Solved

How to handle certificate(s)s when migrating from exchange 2003>2010 with no downtime.

Posted on 2011-09-23
4
482 Views
Last Modified: 2012-05-12
Hello.

I am about to migrate a customers exchange 2003>2010. I will not be able to migrate all mailboxes at the same time so i have to have a co-op working solution. And i need help to see if i am thinking the right way regarding webmail certificate to have no downtime on mobile sync etc if the mailbox is still on exchange 2003 or moved to 2010.

Is this the correct way to go about it?

- I buy a new san certificate. In it i put current webmail address, autodiscover record and new legacy name for exchange 2003.
- I install this certificate on exchange 2010. Change correct path etc to point exchange 2003 to the legacy name.
- Export the certificate from exchange 2010.
- Import and replace exchange 2003 certificate with that certificate.
- Change firewall to point to exchange 2010.

Mobile sync is still on same webmailaddress. Exchange 2010 will redirect internally if user has the mailbox still on exchange 2003.

Is this correct? If not please give instructions on better solution.
If this is correct it would also be great to have exact scripts needed to set correct addresses on exchange 2010 server for webmail, autodiscover,legacy and how to export the cert from exchange 2010.

Thanks in advance.
0
Comment
Question by:teknik360
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Expert Comment

by:jesaja
ID: 36586175
after installing you need to specify the legacy OWA Address

Set-OWAVirtualDirectory Seattle-EX10\OWA* -ExternalURL https://mail.contoso.com/OWA
-Exchange2003URL https://legacy.contoso.com/exchange

you have to generate the the certificate on the exchange 2010 server

you need to enable Integrated Windows authentication on the Microsoft-Server-ActiveSync virtual directory on the Exchange 2003
0
 
LVL 8

Expert Comment

by:rr1968
ID: 36586388
Your approach looks right.
There will be a momentary outage when you import the new certificate on Exch2003
try this link to get more info:
http://www.networkworld.com/community/node/58685
0
 

Author Comment

by:teknik360
ID: 36708181
Thanks for the answers. So i look to have the correct approach. Just a clarification..
As far as i know i can create this san certificate with a csr directly on the certificate providers website when buying it. Its also not a problem that i already have one quick ssl certificate with the same name and it will be active. So is it still neccesary for me to generate the certificate on the exchange 2010 server first? Im guessing that perhaps during the installation of exchange 2010 i will generate a self signed certificate for this that i need to replace or can i forgo that?
0
 
LVL 7

Accepted Solution

by:
jesaja earned 500 total points
ID: 36714138
You can run the certificate assistant on the exchange console or with powershell


digicert where you can purchase a SAN certificate provide a tutorials on how to create and install the certificate

Here is the like that will create a powershell command to generate the certificate request

https://www.digicert.com/easy-csr/exchange2010.htm


 
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question