Exchange 2003?2010 Tranistion - Clarification needed on OWA/AS certificate

Current setup:
Single forest, and domain at small company of about 100 users.  Single Exchange 2003 server.  All prep work for a 2010 Exchange server has been done.  Should receive new hardware next week to use as a new single Exchange 2010 server.

My current mx record points to a public ip address which is mail.mycompany.com/exchange.

This public IP is NAT'd on my firewall to the Exchange 2003 servers internal IP address.

The Exchange 2003 server is using a VeriSign SSL certificate for mail.mycompany.com/exchange.

So when I install Exchange 2010 and come to the configuration of setting up OWA and Activesync, is it as simple as bringing in a NEW UCC certificate and then changing the NAT entry on the firewall to point to new Exchange 2010 servers IP address?  If so, what entries do I need to put on the server?  
- the current entry (mail.mycompany.com/exchange), which will be used by the NEW server(?)
- an old one for the Exchange 2003 server (legacy.mycompany.com/exchange)(?)
- an entry for the internal NETBios names of each of the Exchange servers???


Thanks for any help.  This is the only part I'm really worried about....Keeping OWA and ActiveSync flowing in coexistence while the transition takes place...
tenoverAsked:
Who is Participating?
 
LazarusCommented:
Your going to need to point your new SSL Cert to:

mail.mycompany.com
autodiscover.mycompany.com
leagacy.mycompany.com
*.mycompany.com

And if your using any other domains like .org, .info etc...
0
 
Suliman Abu KharroubIT Consultant Commented:
You need a UCC certificate includes the following SANs:

Autodiscover.domain.com
mail.domain.com
server name (netbios name)
Server.domain.local



0
 
tenoverAuthor Commented:
Thanks.  That would cover the old server, new server and autodiscover for ActiveSync, right?  Once I change the NAT entry on the firewall, all mail requests will point to the new Exchange server and it will automatically know which Exchange server has the mailbox in question and redirect as needed, correct?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
tenoverAuthor Commented:
Ok, so which one?

Two different answers there...
Wouldn't the *.mycompany.com cover the server name and server.domain.local since internal and external domains are named the same?
0
 
LazarusCommented:
Yes, it will cover the servers. You will need to have 2 NAT on your firewall though, one for each server. You will also need to MX's in your DNS for the term of your coexistance.
0
 
Suliman Abu KharroubIT Consultant Commented:
All the names included in my above comment... do you plan to keep the 2003 server along with the 2010 server.
0
 
Suliman Abu KharroubIT Consultant Commented:
the second part of my comment should be a question, so it should end with "?" not "." ... :)
0
 
tenoverAuthor Commented:
The 2003 server will be decommissioned after a successful transition.  As for needing two NATs, how does that work?

NAT1 = public IP address>Exchange 2003 internal address
NAT2 = different public IP address>Exchange 2010 internal address ?

And two MX records.....

MX1 = new Exchange public IP 10
MX2 = old Exchange public IP 20

??
0
 
kpa2011Commented:
No need to point MX record to old one. You will require to point MX to new server.
However, NAT for EX2003 is required as it will co-exist with 2010.
0
 
tenoverAuthor Commented:
I was going by lazarus's comment above about needing two mx records.....
0
 
tenoverAuthor Commented:
Just so I'm sure I understand this correctly...

My mx record points to mail.mycompany.com (67.231.57.122)
My current 2003 Exchange box has an SSL cert for mail.mycompany.com
On my firewall, my external IP address for mail.mycompany.com is NAT'd to the Exchange 2003 servers internal LAN address

When I install this new Exchange 2010 server, I will get a NEW UCC certificate from Verisign, which includes the following names:
mail.mycompany.com
autodiscover.mycompany.com
legacy.mycompany.com
*.mycompany.com

I will then modify my NAT policy to point the external MX address to the NEW EXCHANGE 2010 SERVER.  
All mail requests will hit this new server, and because of the UCC certificate, it will be able to automatically route mail to either the old or new server, depending on which server the mailbox is on....correct?

Will the fact that the old server also has a cert for mail.mycompany.com on it cause any conflicts?

Do I really have to use another public IP address to create a NAT for the old Exchange 2003 server?
0
 
tenoverAuthor Commented:
think I got it....

Old Exchange Server will get a new NAT policy that translates it's internal IP to a new WAN IP.  

New Exchange server will use current MX record with new SAN Certificate.

Any requests to mail.mycompany.com will go directly to 2010.  If the mailbox is on 2010, it will be processed.  If the mailbox is on 2003, 2010 will send it back outside and it will be directed to legacy.mycompany.com.

Theoretically, nothing will have to be done from OWA or Activesync users, as they will keep using the same URL they currently use, mail.mycompany.com.


??
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.