Part 6: Prerequisites for Coexistence between Domino and Exchange 2013/Office 365

Published: 2013-10-08
Updated: -
Version: 1.0

This post will focus on having the technical prerequisites ready and in place for a successful Domino/Notes coexistence deployment.

Before going into any details, if you are planning to do have a coexistence scenario between Domino and Exchange, you may consider to use Dell Software’s Coexistence Manager for Notes. One important thing to mention is that there is a requirement from the vendor, to use certified people for the project.

This blog post is based on Coexistence Manager for Notes version 3.5.0.29

Read the other parts:

Part 1: Migrations – Overview
Part 2: Prerequisites for Domino/Notes migrations
Part 3: Migrating Domino/Notes to Exchange 2013 On-premise
Part 4: Migrating Domino/Notes to Office 365
Part 5: Migrating Resources Mailboxes, Mail-In databases and Groups
Part 7: Configuring Coexistence Manager for Notes with Exchange 2013 On-premise
Part 8: Configuring Coexistence Manager for Notes with Office 365
Part 9: Prerequisites for Migration Manager
Part 10: Migrating User Mailboxes from Exchange 2003 to Exchange 2013 using Migration Manager
Part 11: Migrating User Mailboxes from Exchange On-premise to Office 365

Service Accounts

Some service accounts are needed when using the coexistence software, as outlined below.

Mail connector

No specific account with permissions is required.

Free/Busy

For looking up the free/busy information, we need read access on both sides. One regular Exchange mailbox/Office 365 mailbox and one regular Domino mailbox.

One thing to keep in mind when established coexistence between on-premise Domino and Office 365 is that an additional namespace needs to be introduced for having the requests to use Autodiscover and find the route back. If that for any reason can’t be implemented a hybrid solution is the only possible way of solving it. More info about this in the upcoming post.

Directory connector

The service account used for directory sync should be a member of the Domain Admin and Organization Management groups to provide the rights to Active Directory (or delegated write permissions to the specified OU).
On the Domino side, a regular account can be used with read permissions through LDAP to the different address books that should be synced. Write permissions is only required if synchronization should take place from AD to Domino. Note that the Internet password needs to be configured for this account.

One thing to keep in mind is that synchronizing the Domino objects directly to Office 365 is not supported. However, this can be done in a two-step procedure by directory synchronizing them from Domino into the local Active Directory and then use the Microsoft Office 365 dirsync tool for having them in Office 365.

Note: Target Active Directory server must have the Exchange schema extensions for being able to create mail contacts.

Availability Address Space

One thing that’s required for free/busy lookups is that the availability address space is configured. This is done either in the on-premise Exchange or Office 365.

The cmdlet for doing it on-premise:

Add-AvailabilityAddressSpace -ForestName <smtpdomain>
-AccessMethod OrgWideFB

For doing this in Office 365, run the following cmdlet:

New-AvailabilityConfig –OrgWideAccount questmsn
$domain = "<YourHostDomain>.onmicrosoft.com"
$adminUserId = "<YourID>"
$adminCredsId = "<YourUserName>"
$adminCredsPassword = "<YourPassword>"
$securePassword = ConvertTo-SecureString
$adminCredsPassword -AsPlainText -Force
$adminCreds = New-Object
System.Management.Automation.PSCredential($adminCredsId,$securePassword)
Add-AvailabilityAddressSpace -AccessMethod OrgWideFB -ForestName
<YourDomain.com> -Credentials $adminCreds -TargetAutodiscoverEpr
'https://autodiscover.<YourDomain.com>/autodiscover/autodiscover.xml'
Office 365

If CMN is using in an on-premise deployment, I would recommend or at least consider using internal PKI for the certificate, since the certificate chain can easily be deployed using Group Policy’s.

But in the case of having coexistence between on-premise Domino and Office 365, the freebusy requests to the CMN server(s) will come from an external part (Office 365) and they don’t trust your internal PKI solution, so it’s a requirement of buying a certificate from a trusted root vendor.

SQL Server

With version 3.5.x of Coexistence Manager for Notes (CMN), now uses SQL Server for its configuration and collected data.

The Native Client needs to be installed together with SQL Server 2005 or SQL Express 2005, or newer.

