Difference between revisions of "MTK SystemPreparation"

Revision as of 19:05, 23 June 2017

System Preparation

Configure Directory and Email Systems

We will be connecting two dissimilar systems and to do that we need to connect where things are coming from to the places they will go.

If the directory and email systems are not properly configured the migration will not succeed. There are many steps and several pieces information that need to be recorded from the directory and email systems for entry into the Migration Toolkit.

Create a document to organize this data.

Configure eDirectory/LDAP and GroupWise

These items will be essential in the configuration of the MTK. Have these ready before launching the software.

1. If using eDirectory, Make sure the LDAP server on GroupWise is configured, and can be accessed.

Note down the following information to be used with the MTK:

• LDAP IP Address
• LDAP Port (default is 398)
• User Name and Password to access LDAP (i.e. admin). Must be an FDN (look at properties of the admin user in LDAP, or LDAP Browser). For example: cn=John Doe, ou=users,o=domain
• Base DN of the server that will search for users. This will be the container level, or higher, where all of the users will exist. (Right click the container and click on properties). For example: dc=users, dc=com.
• Tree Name: Note the name of your tree at the top level. This will be needed for licensing. (If you do not have a tree name just make one up for the license.)

2. Be sure SOAP is enabled on GroupWise Post Office Agent. Write down the following for GroupWise:

• SOAP IP address of primary post office.
• SOAP port for primary post office (default is 7191)
• Client Port for Primary post office (default is 1677)

3. Create a Trusted Application Key to use for the MTK. Copy the name of the key and the key to a file that can easily be accessed. This will be required for the license and the program. This is case sensitive.

• Key Name
• Key

4. Run GWCheck on all post offices in the system. Be sure to run the stand alone utility, not the automated GWCheck. Run it with Content/Analyze/Fix to clean any issues with mailboxes, or email messages. In larger systems, this may take significant time. This is a very important step as corrupt data will not be able to be migrated. Even with this step there is no guarantee that all data will be able to be migrated, but the cleaner the data the better.

• GWCheck complete

Configure Exchange/O365 and Active Directory

1. Create a Global Administrator Account in Exchange or Office 365. (This is used to gain access to Exchange/Office 365)

• Administrator Account Name
• Password

2. Create an Impersonation Account E-mail in Exchange or Office 365. (This is used to log into the mailboxes and access their messages.)

• Impersonation Account Name
• Password

3. Create ApplicationImpersonation Role and add the Impersonation user to it.

• ApplicationImpersonation rights enabled (EAC: Permissions/Admin Roles/New Role)
• Impersonation Account added as Member

4. Make sure you can access, as an administrator, the Active Directory. Note down the following information:

• IP Address of Active Directory
• Active Directory Domain name used for logon. (This is found under AD Users and Computers, right-click on the domain to view Properties, under General: Domain name (pre-Windows 2000)).
• Administrator user name
• Administrator password
• Default Context
• Mailbox DB (This is found by enabling Advanced Features (View | Advanced Features) finding the administrator account, and going to properties. Then click on Edit Attributes. Look for the FDN and it will show the Mailbox DB in the same line.)

5. Make sure you can access the Exchange/Office 365 Administration Center. Note down the following information:

• IP Address of Exchange or Office 365 and the Host-name
• Domain Name

6. Set throttling policy to unlimited. This ensures that Microsoft Exchange will not halt the migration process because too many items are coming into the system.

• Open Microsoft Exchange Management Shell.
• Type these commands to create a policy called GWAVAUnlimited:

New-ThrottlingPolicy GWAVAUnlimited

Set-ThrottlingPolicy GWAVAUnlimited –RCAMaxConcurrency Unlimited  -EWSMaxConcurrency

Unlimited –EWSMaxSubscriptions Unlimited –CPAMaxConcurrency Unlimited –EwsCutoffBalance

Unlimited –EWSMaxBurst Unlimited –EwsRechargeRate Unlimited

Set-Mailbox [Retain impersonation account] –ThrottlingPolicy GWAVAUnlimited

Set-ThrottlingPolicy GWAVAUnlimited –ThrottlingPolicyScope Organization

(Organization level will affect all mailboxes associated with the impersonation account).

