wesleyjones
asked on
Exchange 2007 Swing Migration Setup Help Needed
I am still in the process of a swing migration from Exchange 2003 to Exchange 2007 this weekend. I have all of the user 120 mailboxes moved to the Exchange 2007 box. My Outlook, Entourage clients are connecting successfully. I have the one Exchange 2007 box and the Exchange 2003 swing box. I have removed the connectors between the 2003 and 2007 boxes. Here are the items I still need help with:
1) When I opened up the firewall to allow incoming and outgoing SMTP traffic, I noticed the mail queues were being flooded with traffic from outside? our network. This is strange because I only allow port 25 traffic in (via a Watchguard firewall rule) from Postini (our provider that cleans up the mail before it gets to us). I need to make sure that our server is not an open relay. How does the receive connector need to be set up to be safe? There are currently 2 receive connectors listed.
2) I tried to import our Geotrust SSL certificate in the command shell. It imported successfully, but could never attach it to IIS, because the command shell said the private key was missing. I tried adding it the 'ole fashion way through IIS, but Exchange doesn't know about it and OWA will not work even when I change the internal and external URL settings to https://owa.biltmorebaptist.org/owa. This type of URL (formerly https://owa.biltmorebaptist.org/exchange) used to work in (via DNS entry) and outside of our network. This SSL issue is also affecting all of our Windows Mobile Smartphones and PDA Phones.
3) Can you use the IMF and anti-spam settings without a separate Edge server?
Any help you can provide would be much appreciated. I have been using 2003 for years and think I have got in over my head with 2007. But I'm too far along to go back now.
Thanks!
1) When I opened up the firewall to allow incoming and outgoing SMTP traffic, I noticed the mail queues were being flooded with traffic from outside? our network. This is strange because I only allow port 25 traffic in (via a Watchguard firewall rule) from Postini (our provider that cleans up the mail before it gets to us). I need to make sure that our server is not an open relay. How does the receive connector need to be set up to be safe? There are currently 2 receive connectors listed.
2) I tried to import our Geotrust SSL certificate in the command shell. It imported successfully, but could never attach it to IIS, because the command shell said the private key was missing. I tried adding it the 'ole fashion way through IIS, but Exchange doesn't know about it and OWA will not work even when I change the internal and external URL settings to https://owa.biltmorebaptist.org/owa. This type of URL (formerly https://owa.biltmorebaptist.org/exchange) used to work in (via DNS entry) and outside of our network. This SSL issue is also affecting all of our Windows Mobile Smartphones and PDA Phones.
3) Can you use the IMF and anti-spam settings without a separate Edge server?
Any help you can provide would be much appreciated. I have been using 2003 for years and think I have got in over my head with 2007. But I'm too far along to go back now.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did try importing the certificate with IIS Manager (like the old way for Exchange 2003). It takes it and it is valid, but then I cannot access OWA at all, from inside the lan or outside. I did iisreset after the cert assignment. Is there something else I need to do, restart exchange or the server?
What do you mean by not access OWA? That could be an indication the certificate is damaged. Is the original still available?
Simon.
Simon.
ASKER
Unfortunately no, but I ordered a new UCC certificate from Entrust today.
What I mean by not being able to access OWA above, Internet Explorer would return an error message like page not found. Let's see if everything works out with the new Entrust cert. I'll let you know.
Thanks again,
Wesley
What I mean by not being able to access OWA above, Internet Explorer would return an error message like page not found. Let's see if everything works out with the new Entrust cert. I'll let you know.
Thanks again,
Wesley
ASKER
The Entrust certificate is working properly. Even Outlook Anywhere is working. I set up the names as: owa.domain.com, autodiscover.domain.com, exchsvr.domain.com
ASKER
Tha anti-spam settings helped with the the weird SMTP traffic I was receiving. I am still seeing some messages from blank senders at IP 255.255.255.255 in the mail queues.