and uninstall it. If it is a multi-role server you may wish to wait until you’ve verified all roles are ready to be uninstalled before doing them all together.
Hub Transport Servers
Hub Transport servers can be removed when there is no more email traffic passing through them, and they are not the source Transport server for any Send Connectors. As with the Edge Transport role you can use protocol logs and message tracking logs to verify this.
Because internal traffic may still be traversing the server you may still see some hits, particularly larger organizations where multiple routes exist between internal sites. The presence of a relay connector on the server could also be an indication that it is still in use by production systems that require SMTP.
But generally speaking, if there are no mailboxes or public folders still in the site, and no DNS aliases still pointing at the site for internal SMTP usage, then you can proceed with the uninstallation.
As a precaution you may consider pausing or stopping the Microsoft Exchange Transport service on the server for a period of time to verify that the server removal will have no impact on production services.
If the server is a dedicated Hub Transport server then you can launch the uninstall from Programs and Features in Control Panel and uninstall it. If it is a multi-role server you may wish to wait until you’ve verified all roles are ready to be uninstalled before doing them all together.
Mailbox Servers
Mailbox servers an be uninstalled when they no longer host mailboxes or public folders, are not members of DAGs, and are not responsible for generating offline address books.
The legacy offline address books can be removed from the organization when there are no more Exchange 2010 mailbox users. Exchange 2013 mailbox users will be using the new OAB created by Exchange 2013 setup.
Public folder databases can be removed if the migration of public folders to Exchange 2013 is complete. You can remove the databases using PowerShell, for example:
[PS] C:\>Get-PublicFolderDatabase -Server BR-EX2010-MB | Remove-PublicFolderDatabase Confirm Are you sure you want to perform this action? Removing public folder database "PF-BR-01". [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y WARNING: The specified database has been removed. You must remove the database file located in C:Program FilesMicrosoftExchange ServerV14MailboxPF-BR-01PF-BR-01.edb from your computer manually if it exists. Specified database: PF-BR-01
Mailbox databases can be removed if the mailbox migration to Exchange 2013 has been complete. Again, you can use PowerShell to remove them.
[PS] C:\>Get-MailboxDatabase -Server BR-EX2010-MB Name Server Recovery ReplicationType ---- ------ -------- --------------- MB-BR-01 BR-EX2010-MB False None MB-BR-02 BR-EX2010-MB False None [PS] C:\>Remove-MailboxDatabase MB-BR-01 Confirm Are you sure you want to perform this action? Removing mailbox database "MB-BR-01". [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y WARNING: The specified database has been removed. You must remove the database file located in F:DataMB-BR-01MB-BR-01.edb from your computer manually if it exists. Specified database: MB-BR-01 [PS] C:\>Remove-MailboxDatabase MB-BR-02 Confirm Are you sure you want to perform this action? Removing mailbox database "MB-BR-02". [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y WARNING: The specified database has been removed. You must remove the database file located in F:DataMB-BR-02MB-BR-02.edb from your computer manually if it exists. Specified database: MB-BR-02
For DAG members the approach is a little different. The process involves:
- Removing database copies from the server (unless it is the last DAG member hosting the single copy of the databases)
- Removing the server from DAG membership
- Removing the databases from the standalone server
- Uninstalling Exchange from the standalone server
- Removing the DAG object from the organization
For example, removing database copies from HO-EX2010-MB2, first move any active database copies to another DAG member.
[PS] C:\>Move-ActiveMailboxDatabase -Server HO-EX2010-MB2
Verify that the server only hosts passive database copies. You should see no “Mounted” status in this output.
[PS] C:\>Get-MailboxDatabaseCopyStatus -Server HO-EX2010-MB2 Name Status CopyQueue ReplayQueue LastInspectedLogTime ContentIndex Length Length State ---- ------ --------- ----------- -------------------- ------------ MB-HO-01HO-EX2010-MB2 Healthy 0 0 7/25/2014 10:35:27 AM Healthy MB-HO-04HO-EX2010-MB2 Healthy 0 0 7/25/2014 10:35:21 AM Healthy MB-HO-02HO-EX2010-MB2 Healthy 0 0 7/25/2014 3:08:47 PM Healthy
Remove the database copies from the server.
