Solved

New additional primary email domain, new public certificate

Posted on 2011-03-18
6
309 Views
Last Modified: 2012-08-14
Hi

A SBS 2003 R2 exchange enviroment and apx 70 WSs which are located in 22 different cities here in Finland. All remote WSs are not joined to domain and they use RDP over HTTPS Outlook client.

I need to add a new emaildomain to the server. Currently I have a public SSL certificate for currentdomain.fi. In the future I need to have newdomain.fi as a  primary email domain while currentdomai.fi needs also work. Also the webmail address have to be https:/mail.newdomain.fi/exchange. The currentdomain.fi  needs to work to the end of this year and then stop.

What are the major steps?
Do I have to buy a SAN (subject alternate name) SSL certificate in order to make both domains work same time?
If a SAN certificate is needed isn't it so that the ISP has to setup DNS/MX for newdomain.fi to point to my server before I can buy the certificate (otherwise I can't receive the certificate to administrator@newdomain.fi)
At what point should  I run CEICW again to start use new public SSL certificate (SAN if needed)?
Do I have to make changes to client Outlooks (change Exchange Proxy https address to mail. newdomain.fi) now or at least at the end of the year?

Thanks in advantage

Juha
0
Comment
Question by:RimFire007
  • 4
  • 2
6 Comments
 
LVL 8

Accepted Solution

by:
GundogTrainer earned 500 total points
ID: 35164678
OK,
This is what I would do:
1. Add the new domain name to the recipeint policy, tick the "This Exchange Organisation is responsible for all mail delivery to this domain". But Dont actualy enable it in the recipient policy yet.
This will allow Exchange to accept the mail for this domain, you can manualy add an smtp address for youself for admin@yournewdomain.fi.
2. check you can send a message directly to exchange to this new address using telnet or a simple SMTP client to the exchange SMTP service.

3. Once you are happy that this is working you can set the MX and A records for the new domain to point to your server. After 24 hours you should then be able to email admin@yournewdomain.fi from any internet host, without affecting your existing domain name at all.

4. As for SSL this is where you have an option, you could purchase a certificate that included both names or create a 2nd website in IIS that uses the same IP address but uses host headers to specify it. You could then set it to redirect to the original site ( you could swap the certificates and headers over once you decide to implement the new name.)

5. Once you ready you can then check the domain name in the recipient policy, and setting it to the default name and Applying the policy now would regenerate the email addresses etc.
0
 

Author Comment

by:RimFire007
ID: 35164738
Thanks GundogTrainer

Will check the resolution detailed later on.

Step2. Is this a  Internal LAN test which I do before Step 3?

Step 3. I suppose this is something the ISP will do? I don't usually touch MX-records at all. My firewall just forwards all smtp traffic from public IP to Server's Internal LAN address. Are you really saing that I need to touch mx-records, at the Internal DNS server?

Step 4. I'll propably purhace a SAN certificate, sounds easier to me.

Rgs, Juha
0
 
LVL 8

Assisted Solution

by:GundogTrainer
GundogTrainer earned 500 total points
ID: 35164853
Step 2. internal test - but there is no reason it wouldnt work from the internet if you connect to the gateway IP address.

open a command prompt:(you type the text in bold)
telnet servername 25
220 servername.something.fi ESMTP MAIL Service Version: 1.2.3.4.5. ready at ....
helo test
250 servername.something.fi Hello [192.168.0.100]
mail from:admin@mydomain.fi
250 2.1.0 admin@mydomain.fi....Sender OK
rcpt to:admin@mynewdomain.fi
250 2.1.5 admin@mydomain.fi
data
354 Start mail input; end with <CRLF>.<CRLF>
subject:test
12345

.

quit



The DNS and MX records are just for internet client to know where to deliver the mail to, these will need to be created by whoever your domain name is being managed by. If you have purchased it from your ISP then this would be who should be able edit it.


0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:RimFire007
ID: 35164875
Thanks GundogTrainer

Special thanks for telnet commands! Will propably start implementing this on next week depending how busy I am. The transaction day should be the 1st of May.

Rgs, Juha
0
 

Author Comment

by:RimFire007
ID: 35445851
Just a update. Will do this on next week.

Rgs,

Juha
0
 

Author Closing Comment

by:RimFire007
ID: 35879691
Thanks GundogTrainer

The information provided helped to set up the new primary email domain.

Rgs, Juha
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In-place Upgrading Dirsync to Azure AD Connect
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video discusses moving either the default database or any database to a new volume.

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question