Solved

Is there a way to programmatically change the Principle Name on all clients?

Posted on 2010-08-12
2
808 Views
Last Modified: 2012-05-10
Migrating from Exchange 2003 to 2010. I see the directions call for three domain names:

mail.domain.com (new Ex2010 server)
autodiscover.domain.com
legacy.domain.com (new DNS record to be pointed at soon-to-be old Ex2003 server)

Currently, I have the old Ex2003 server as mserver.domain.com. The new Ex2010 I want to call mail.domain.com and NOT mserver.domain.com. From what I can tell, I think I'm going to have to visit each client personally (or remotely) and change the principal (MSSTD:mserver.domain.com) name to be the new principal (MSSTD:mail.domain.com). Anyone know a way around this? In the long term, I want mserver.domain.com to go completely away.

The cert I'm using has mserver.domain.com as the primary name, and mail.domain.com as a SAN. Therefore authentication fails using www.testexchangeconnectivity.com and the test for RPC/HTTP. The failure reads, "The certificate common name mserver.domain.com, doesn't validate against Mutual Authentication string provided msstd:mail.domain.com". I know I can change the mutual authentication string in Exchange Mgmt Shell, but this doesn't help me when I want to retire the DNS name mserver.domain.com.

Ideas?
0
Comment
Question by:xyden
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
defkamel earned 500 total points
ID: 33425527
you only need legacy.domain.com  if you are going to have 2003 exchange coexisting with the new 2010 server. you can remove it if you are removing the old 2003 server.

I would have the following on the cert. You can re-key the cert with the correct names.

autodiscover.domain.com
mail.domain.com
servername
servername.domain.com

Then if you configure an external DNS A record for autodiscover.domain.com  (same place you configure your MX record) with the external IP address of your router and port 80 forwarded to the exchange server the clients can automatically configure themselves using the following process.

http://www.msexchange.org/tutorials/Uncovering-New-Outlook-2007-Discover-Service.html
0
 

Author Comment

by:xyden
ID: 33425755
Yeah, I need them to coexist for at least 2 weeks.

I'm thinking the best thing to do is follow the MS examples and migrate the current Ex2003 external FQDN (mserver.domain.com) to the new Ex2010 box while assigning a new FQDN (legacy.domain.com) to the old Ex2003 server. Once the migration and upgrade are complete, then handle changing the external FQDN of the Ex2010 box from mserver.domain.com to mail.domain.com.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question