[PS] C:\>Get-MailboxDatabaseCopyStatus -Server HO-EX2010-MB2 | Remove-MailboxDatabaseCopy
If you are removing the second last DAG member you’ll first need to turn off DAC mode.
[PS] C:\>Set-DatabaseAvailabilityGroup -Identity dag-headoffice -DatacenterActivationMode Off
Remove the server from the DAG.
[PS] C:\>Remove-DatabaseAvailabilityGroupServer -Identity dag-headoffice -MailboxServer HO-EX2010-MB2
You can then proceed with the uninstall.
When all members have been removed from the DAG you can also remove the DAG object itself.
[PS] C:\>Remove-DatabaseAvailabilityGroup dag-headoffice
Wish all Exchange 2010 servers uninstalled the migration from Exchange 2010 to Exchange 2013 is complete.
For more information see the Exchange Server 2010 to 2013 Migration Guide.
my old exchange 2010 server still shows up in ecp even though i properly disabled all features and uninstalled it from an OLD SBS server during migration phase… now in exchange 2016 ecp i still see my exchange 2010 … why 🙁 ?
Hi, we had exchange 2003 servers and upgraded to 2010 and now we do not have any 2003 in the environment , now Distribution Group Message Moderation does not work the error is as below.
Warning: Messages routed through legacy exchange servers won’t be moderated please upgrade all your hub servers to exchange 2010 to ensure messages sent this group are moderated.
I believe I’ve had that issue before where the data does not refresh. I would try restarting the information store on the Exchange 2010 server (can impact production if 2010 is still in your SMTP path or has any mailboxes). You may also try removing your completed move requests. The other solution that I recollect is attempting to move the mailboxes again, which fails, but refreshes the data. Ultimately I would not be overly concerned about this issue. If you’re mailboxes show as being on the correct server in Exchange 2010 Management Console or Exchange 2016 Admin Center then you should be good to go. Hope this helps,
– Enterpriseit.co
Hi Paul,
Thanks for the wonderful article as usual.
I have migrated all mailboxes from 2010 to new exchange 2016 server. However, when querying Get-Mailboxstatistics -Server EX10, the mailboxes are still shown in 2010 databases. Can you please advise on this ?
Samy,
I’ve had the same problem after moving my mailboxes from EXCH2010 to EXCH2016. Unfortunately, the workaround was restart Information Store on the EXC2010 MBX Server where the mailbox was previously running. After notify Microsoft about this issue, they asked me to update the EXCH2010 to RU16 (Running on RU13 previously and the EXCH2016 to CU4 (Running on CU3 previously) and the problem stopped after it, but I can’t say if the issue was fixed by the the RU and CU applied or it was fixed just because I refreshed all my servers (reboot needed after RU/CU installation).
Tks.
Pingback: Decommission Exchange Server after Office 365 Migration
Hello Paul.
I migrated all my servers from Exchange 2010 to Exchange 2016. After validate everything, I decom my Exchange 2010 servers. But I forgot about the backup/restores. Now I need to install at least a Exchange 2010 again on the organization. Is it possible? I downloaded the Exchange 2010 SP3 on a server, installed all pre reqs and no failures or warnings were reported. But before I install it, I want a second opnion. For now, tks a lot Paul.
I think it isn’t supported to re-introduce a legacy Exchange version like that. If you need to restore something from an Exchange 2010 database take a look at Veeam Explorer for Exchange.
Hello Paul,
We have a plan to decommission the Exchange on premises 2010 , we have 4 CAS and 4 MB server to be removed and we should retain 2 hybrid servers, All Mailbox has been migrated already to cloud , can you please give the procedure like auto discover , OAB and other stuffs has to move to hybrid servers.
