Exchange migration 2007 to 2010 AND domain name change
Posted on 2012-09-04
I would like to do 2 things with my Exchange organisation, ideally at the same time.
1. Migrate from Exchange 2007 to Exchange 2010
2. Change the external access URL from mail.external1.com to mail.external2.com
I have set up a lab environment and restored a backup of my production exch2007 and a domain controller into it. for the purpose of live testing I have also got a real public domain name to use so I can send mail in and out of the lab set up.
I have a split DNS setup so there is a public DNS server for external1.com and external2.com which is used externally, and I also maintain the 2 zones on our internal DNS for use by internal clients.
Exchange 2007 Server
Internal DNS name: exch2007.internal.int (the .int TLD here is a problem because I cant get an SSL cert with that extention. Its reserved for specific organisations. It was chosen many years ago by one of my predecessors).
External DNS name: mail.external1.com
I intend to decomission the exch2007 server so the whole exchange organisation is on 2010.
I've built a new server and installed exch2010 on it. It is configured with the new public DNS name mail.external2.com.
Exchange 2010 Server
Internal DNS name: exch2010.internal.int
External DNS name: mail.external2.com
The mail routing works fine between the 2 servers and to and from the internet in this coexistance scenario, I have also moved user1's mailbox from exch2007 to exch2010 and seen new features light up in Outlook 2010.
I have installed a new UC SSL certificate on the exch2010 box and also imported that cert onto the exch2007 box. This is from a public CA.
Public CA SSL Cert
Common Name: mail.external2.com
Additionally both servers have an internal SSL cert issued by our internal enterprise CA.
Common name: exch2007.internal.int
Common name: exch2010.internal.int
When I open outlook I get a certificate warning message that appears twice. 'The name on the security certificate is invalid or does not match the name of the site'. The name on the warning message is exch2010.internal.int and the certificate being offered is the public CA SSL cert.
Exchange services assigned to certs
So I'm not really sure where my problem is, i think it's to do with certificate assignment, in which case does anybody know what I should have done differently? Or, is it because I am trying to change the external domain name at the same time as the migration?
Any help you could offer would be much appreciated.