Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Is there a way to programmatically change the Principle Name on all clients?

Posted on 2010-08-12
2
801 Views
Last Modified: 2012-05-10
Migrating from Exchange 2003 to 2010. I see the directions call for three domain names:

mail.domain.com (new Ex2010 server)
autodiscover.domain.com
legacy.domain.com (new DNS record to be pointed at soon-to-be old Ex2003 server)

Currently, I have the old Ex2003 server as mserver.domain.com. The new Ex2010 I want to call mail.domain.com and NOT mserver.domain.com. From what I can tell, I think I'm going to have to visit each client personally (or remotely) and change the principal (MSSTD:mserver.domain.com) name to be the new principal (MSSTD:mail.domain.com). Anyone know a way around this? In the long term, I want mserver.domain.com to go completely away.

The cert I'm using has mserver.domain.com as the primary name, and mail.domain.com as a SAN. Therefore authentication fails using www.testexchangeconnectivity.com and the test for RPC/HTTP. The failure reads, "The certificate common name mserver.domain.com, doesn't validate against Mutual Authentication string provided msstd:mail.domain.com". I know I can change the mutual authentication string in Exchange Mgmt Shell, but this doesn't help me when I want to retire the DNS name mserver.domain.com.

Ideas?
0
Comment
Question by:xyden
2 Comments
 
LVL 6

Accepted Solution

by:
defkamel earned 500 total points
ID: 33425527
you only need legacy.domain.com  if you are going to have 2003 exchange coexisting with the new 2010 server. you can remove it if you are removing the old 2003 server.

I would have the following on the cert. You can re-key the cert with the correct names.

autodiscover.domain.com
mail.domain.com
servername
servername.domain.com

Then if you configure an external DNS A record for autodiscover.domain.com  (same place you configure your MX record) with the external IP address of your router and port 80 forwarded to the exchange server the clients can automatically configure themselves using the following process.

http://www.msexchange.org/tutorials/Uncovering-New-Outlook-2007-Discover-Service.html
0
 

Author Comment

by:xyden
ID: 33425755
Yeah, I need them to coexist for at least 2 weeks.

I'm thinking the best thing to do is follow the MS examples and migrate the current Ex2003 external FQDN (mserver.domain.com) to the new Ex2010 box while assigning a new FQDN (legacy.domain.com) to the old Ex2003 server. Once the migration and upgrade are complete, then handle changing the external FQDN of the Ex2010 box from mserver.domain.com to mail.domain.com.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question