Thanks,
Basky
Hello Paul,
We have a plan to decommission the Exchange on premises 2010 , we have 4 CAS and 4 MB server to be removed and we should retain 2 hybrid servers, All Mailbox has been migrated already to cloud , can you please give the procedure like auto discover , OAB and other stuffs has to move to hybrid servers.
Thanks,
Basky
Paul,
Thank you very much for the information. I have successfully decommissioned 2010 servers with Mailbox, Client Access, Hub Transport server roles.
Working on decommissioning 2007 Edge Transport Servers
Thanks,
Dan
I have decommissioned all Ex10 servers. It looks like “Remove-ClientAccessArray” command is not available in Ex13 PowerShell. Should I remove using ADSI Edit or just leave them? –thanks
Interesting. Turns out I’ve just left it as is on previous projects. I wouldn’t do anything in ADSIEdit.
Paul,
I will leave it as is.
Your scripts, articles and classes were a real blessing for me!
Thanks,
Peter
Paul,
Thanks for the great article.
After migrating to Ex13 and uninstalling CAS roles from all Ex10 servers I still have two CAS arrays left with no members in them. Is it safe to remove those?
Thanks,
Peter
I would just leave it to the very end when all Exchange 2010 servers are fully decommissioned.
Hi,
User migration from 2010 to 2013 is completed and I am about to decommission 2010 servers (2 x MBX servers are physical, 2 x CAS/HT and 2 x UM are Virtual).
I have a requirement to be able to restore to PST for the next million years from 2010 and trying to work out my options:
1. Is it possible to decommission all of 2010 and if required later just stand up 1 multi role 2010 server and use PowerShell to export to PST ?
Or
2. Can I keep one of our current 2010 virtual servers (CAS) install MBX role on it and create a Recovery DB and just have it offline until required.
Is there any articles that you know of that can help me come up with an appropriate solution without 3rd party tools.
Also wondering if we had to keep 2010 in play at all for this, would this cause issues if we move to 2016 next year for example, (any issues with having multiple (3+) versions of Exchange in play. ?? It doesn’t sound pretty, my thoughts are to avoid…
Many thanks,
Some backup products can restore the DB and open it to extract data without requiring an Exchange server. So you might not need one at all.
Another option is being ready to stand up a 2010 server in an isolated temporary environment that matches the production one in terms of AD forest, domain, Exchange org etc.
Keeping an old server around on the off chance that a restore might be necessary is going to be a pain in the long run.
Hi- I’m finally at this phase of the project (Yay!) I’m not clear on the first step about removing the Edge Subscription from 2010. I actually didn’t subscribe the 2010 Server to Edge, it was using the 2010 Edge Transport role on the same box. But when I do Get-EdgeSubscription, my 2013 Edge Server shows up. And if I remove the Edge Subscription that is displayed in the 2010 ECP, it removes the subscription for the organization (2013 Edge)… Can you tell me what I’m missing (i.e. not understanding)? -Thanx
Oh…. Also, all Exchange services have been stopped and disabled on the 2010 server for several weeks and all mail flow is working as expected in the 2013 environment.
Hi Paul,
Very helpful article, I was hoping I could ask you a question regarding RpcClientAccessServer attributes. We migrated to 2013 and currently planning decommissioning 2010, I see that all 2013 databases are listing the 2010 CASARRAY as the RpcClientAccessServer, would you know if we need to do anything with this value given the fact that we will be decommissioning the 2010 environment soon? Thank you.
You can ignore it. Exchange 2013 mailbox users connect via Outlook Anywhere, so the RPCClientAccessServer is no longer used.
Got it, thank you again.
The RpcClientAccessServer value will be removed when you run Remove-ClientAccessArray -Identity “NAME”
Before uninstalling Exchange 2010 from all Exchange 2010 servers, remove the client access array with that cmdlet. The command is not available in 2013/2016.
Not a big deal if you missed it since RpcClientAccessServer seems to be ignored in Exchange 2013/2016.
