We help IT Professionals succeed at work.

Need help transitioning from  SINLLE 2003 Exchange box to a SINGLE 2010 Exchange Box.

tenover asked
I've already ran all the pre-requisites and have everything ready to go but the hardware, which should arrive today or tomorrow.  Super simple setup, single AD forest and domain.  Our internal domain name is the same as our external (mycompany.com).  I've read and re-read the transition steps 20 times already, they seem fairly straightforward, however the one thing that worries me, and that NEEDS to work without any interruption is ActiveSync for mobile devices.  Currently all my mobile devices (iPhones) use ActiveSync to connect to mail.mycompany.com.  I also have a VeriSign SSL certificate for that.

1.) Do I need to purchase ANOTHER SSL certificate for the new Exchange 2010 server to have them coexisting without issue?  

2.) Once I bring this new Exchange 2010 server online and point to mail.mycompany.com during the Exchange install/setup, will all outside and/or mobile clients lose connectivity?

Watch Question

Exchange 2007 and 2010 require UCC certificates so that you can have the subject alternate names for it's configuration. So if you just have a standard SSL with a single name this will not work without a lot of extra configuration.

You'll want to get a new UCC certificate so you can have your mail.mycompany.com, autodiscover.mycompany.com, NETBIOSSERVERNAME, and SERVERNAME.internal.domain

Because of the autodiscover being used for activesync this will be required for a smooth transition.


Thanks, so a new cert for everything you said above, and leave the old one running on the Exchange 2003 server until it's dead and gone?
There's not really much use to the existing certificate unless they'll actually let you completely reissue it to another name and you can use it for something else.

Correct, that Comodo UCC cert will do it.


So this new UCC would cover the 2010 AND 2003 server during coexistence?
Well yes and no... It will take over when you move the https for mail.mycompany.com to point to the CAS services on the 2010 server.

Since you will only have https://mail.mycompany.com pointing to one server at a time it simply depends on when that changes to point to the new server.

As CAS is pretty much one of the first things to be migrated then the simple answer should be yes.

Actually you don't need the netbios name any more but you might need a legacy entry if you intend to setup co-existence during the transition period. Really only larger customers who expect to co-exist for several or more weeks want this but you should consider it just in case you want it.