Solved

New additional primary email domain, new public certificate

Posted on 2011-03-18
6
290 Views
Last Modified: 2012-08-14
Hi

A SBS 2003 R2 exchange enviroment and apx 70 WSs which are located in 22 different cities here in Finland. All remote WSs are not joined to domain and they use RDP over HTTPS Outlook client.

I need to add a new emaildomain to the server. Currently I have a public SSL certificate for currentdomain.fi. In the future I need to have newdomain.fi as a  primary email domain while currentdomai.fi needs also work. Also the webmail address have to be https:/mail.newdomain.fi/exchange. The currentdomain.fi  needs to work to the end of this year and then stop.

What are the major steps?
Do I have to buy a SAN (subject alternate name) SSL certificate in order to make both domains work same time?
If a SAN certificate is needed isn't it so that the ISP has to setup DNS/MX for newdomain.fi to point to my server before I can buy the certificate (otherwise I can't receive the certificate to administrator@newdomain.fi)
At what point should  I run CEICW again to start use new public SSL certificate (SAN if needed)?
Do I have to make changes to client Outlooks (change Exchange Proxy https address to mail. newdomain.fi) now or at least at the end of the year?

Thanks in advantage

Juha
0
Comment
Question by:RimFire007
  • 4
  • 2
6 Comments
 
LVL 8

Accepted Solution

by:
GundogTrainer earned 500 total points
ID: 35164678
OK,
This is what I would do:
1. Add the new domain name to the recipeint policy, tick the "This Exchange Organisation is responsible for all mail delivery to this domain". But Dont actualy enable it in the recipient policy yet.
This will allow Exchange to accept the mail for this domain, you can manualy add an smtp address for youself for admin@yournewdomain.fi.
2. check you can send a message directly to exchange to this new address using telnet or a simple SMTP client to the exchange SMTP service.

3. Once you are happy that this is working you can set the MX and A records for the new domain to point to your server. After 24 hours you should then be able to email admin@yournewdomain.fi from any internet host, without affecting your existing domain name at all.

4. As for SSL this is where you have an option, you could purchase a certificate that included both names or create a 2nd website in IIS that uses the same IP address but uses host headers to specify it. You could then set it to redirect to the original site ( you could swap the certificates and headers over once you decide to implement the new name.)

5. Once you ready you can then check the domain name in the recipient policy, and setting it to the default name and Applying the policy now would regenerate the email addresses etc.
0
 

Author Comment

by:RimFire007
ID: 35164738
Thanks GundogTrainer

Will check the resolution detailed later on.

Step2. Is this a  Internal LAN test which I do before Step 3?

Step 3. I suppose this is something the ISP will do? I don't usually touch MX-records at all. My firewall just forwards all smtp traffic from public IP to Server's Internal LAN address. Are you really saing that I need to touch mx-records, at the Internal DNS server?

Step 4. I'll propably purhace a SAN certificate, sounds easier to me.

Rgs, Juha
0
 
LVL 8

Assisted Solution

by:GundogTrainer
GundogTrainer earned 500 total points
ID: 35164853
Step 2. internal test - but there is no reason it wouldnt work from the internet if you connect to the gateway IP address.

open a command prompt:(you type the text in bold)
telnet servername 25
220 servername.something.fi ESMTP MAIL Service Version: 1.2.3.4.5. ready at ....
helo test
250 servername.something.fi Hello [192.168.0.100]
mail from:admin@mydomain.fi
250 2.1.0 admin@mydomain.fi....Sender OK
rcpt to:admin@mynewdomain.fi
250 2.1.5 admin@mydomain.fi
data
354 Start mail input; end with <CRLF>.<CRLF>
subject:test
12345

.

quit



The DNS and MX records are just for internet client to know where to deliver the mail to, these will need to be created by whoever your domain name is being managed by. If you have purchased it from your ISP then this would be who should be able edit it.


0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:RimFire007
ID: 35164875
Thanks GundogTrainer

Special thanks for telnet commands! Will propably start implementing this on next week depending how busy I am. The transaction day should be the 1st of May.

Rgs, Juha
0
 

Author Comment

by:RimFire007
ID: 35445851
Just a update. Will do this on next week.

Rgs,

Juha
0
 

Author Closing Comment

by:RimFire007
ID: 35879691
Thanks GundogTrainer

The information provided helped to set up the new primary email domain.

Rgs, Juha
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now