I believe an unsupported way to fix this would be to remove the Client Access Array from the exchange organization using ADSIedit.msc and then I bet future databases you create won’t have the RpcClientAccessServer value set.
Hi Paul!
Nice article.
Just migrated all my 2010 mailboxes to 2013.
One question: In my environment I’ve two public folder databases (each server of my 2 node DAG) but public folders are not used. I want to ensure I can avoid migrating the public folders to 2013 without breaking, free&busy data or any other feature it depends on…
How could I ensure I have no need at all of maintaining the public folders?
Thanks!
Simply decommission your PF databases instead of migrating them to 2013.
Hi Paul, First thanks for this great website. I have done two successful migrations with the help of this website and your books. Everything has been transferred to 2013 but below messages are still being logged in IIS on the old Exchange 2010 server.
Below messages are only appearing for users connecting with Outlook 2007 V 12.0.6728 which is supported and working fine with Exchange 2013. Should I be worried about them or can go ahead and decommission the old server?
All mailboxes, OAB, send connectors etc are functional on the new server. No message has been logged for send or receive connectors on the old server and mail flow is all through the new server.
Internal DNS records have been set up to point to the new 2013 server and Outlook Proxy Setting has been set up to connect to the new server.
192.168.0.44 HEAD /rpc/rpcproxy.dll EXCHANGE2010.TESTDOMAIN.local:6001 443 TESTDOMAINpeter 192.168.0.55 MSRPC 200 0 0 0
192.168.0.44 POST /Autodiscover/Autodiscover.xml – 443 TESTDOMAINpeter 192.168.0.136 Microsoft+Office/12.0+(Windows+NT+6.1;+Microsoft+Office+Outlook+12.0.6728;+Pro) 302 0 64 15
192.168.0.44 POST /Autodiscover/Autodiscover.xml – 443 TESTDOMAINpeter 192.168.0.136 Microsoft+Office/12.0+(Windows+NT+6.1;+Microsoft+Office+Outlook+12.0.6728;+Pro) 302 0 64 15
192.168.0.44 HEAD /rpc/rpcproxy.dll EXCHANGE2010.TESTDOMAIN.local:6001 443 TESTDOMAINpeter 192.168.0.55 MSRPC 200 0 0 0
192.168.0.44 HEAD /rpc/rpcproxy.dll EXCHANGE2010.TESTDOMAIN.local:6001 443 TESTDOMAINpeter 192.168.0.55 MSRPC 200 0 0 0
192.168.0.44 HEAD /rpc/rpcproxy.dll EXCHANGE2010.TESTDOMAIN.local:6001 443 TESTDOMAINpeter 192.168.0.55 MSRPC 200 0 0 0
192.168.0.44 HEAD /rpc/rpcproxy.dll EXCHANGE2010.TESTDOMAIN.local:6001 443 TESTDOMAINpeter 192.168.0.55 MSRPC 200 0 0 15
192.168.0.44 HEAD /rpc/rpcproxy.dll EXCHANGE2010.TESTDOMAIN.local:6001 443 TESTDOMAINpeter 192.168.0.55 MSRPC 200 0 0 0
Well… who is “Peter” in those log entries? Anything special about that user?
Massive thank you Paul for an excellent series of articles. These and the rest of the background information on this site have been invaluable. Clear and concise unlike the Microsoft documentation.
Just completed a 2010 – 2013 DAG migration. It didn’t go without a hitch, but these things never seem to go quite to plan, but often I’d find the answers in the comments below the article.
Great series of articles Paul regarding migrating Exchange 2010 to Exchange 2013 – thanks!
We are trying to decomission our EX2010 (old SBS 2011) after migrating all mailsboxes to the new EX2013, but unable to delete the old database using “Remove-MailboxDatabase ex2010-servername” – I get an error mentioning that the DB has at least 1 mailbox. Running “Get-Mailbox -Database ex2010-db” confirms that the database still have all the old mailboxes.
