[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Retire 2K3 DC - install OWA 2007 with ISA 2004

Posted on 2009-04-22
Medium Priority
Last Modified: 2012-05-06
My enterprise root CA was set up per the ISA Server 2004 Configuration Guide lab. Exchange 2003 on the dc was installed as well per the lab doc. For this doc, I'll call the isa server ISA and the dc DC1. ISA 2004 was also configured for the owa access to support both basic and forms-based authentication with a single IP and web listener per Dr. Shinder's document.

This pair of work-horses has served us well for the last 5 years.

DC1 is starting to get a little slower, so DC2 with 64bit 2K3 and exchange 2007 was born. Mailboxs were migrated and DC2 is functioning well. Exchange 2k3 on DC1 has been shutdown and removed. Eventually, when all services have been removed/replaced with DC2, DC1 will be completely retired.

Now its time for me to get owa 2007 working through ISA server.

I have read numerous docs about moving CA server. My DC's don't and won't have the same name for various reasons. Can all of the certs that have expired just be deleted? or would I be better off leaving them and just creating a new CA on DC2?

I have also read that ISA 2004 sp3 contains the wizards etc for publishing the owa for exchange 2007.

Are there any documents out there that describe setting up isa 2004 / owa exchange 2007 combination?
Question by:akreifels
  • 2
LVL 15

Accepted Solution

Greg Besso earned 1000 total points
ID: 24214677
I think you need to just configure another of your domain controllers (one that will be around and not renamed or retired soon) with certificate services. Then manually start replacing all certificates in your environment with ones created from that CA. Then once the other one is no longer in use you can look into retiring it.
LVL 24

Assisted Solution

by:Rajith Enchiparambil
Rajith Enchiparambil earned 1000 total points
ID: 24224490
If you want to make use of all the Exchange features fully, like autodiscover, Outlook ANywhere, ActiveSync etc, you need to go for a commercial UCC/SAN certificate. no point in having a self assigned certificate (the one from your internal CA). Most of the things won't work!

Check this article for a UCC/SAN cert


Author Closing Comment

ID: 31573447
thanks so much for both of your help. I definately have some work ahead of me, but both of you have given me the direction I need to look in.
thanks again

Author Comment

ID: 24224640
thanks for your assistance

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question