Adding a new certificate to Exchange 2007 for the SendConnector

computerconcepts
computerconcepts used Ask the Experts™
on
I noticed the FQDN listed on our SendConnector (the one sent in response to helo and ehlo requests)is configured as mail.mydomain.com and the certificate reads remote.mydomain.com.  I have some Event Log errors and I'm sure this is messing up some outgoing email.  My question is, would it be easier to change the FQDN that is listed on the SendConnector or create a new certificate?  If I change the FQDN will I have to change the MX record at the domain host as well?  I have mutiliple domains sending and receiving on this Exchange server.  How will this affect those domains?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Britt ThompsonSr. Systems Engineer
Top Expert 2009

Commented:
As long as your MX records are pointing to the correct address they dont matter. What does matter is the names on the cert and the address your PTR records resolve. You should have a multi-domain cert that has all of the server's FQDN's in use.

your cert should have:
mail.mycompany.com
remote.mycompany.com
autodiscover.
servername
servername.internal.com

Unless it's SBS in which case changing the the FQDN on the send connector may be  your best option.

Author

Commented:
It is SBS2008.  So in changing the FQDN entry on the send connector wouldn' t have to change the MX host from mail.mydomain.com to remote.mydomain.com?  Or am I just not understanding the MX record at that point?
Britt ThompsonSr. Systems Engineer
Top Expert 2009

Commented:
the MX is a hostname that points to an IP...if the online hostname's IP is not changed it makes no difference. Your IP isn't changing just the hostname the server sends as. But, you need to do a reverse lookup on your server and make sure your server's IP has a PTR that points to mail.mycompany.com.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Ok.  The PTR points to mail.mydomain.com and that is what is listed in the FQDN section of the Send Connector but the certificate reads remote.mydomain.com.  I will need to change the PTR at the ISP and the Send Connector to read remote.mydomain.com to match the certificate.  Sound right?
Sr. Systems Engineer
Top Expert 2009
Commented:
Unless you want to buy a new cert....I had it mixed up and was thinking the cert said mail. instead of remote. But yes, your PTR should read what it says on the send connector and it's free to change the DNS settings. Also, your server should be accessed from the Outside by going to remote.mycompany.com to prevent certificate errors as well.

Author

Commented:
Thanks for your help!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial