using mail.domainname.com instead of remote.domainname.com on SBS 2008
I'm migrating an SBS 2003 box to SBS 2008, and I want to keep the public name of the server that I assign to the SSL cert the same - mail.domainname.com. In the past, I've found that SBS 2008 really pushes you toward remote.domainname.com.
how do I tell SBS 2008 to reconfigure its references to its FQDN to be mail.domainname.com instead of remote.domainname.com. On one of my installs, I bought an SSL cert for mail.domainname.com - found it kept seeming to want it to be remote.domainname.com - so I just bought remote.domainname.com.
Alternatively, would it make more sense to install a UCC SSL certificate where I could use multiple FQDNs (mail.domainname.com, remote.domainname.com, autodiscover.domainname.co
This is important to eliminate reconfiguration of various resources after I do the 2003 to 2008 migration I'm doing this weekend.
Thanks
how do I tell SBS 2008 to reconfigure its references to its FQDN to be mail.domainname.com instead of remote.domainname.com. On one of my installs, I bought an SSL cert for mail.domainname.com - found it kept seeming to want it to be remote.domainname.com - so I just bought remote.domainname.com.
Alternatively, would it make more sense to install a UCC SSL certificate where I could use multiple FQDNs (mail.domainname.com, remote.domainname.com, autodiscover.domainname.co
This is important to eliminate reconfiguration of various resources after I do the 2003 to 2008 migration I'm doing this weekend.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here is the process I go through with SBS 2008, I have found this setup and configuration to be the least painful, hope this helps. Make sure if get a cert from someone like godaddy to follow the instructions on installing the intermediate certificate and download the cert for IIS 7.
Even though in SBS 2008 a Self-Signed Certificate is supported for use with domain-joined Microsoft Office Outlook 2007 clients and Outlook Web Access, I do not recommend long term use of the self-signed certificate for any purpose other than encrypting communications between Exchange 2007 servers within your organization. I recommend that to support many, if not all, of the Client Access server features such as Exchange ActiveSync, Outlook Web Access, and Outlook Anywhere, you obtain a certificate from either a Windows PKI or a trusted third-party CA and make sure that this certificate is imported using the SBS Console SSL Certificate wizard.
When you run the Internet Address Wizard you need to just tell it you already have a domain and you will manage it yourself. This should let the wizard complete and configure exchange with the proper smtp addresses. I also never let the wizard configure my router. I'm usually a wizard guy but this is one area I feel more comfortable in setting up the router myself and it usually fails if the router isn't upnp.
When it asks for your external address i would use the default "externaldomain.com" or "remote.externaldomain.com
Then create a multi-domain certificate from godaddy or someone like that. The configuration of the Subjective Alternative Names (SAN) would be something like this:
remote.externaldomain.com
sbsservername.internaldoma
sites.internaldomain.local
autodiscover.externaldomai
There are others you could use but these are the basics.
You will need to modify your existing external DNS with these records that are externaldomain.com I prefer to use a wildcard * to redirect everything that is not specified. The wizards will configure the rest for internaldomain.local.
This normally takes care of internal issues and external issues.
Even though in SBS 2008 a Self-Signed Certificate is supported for use with domain-joined Microsoft Office Outlook 2007 clients and Outlook Web Access, I do not recommend long term use of the self-signed certificate for any purpose other than encrypting communications between Exchange 2007 servers within your organization. I recommend that to support many, if not all, of the Client Access server features such as Exchange ActiveSync, Outlook Web Access, and Outlook Anywhere, you obtain a certificate from either a Windows PKI or a trusted third-party CA and make sure that this certificate is imported using the SBS Console SSL Certificate wizard.
When you run the Internet Address Wizard you need to just tell it you already have a domain and you will manage it yourself. This should let the wizard complete and configure exchange with the proper smtp addresses. I also never let the wizard configure my router. I'm usually a wizard guy but this is one area I feel more comfortable in setting up the router myself and it usually fails if the router isn't upnp.
When it asks for your external address i would use the default "externaldomain.com" or "remote.externaldomain.com
Then create a multi-domain certificate from godaddy or someone like that. The configuration of the Subjective Alternative Names (SAN) would be something like this:
remote.externaldomain.com
sbsservername.internaldoma
sites.internaldomain.local
autodiscover.externaldomai
There are others you could use but these are the basics.
You will need to modify your existing external DNS with these records that are externaldomain.com I prefer to use a wildcard * to redirect everything that is not specified. The wizards will configure the rest for internaldomain.local.
This normally takes care of internal issues and external issues.
ASKER
RichEpnet is right on about clicking on advanced settings and it allowing you to alter the default public server name. That answers the question.
Regarding ConchCrawl's comment about a multi-host SSL certificate, I'm a bit confused. If I want to go the UCC route and buy an SSL cert with 5 FQDNs on it - how does the server know to respond to those other domain names? More precisely . . .
let's say I get an SSL cert and get remote.domainname.com, mail.domainname.com, and autodiscover.domainname.co
Then I create the necessary A records and point all three at the public IP of my SBS 2008 box.
You're saying that I click on advanced on the set up your internet address wizard and then use put "domainname.com" - is that right?
Will it just know to respond to those URLs (autodiscover, remote, mail)? Doesn't that need to be configured somewhere?
Regarding ConchCrawl's comment about a multi-host SSL certificate, I'm a bit confused. If I want to go the UCC route and buy an SSL cert with 5 FQDNs on it - how does the server know to respond to those other domain names? More precisely . . .
let's say I get an SSL cert and get remote.domainname.com, mail.domainname.com, and autodiscover.domainname.co
Then I create the necessary A records and point all three at the public IP of my SBS 2008 box.
You're saying that I click on advanced on the set up your internet address wizard and then use put "domainname.com" - is that right?
Will it just know to respond to those URLs (autodiscover, remote, mail)? Doesn't that need to be configured somewhere?
The cert will have the Subjective Alternative Names, your external dns will use those names as well as your internal dns.
You can use the default of remote.domainname.com or change it in advanced to what ever you want domainname.com is fine also. It is just the new standard for 2008 that you use remote like in 2003 was mail, but not absolute. The reason is in 2008 uses remote is because it doesn't just take you to email, it takes you to a login page that will give you access to OWA, RWW, and Companyweb. So in MS lingo it is a broader term:-).
Outlook 2007 automatically uses autodiscover it is built in, so that is why it is good to have that one in there.
Everything else you've said seems right. I hope this clarifies my comments, if not please feel free to elaborate.
You can use the default of remote.domainname.com or change it in advanced to what ever you want domainname.com is fine also. It is just the new standard for 2008 that you use remote like in 2003 was mail, but not absolute. The reason is in 2008 uses remote is because it doesn't just take you to email, it takes you to a login page that will give you access to OWA, RWW, and Companyweb. So in MS lingo it is a broader term:-).
Outlook 2007 automatically uses autodiscover it is built in, so that is why it is good to have that one in there.
Everything else you've said seems right. I hope this clarifies my comments, if not please feel free to elaborate.
ASKER
should have seen it myself
http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html