Solved

New additional primary email domain, new public certificate

Posted on 2011-03-18
6
295 Views
Last Modified: 2012-08-14
Hi

A SBS 2003 R2 exchange enviroment and apx 70 WSs which are located in 22 different cities here in Finland. All remote WSs are not joined to domain and they use RDP over HTTPS Outlook client.

I need to add a new emaildomain to the server. Currently I have a public SSL certificate for currentdomain.fi. In the future I need to have newdomain.fi as a  primary email domain while currentdomai.fi needs also work. Also the webmail address have to be https:/mail.newdomain.fi/exchange. The currentdomain.fi  needs to work to the end of this year and then stop.

What are the major steps?
Do I have to buy a SAN (subject alternate name) SSL certificate in order to make both domains work same time?
If a SAN certificate is needed isn't it so that the ISP has to setup DNS/MX for newdomain.fi to point to my server before I can buy the certificate (otherwise I can't receive the certificate to administrator@newdomain.fi)
At what point should  I run CEICW again to start use new public SSL certificate (SAN if needed)?
Do I have to make changes to client Outlooks (change Exchange Proxy https address to mail. newdomain.fi) now or at least at the end of the year?

Thanks in advantage

Juha
0
Comment
Question by:RimFire007
  • 4
  • 2
6 Comments
 
LVL 8

Accepted Solution

by:
GundogTrainer earned 500 total points
ID: 35164678
OK,
This is what I would do:
1. Add the new domain name to the recipeint policy, tick the "This Exchange Organisation is responsible for all mail delivery to this domain". But Dont actualy enable it in the recipient policy yet.
This will allow Exchange to accept the mail for this domain, you can manualy add an smtp address for youself for admin@yournewdomain.fi.
2. check you can send a message directly to exchange to this new address using telnet or a simple SMTP client to the exchange SMTP service.

3. Once you are happy that this is working you can set the MX and A records for the new domain to point to your server. After 24 hours you should then be able to email admin@yournewdomain.fi from any internet host, without affecting your existing domain name at all.

4. As for SSL this is where you have an option, you could purchase a certificate that included both names or create a 2nd website in IIS that uses the same IP address but uses host headers to specify it. You could then set it to redirect to the original site ( you could swap the certificates and headers over once you decide to implement the new name.)

5. Once you ready you can then check the domain name in the recipient policy, and setting it to the default name and Applying the policy now would regenerate the email addresses etc.
0
 

Author Comment

by:RimFire007
ID: 35164738
Thanks GundogTrainer

Will check the resolution detailed later on.

Step2. Is this a  Internal LAN test which I do before Step 3?

Step 3. I suppose this is something the ISP will do? I don't usually touch MX-records at all. My firewall just forwards all smtp traffic from public IP to Server's Internal LAN address. Are you really saing that I need to touch mx-records, at the Internal DNS server?

Step 4. I'll propably purhace a SAN certificate, sounds easier to me.

Rgs, Juha
0
 
LVL 8

Assisted Solution

by:GundogTrainer
GundogTrainer earned 500 total points
ID: 35164853
Step 2. internal test - but there is no reason it wouldnt work from the internet if you connect to the gateway IP address.

open a command prompt:(you type the text in bold)
telnet servername 25
220 servername.something.fi ESMTP MAIL Service Version: 1.2.3.4.5. ready at ....
helo test
250 servername.something.fi Hello [192.168.0.100]
mail from:admin@mydomain.fi
250 2.1.0 admin@mydomain.fi....Sender OK
rcpt to:admin@mynewdomain.fi
250 2.1.5 admin@mydomain.fi
data
354 Start mail input; end with <CRLF>.<CRLF>
subject:test
12345

.

quit



The DNS and MX records are just for internet client to know where to deliver the mail to, these will need to be created by whoever your domain name is being managed by. If you have purchased it from your ISP then this would be who should be able edit it.


0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:RimFire007
ID: 35164875
Thanks GundogTrainer

Special thanks for telnet commands! Will propably start implementing this on next week depending how busy I am. The transaction day should be the 1st of May.

Rgs, Juha
0
 

Author Comment

by:RimFire007
ID: 35445851
Just a update. Will do this on next week.

Rgs,

Juha
0
 

Author Closing Comment

by:RimFire007
ID: 35879691
Thanks GundogTrainer

The information provided helped to set up the new primary email domain.

Rgs, Juha
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now