?
Solved

Exchange 2003 - 2010 CAS Proxying and Certs

Posted on 2010-09-16
9
Medium Priority
?
623 Views
Last Modified: 2012-05-10
Hi there,

I've built an Exchange 2010 Environment consisting of two Mailbox servers and two combined hub/cas servers.

We also have an existing Exchange 2003 environment(single server).

I understand you can use the "Exchange2003Url" paramater to redirect users still with 2003 mailboxes to the old 2003 OWA.

The existing external address is https://owa.lon.companyname.com and SSL secured.

My plan is to create a new UCC cert with the same common name and the required SAN names(including names for the old 2003 exchange). This will revoke the old cert on the 2003 server I assume.

Will I be able to install that UCC cert onto the old 2003 server so when users get redirected there are no cert issues.


0
Comment
Question by:Matsco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 33693979
yes I do this all the time without any issues
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33693984
yes, install the cert on both the cas and 2003 servers
otherwise you will get cert warnings
0
 
LVL 1

Author Comment

by:Matsco
ID: 33699105
When I install that UCC cert on the old exchange it will have the same common name as the new CAS.

Wont I actually need a 2nd cert with a different common name for the old exchange? So I can say redirect to this different address.

Im not so sure if I use the "Exchange2003Url" to redirect to the old server
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 49

Expert Comment

by:Akhater
ID: 33699131
there is no problems having the same UCC certificate on both I do it all the time

for your other part of the question please read this article of mine, it will save me a lot of rewrite

http://www.zerohoursleep.com/2010/01/installing-your-first-exchange-2010-cas-or-the-truth-about-exchange2003url-part-1/
0
 
LVL 1

Author Comment

by:Matsco
ID: 33699265
I have read your article actually! Still not 100% confident tho.

So for my clarification (I appreciate your patience).

My UCC cert will contain all the reguired SAN names + the names of the old exchange and legacy.lon.companyname.com.

I create a new A record - legacy.lon.companyname.com that points to the old exchange. I then run the Exchange2003Url with legacy.lon.companyname.com as the 2003 exchange.

We revoke the old single name cert and install new UCC onto Exch2010 CAS and also the 2003 server.

Exch2010 then redirects to 2003 if required. When it redirects to legacy.lon.companyname.com im worried it will complain about certs? 2003 doesnt support UUC SAN does it?

0
 
LVL 49

Expert Comment

by:Akhater
ID: 33699277
It will not complain since the legacy.lon.company.com is in the SANs of the certificate
0
 
LVL 1

Author Comment

by:Matsco
ID: 33699394
So the 2003 server will recognise the SAN's in that cert?
0
 
LVL 49

Accepted Solution

by:
Akhater earned 1000 total points
ID: 33699397
yes it will
0
 
LVL 32

Assisted Solution

by:endital1097
endital1097 earned 1000 total points
ID: 33700232
as long as the fqdn of the url being access is contained within the subject names of the certificate you will not get any warnings (the purpose of a SAN cert)
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question