Solved

Is there a way to programmatically change the Principle Name on all clients?

Posted on 2010-08-12
2
785 Views
Last Modified: 2012-05-10
Migrating from Exchange 2003 to 2010. I see the directions call for three domain names:

mail.domain.com (new Ex2010 server)
autodiscover.domain.com
legacy.domain.com (new DNS record to be pointed at soon-to-be old Ex2003 server)

Currently, I have the old Ex2003 server as mserver.domain.com. The new Ex2010 I want to call mail.domain.com and NOT mserver.domain.com. From what I can tell, I think I'm going to have to visit each client personally (or remotely) and change the principal (MSSTD:mserver.domain.com) name to be the new principal (MSSTD:mail.domain.com). Anyone know a way around this? In the long term, I want mserver.domain.com to go completely away.

The cert I'm using has mserver.domain.com as the primary name, and mail.domain.com as a SAN. Therefore authentication fails using www.testexchangeconnectivity.com and the test for RPC/HTTP. The failure reads, "The certificate common name mserver.domain.com, doesn't validate against Mutual Authentication string provided msstd:mail.domain.com". I know I can change the mutual authentication string in Exchange Mgmt Shell, but this doesn't help me when I want to retire the DNS name mserver.domain.com.

Ideas?
0
Comment
Question by:xyden
2 Comments
 
LVL 6

Accepted Solution

by:
defkamel earned 500 total points
ID: 33425527
you only need legacy.domain.com  if you are going to have 2003 exchange coexisting with the new 2010 server. you can remove it if you are removing the old 2003 server.

I would have the following on the cert. You can re-key the cert with the correct names.

autodiscover.domain.com
mail.domain.com
servername
servername.domain.com

Then if you configure an external DNS A record for autodiscover.domain.com  (same place you configure your MX record) with the external IP address of your router and port 80 forwarded to the exchange server the clients can automatically configure themselves using the following process.

http://www.msexchange.org/tutorials/Uncovering-New-Outlook-2007-Discover-Service.html
0
 

Author Comment

by:xyden
ID: 33425755
Yeah, I need them to coexist for at least 2 weeks.

I'm thinking the best thing to do is follow the MS examples and migrate the current Ex2003 external FQDN (mserver.domain.com) to the new Ex2010 box while assigning a new FQDN (legacy.domain.com) to the old Ex2003 server. Once the migration and upgrade are complete, then handle changing the external FQDN of the Ex2010 box from mserver.domain.com to mail.domain.com.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't know how to downgrade, my instructions below should be helpful.
Read this checklist to learn more about the 15 things you should never include in an email signature.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now