Solved

Is there a way to programmatically change the Principle Name on all clients?

Posted on 2010-08-12
2
776 Views
Last Modified: 2012-05-10
Migrating from Exchange 2003 to 2010. I see the directions call for three domain names:

mail.domain.com (new Ex2010 server)
autodiscover.domain.com
legacy.domain.com (new DNS record to be pointed at soon-to-be old Ex2003 server)

Currently, I have the old Ex2003 server as mserver.domain.com. The new Ex2010 I want to call mail.domain.com and NOT mserver.domain.com. From what I can tell, I think I'm going to have to visit each client personally (or remotely) and change the principal (MSSTD:mserver.domain.com) name to be the new principal (MSSTD:mail.domain.com). Anyone know a way around this? In the long term, I want mserver.domain.com to go completely away.

The cert I'm using has mserver.domain.com as the primary name, and mail.domain.com as a SAN. Therefore authentication fails using www.testexchangeconnectivity.com and the test for RPC/HTTP. The failure reads, "The certificate common name mserver.domain.com, doesn't validate against Mutual Authentication string provided msstd:mail.domain.com". I know I can change the mutual authentication string in Exchange Mgmt Shell, but this doesn't help me when I want to retire the DNS name mserver.domain.com.

Ideas?
0
Comment
Question by:xyden
2 Comments
 
LVL 6

Accepted Solution

by:
defkamel earned 500 total points
ID: 33425527
you only need legacy.domain.com  if you are going to have 2003 exchange coexisting with the new 2010 server. you can remove it if you are removing the old 2003 server.

I would have the following on the cert. You can re-key the cert with the correct names.

autodiscover.domain.com
mail.domain.com
servername
servername.domain.com

Then if you configure an external DNS A record for autodiscover.domain.com  (same place you configure your MX record) with the external IP address of your router and port 80 forwarded to the exchange server the clients can automatically configure themselves using the following process.

http://www.msexchange.org/tutorials/Uncovering-New-Outlook-2007-Discover-Service.html
0
 

Author Comment

by:xyden
ID: 33425755
Yeah, I need them to coexist for at least 2 weeks.

I'm thinking the best thing to do is follow the MS examples and migrate the current Ex2003 external FQDN (mserver.domain.com) to the new Ex2010 box while assigning a new FQDN (legacy.domain.com) to the old Ex2003 server. Once the migration and upgrade are complete, then handle changing the external FQDN of the Ex2010 box from mserver.domain.com to mail.domain.com.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now