• View the throttling policy by typing:

Get-ThrottlingPolicy –Identity GWAVAUnlimited | Format-List

7. Set Throttling Policy on IIS/Exchange Size Limits: By default, Exchange will refuse the messages over a certain size. The size limit needs to be increased.

• Go into IIS Manager, select Default Web Site. Under Management, select Configuration Editor.
• Under system.WebServer, expand that, then security, then authentication. Select requestFiltering
• Under requestLimits change maxAllowedContentLength to a large number. Add a few 0s, this will be in bytes.
• Change Timeout: In IIS Manager, select  Default Web Site then click on Limits  on the right side.
• Change the Connection time-out to a larger number. Add a few more 0s.

8. Create an SMTP Relay: This is used for calendar items and tasks. Without it, calendar items and tasks may not be migrated, nor processed. This can be done on any server that the MTK can access.

• Launch Server Manager. Click Add Roles and Features
• Click Next until you get to Features, and select SMTP Server. Install the service.
• Configure the SMTP Service
  • Launch IIS Manager 6.0
  • Expand and go to Properties of the SMTP Virtual Server
  • Enable logging
  • In Access Tab, click on Connection then Add. Add in the MTK IP address.
  • Click Relay and add the MTK IP Address
  • In Messages Tab, uncheck all of the boxes.
  • In Delivery Tab, click Advanced. Enter in the FDN of the Exchange server.
  • Enter in smarthost, and click the box, "Attempt direct delivery before sending to smart host."  
• Disable Firewall or add a rule to allow the SMTP connection.
  • Launch Windows Firewall
  • Right click on Inbound rule and select New Rule
  • Select Port
  • Type in 25 – Allow the Connection – Uncheck Public – Name the rule
  • Restart SMTP service.

9. Enable Basic Authentication on all CAS servers, using one of the following methods

1. In Exchange Admin Center:

• • Servers | Virtual Directories | EWS
  • Servers | Virtual Directories | Autodiscover

1. In IIS Manager:

• • IIS Manager | Server | Sites | Default Web Site | EWS | Authentication
  • IIS Manager | Server | Sites | Default Web Site | Autodiscover | Authentication

1. Using PowerShell:
   1. EWS:

Get-WebServicesVirtualDirectory | ft server,basicauthentication

Set-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -BasicAuthentication $true

1. 1. Autodiscover:

Get-AutoDiscoverVirtualDirectory | ft server,basicauthentication

Set-AutodiscoverVirtualDirectory -Identity 'autodiscover (Default Web Site)' -BasicAuthentication $true

• Basic Authentication enabled

10. Enable Autodiscover (need to contact Microsoft for Office 365). Also be sure that firewalls or proxies are not going to block autodiscover. If a user has multiple domains for their emails but only one for their Active Directory they will need to update their DNS SRV file to support autodiscover.

• Autodiscover enabled

11. Check Autodiscover by running the connectivity tester providing by Microsoft: [1]

• Autodiscover active

12. Default EWS URL

• Exchange:
  • Using PowerShell:
    • Open the Exchange Management Shell (EMS)
    • Run the command:

Get-WebServicesVirtualDirectory |Select name, *url* | fl

• Using Outlook:
  • Have Outlook in the system tray
  • Press Ctrl and right-click on Outlook
  • Select "Test E-mail Auto Configuration" from the menu
  • Enter an email address on the Exchange server
  • Click Test
  • EWS URL is the "Availability Service URL"

• O365:
  • Browse to the Microsoft test connectivity tool (https://testconnectivity.microsoft.com)
  • Under the Office365 tab select Outlook Connectivity test
  • Once the test is complete Expand all and search for "EwsUrl" which should result in something like "https://outlook.office365.com/EWS/Exchange.asmx"

Tips

When running the Email Migration, if the Toolkit states you don’t have JAVA the toolkit will download it. However, the toolkit will only download the 32-bit version instead of the 64-bit version. Be sure to go and download the 64-bit version manually, if you are on a 64-bit OS.

If you try to launch Email Migration and it does nothing, it means that you don’t have JAVA 64-bit installed. Download the JAVA 64-bit version manually.  

If a user is not attached to an eDirectory object, the Toolkit will not migrate the user.

---

Back to MTK_Setup