Solved

Exchange 2007 Swing Migration Setup Help Needed

Posted on 2007-11-25
7
811 Views
Last Modified: 2013-11-30
I am still in the process of a swing migration from Exchange 2003 to Exchange 2007 this weekend.  I have all of the user 120 mailboxes moved to the Exchange 2007 box.  My Outlook, Entourage clients are connecting successfully.  I have the one Exchange 2007 box and the Exchange 2003 swing box.  I have removed the connectors between the 2003 and 2007 boxes. Here are the items I still need help with:

1) When I opened up the firewall to allow incoming and outgoing SMTP traffic, I noticed the mail queues were being flooded with traffic from outside? our network.  This is strange because I only allow port 25 traffic in (via a Watchguard firewall rule) from Postini (our provider that cleans up the mail before it gets to us).  I need to make sure that our server is not an open relay.  How does the receive connector need to be set up to be safe?  There are currently 2 receive connectors listed.

2) I tried to import our Geotrust SSL certificate in the command shell.  It imported successfully, but could never attach it to IIS, because the command shell said the private key was missing.  I tried adding it the 'ole fashion way through IIS, but Exchange doesn't know about it and OWA will not work even when I change the internal and external URL settings to https://owa.biltmorebaptist.org/owa.  This type of URL (formerly https://owa.biltmorebaptist.org/exchange) used to work in (via DNS entry) and outside of our network.  This SSL issue is also affecting all of our Windows Mobile Smartphones and PDA Phones.

3) Can you use the IMF and anti-spam settings without a separate Edge server?

Any help you can provide would be much appreciated. I have been using 2003 for years and think I have got in over my head with 2007.  But I'm too far along to go back now.

Thanks!
0
Comment
Question by:wesleyjones
  • 4
  • 3
7 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 20345803
For single server setup I would suggest you look at this article on the msexchangeteam.com blog.
http://msexchangeteam.com/archive/2006/11/17/431555.aspx

Note carefully that after enabling the antispam agents you need to restart the transport store AND all options are enabled, so you will need to in and disable them. The antispam agents are also where recipient filtering is held.

The SSL certificate is really important with Exchange 2007. I don't know how you have tried to move the certificate across, but having a separate key doesn't sound right. Exchange has to accept the certificate, you can either do that with PowerShell or use PowerGui, which I find is more straight forward.

On the question of your SMTP traffic, are you sure that you were doing the restriction on the firewall and not on the SMTP virtual server on the old machine? Exchange 2007 is relay secure by default, so unless you have changed the configuration of the receive connectors you will not be an open relay.

Simon.
0
 

Author Comment

by:wesleyjones
ID: 20345978
Thanks Sembee!  The blog article really helped.  Before I decommissioned the original server, I saved the .cer file offline.  When I brought up the Exchange 2007 box, I followed the "Finalize Deployment" instructions on the EMC.  The .cer file was imported, but I was unable to assign it to the IIS service.  My certificate expires in a couple of month, so I was thinking about getting an Entrust certificate anyway.  What is the PowerGUI?

Tha anti-spam settings helped with the the weird SMTP traffic I was receiving.  I am still seeing some messages from blank senders at IP 255.255.255.255 in the mail queues.
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 500 total points
ID: 20346065
PowerGui is another interface for PowerShell. http://www.powergui.org/ I use it on all of my Exchange 2007 deployments because it simplifies so much of what Microsoft have made more complex in Exchange 2007 with PowerShell. How did you import the certificate? Did you extract its thumbprint to use?

Have you tried just importing the certificate in to IIS manager on the web site? That should make the certificate available - you just need to import the thumbprint so that it is available to Exchange.

Simon.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:wesleyjones
ID: 20346194
I did try importing the certificate with IIS Manager (like the old way for Exchange 2003).  It takes it and it is valid, but then I cannot access OWA at all, from inside the lan or outside.  I did iisreset after the cert assignment.  Is there something else I need to do, restart exchange or the server?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20347351
What do you mean by not access OWA? That could be an indication the certificate is damaged. Is the original still available?

Simon.
0
 

Author Comment

by:wesleyjones
ID: 20347476
Unfortunately no, but I ordered a new UCC certificate from Entrust today.  

What I mean by not being able to access OWA above, Internet Explorer would return an error message like page not found.  Let's see if everything works out with the new Entrust cert.  I'll let you know.

Thanks again,

Wesley
0
 

Author Comment

by:wesleyjones
ID: 20368903
The Entrust certificate is working properly.  Even Outlook Anywhere is working.  I set up the names as: owa.domain.com, autodiscover.domain.com, exchsvr.domain.com
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now