In my lab environment, I’m running SQL 2008 R2 Express on my Coexistence server. In larger environments, the databases can be placed onto a SQL cluster/server instead of having them locally.

If you, however, choose to use SQL Express, make sure to take backups of the databases.

Lotus Notes client

If you are going to use the ActiveMail feature, I recommend using the Lotus Notes version 8.0.0 (Basic version, Eclipse is not supported). However, Lotus Notes version 7.0.3 and 7.0.4 can also be used if you don’t have the 8.0.0.

The installation of Lotus Notes should be done in single-user mode.

.NET Framework 4

Make sure to install the .NET Framework 4 since this is a prerequisite for CMN. I would also recommend upgrading it with the latest service pack level.

Internet Information Services (IIS)

Install IIS together with the ASP.NET 4.0 feature and use a certificate with a matching “CN” name for the Quest Autodiscover Host Name value.

This certificate is used when clients sends its requests between the systems.

Antivirus

There are NO known folders that should be excluded from the Antivirus file-level scanning

Regional Settings

For being able to install the software, be aware that regional settings and language settings need to be configured to “English”.

Windows Firewall

It’s recommended to turn OFF the Windows Firewall for all CMN servers. If that’s not possible, make sure to open all the needed ports. The port list can be found below.

User Account Control (UAC)

It’s recommended to disable UAC on all CMN servers.

This is done in the Control Panel under User Accounts, Change User Account Control settings.

Make sure to set it to “Never notify” and restart the sever before installing the software.

Data Execution Prevention (DEP)

It’s recommended to disable DEP, so make sure to do that.

If you’re using Windows 2008 R2 like I do, then you disable DEP by running:

"bcdedit /set nx AlwaysOff"

Also, make sure to restart the server when this is done to allow it to take effect.

Network Ports
Port In/Out Type Source Target Description
25 In SMTP Domino/Exchange CMN Server(s) Incoming SMTP
25 Out SMTP CMN (SMTPl) Domino/Exchange Outgoing SMTP
389 Out LDAP CMN (Dirsync) Active Directory DCDomino LDAP Server LDAP
3268 Out LDAP GC CMN (Dirsync) Active Directory DC LDAP GC
636 Out LDAPS CMN (Dirsync) Active Directory DC LDAPS LDAPS
3269 Out LDAPS CMN (Dirsync) Active Directory DC LDAPS LDAPS GC
80 Out HTTP CMN (Freebusy) Exchange CAS servers HTTP
443 Out HTTPS CMN (Freebusy) Exchange CAS servers HTTPS
80 In HTTP Exchange CAS servers, Office 365 CMN (Freebusy) HTTP
443 In HTTPS Exchange CAS servers, Office 365 CMN (Freebusy) HTTPS
8900 Out Availability Service Domino Qcalcon server Exchange CAS servers Availability
8960 In Qcalcon Domino Qcalcon server CMN (Freebusy) Qcalcon
8961 In Qcalcon Domino Qcalcon server CMN (Freebusy) Qcalcon
1352 Out Domino CMN (Freebusy, Dirsync) All Domino servers Freebusy lookup
8962 Out PF Reader CMN (Freebusy) Exchange PF Exchange reader service
1433 In SQL CMN servers CMN SQL instance SQL
Notes from the field

Network Monitoring or Wireshark may sometimes be your best friend during troubleshooting network connectivity.

Portqry is another tool that could be of great value during initial network verification.

A good log reader, my favorite is the old tool that was included in the SMS 2003 resource kit called trace32.exe. It can be downloaded here.

Read the other parts

Part 1: Migrations – Overview
Part 2: Prerequisites for Domino/Notes migrations
Part 3: Migrating Domino/Notes to Exchange 2013 On-premise
Part 4: Migrating Domino/Notes to Office 365
Part 5: Migrating Resources Mailboxes, Mail-In databases and Groups
Part 7: Configuring Coexistence Manager for Notes with Exchange 2013 On-premise
Part 8: Configuring Coexistence Manager for Notes with Office 365
Part 9: Prerequisites for Migration Manager
Part 10: Migrating User Mailboxes from Exchange 2003 to Exchange 2013 using Migration Manager
Part 11: Migrating User Mailboxes from Exchange On-premise to Office 365