I have tried “Move-ActiveMailboxDatabase -Server ex2010-servername” but I get an error that the server is in not in a database availability group. When I run “Get-MailboxDatabaseCopyStatus -Server ex2010-servername” it still shows a ‘mounted’ status.
We would like to deinstall Exchange 2010 from the old SBS 2011 – but running into these problems. Any ideas?
Many thanks, Oliver
Good article. We did this from 2007 to 2013 though. Came here from a google search. Our issue isn’t negatively affecting any end user or operation at all. Howerver I just want to get rid of the event log spam every 15 minutes.
Our legacy 2007 exchange migration has been completed. It has been cleanly uninstalled and the server removed from the domain.
For whatever reason in Exchange 2013 we are still getting these event message periodically.
EVENT #
3769234
EVENT LOG
Application
EVENT TYPE
Warning
OPCODE
Info
SOURCE
MSExchange Front End HTTP Proxy
CATEGORY
Core
EVENT ID
3005
DATE / TIME
3/12/2015 10:30:08 AM
COMPUTERNAME
EMAIL
MESSAGE
[Ews] Marking ClientAccess 2010 server mail.diamondcu.com (https://mail.domain.com) as unhealthy due to exception: System.Net.WebException: The operation has timed out at System.Net.HttpWebRequest.GetResponse() at Microsoft.Exchange.HttpProxy.ProtocolPingStrategyBase.Ping(Uri url)
We get 8 of these messages every so often, and each one is a slightly different tail end of the URL: /PowerShell, /owa/Calendar, /rpc/rpcproxy.dll, /owa, /ecp, /OAB, /Microsoft-Server-ActiveSync, /EWS.
Some of those aren’t even available in Exchange 2007!
I double checked in 2013 ECP and there are no other exchange servers found besides the 2013 one.
Running Get-WebServicesVirtualDirectory only shows the proper 2013 exchange server. So no where should it be thinking the old server needs a health check.
How can I clean up these periodic event log messages?
Did you ever figure out what was causing this?
Love all your Exchange articles/how-tos. One thing I am having trouble finding is how to remove the requirement to enter the client version after decommissioning our last Exchange 2010 server. (i.e. https://exchangeserver/ecp/?ExchClientVer=15.
Thanks again
Hey there Paul,
Excellent article. Question – I am in the migration phase, just about wrapped up. One thing I have noticed since the start of migrations, is all mailboxes still connect to the old server first, then back to the new.
My exchange servers are at different locations, ran in co-existence, over a VPN tunnel. So if a migrated user at the new server site (site B) opens Outlook, it will make connections to the old server site (site A), first, then to site B where its actual mailbox sits.
Since I am going over a tunnel, this makes for a slow Outlook experience for all migrated users. Further – if the tunnel goes down, no one can access email via Outlook.
At what point in your guide/steps does Outlook finally realize to stop bouncing off the old server and only connect to the new where the mailboxes are?
Thanks,
Jim
When I say connect – I mean in the Outlook “Connection Status” screen. All rows show my proxy as the correct address… mail.domainname.com, but then in server name there are a handful of connections, including the very first made as Outlook opens, that still point to old server. My DNS isn’t doing this – so what is?
Thanks,
Jim
Probably Autodiscover requests/queries. I would review your Autodiscover namespace again.
Paul, very much thanks for the information you are providing here. I have successfully completed my exchange 2013 migration and decommissioning of 2007. However, one thing baffles me is that all outlook clients, in the server address still shows the same temporary server and not the dns name. i.e. here is the existing server name f5894395-1313-4011-948f-519602bf8ebe@companydomain.com as suppose to exchange2013@companydomain.com
Any help would be greatly appreciated.
That is normal for Exchange 2013.
After uninstalling Exchange 2010, I’ve found that the Exchange 2010 Server and virtual directories still show up in EAC under Servers>Virtual Directories. Have you ran into this?
Thanks,
Chris
No. You’re sure the uninstall was successful? Have you checked whether the same objects are visible in PowerShell as well?