xzay1967
asked on
Remove/change Primary external domain in SBS2008
Summary and issue:
My client is running sbs2008 which comes with Exchange 2007 and AD builtin. I have already configured the domain to use firstdomain.com. Everything is working fine, OWA, Outlook, RWW etc, RWW is mail.firstdomain.com. Then she wanted to add seconddomain.com and stop using firstdomain.com. I added the new domain to exchange and configured it as the new accepted domain, set it as default and updated the email policy so it is the primary send and receive. I also setup the MX record to point to the IP of firstdomain.com. The only hitch I encountered was the certificate would popup on external outlook users. I explained that she needed to buy a new cert (SAN) that included autodiscover.seconddomain.
**************************
Plan of action:
Run the Internet Wizard and set seconddomain.com as new primary external domain
Change MX record to point to IP of seconddomain.com
Run cert wizard in SBS console
Remove firstdomain.com from accepted domain in EMC
************************
Concerns and questions:
There was no autodiscover issue when there was one domain. Should I expect any now that I am going back to having one domain after removing firstdomain.com?
Would I still need to purchase a cert that included autodiscover.seconddomain.
When the internet wizard is run for secondomain.com, would it also create virtual directories for owa, ews, etc whereby I can now use mail.seconddomain as the new URL for RWW?
Can I leave the old MX record in place until the new one populates the DNS servers around the internet? I just dont want any or minimal email down time. I guess the better question would be, How do I avoid or minimize email down time?
My client is running sbs2008 which comes with Exchange 2007 and AD builtin. I have already configured the domain to use firstdomain.com. Everything is working fine, OWA, Outlook, RWW etc, RWW is mail.firstdomain.com. Then she wanted to add seconddomain.com and stop using firstdomain.com. I added the new domain to exchange and configured it as the new accepted domain, set it as default and updated the email policy so it is the primary send and receive. I also setup the MX record to point to the IP of firstdomain.com. The only hitch I encountered was the certificate would popup on external outlook users. I explained that she needed to buy a new cert (SAN) that included autodiscover.seconddomain.
**************************
Plan of action:
Run the Internet Wizard and set seconddomain.com as new primary external domain
Change MX record to point to IP of seconddomain.com
Run cert wizard in SBS console
Remove firstdomain.com from accepted domain in EMC
************************
Concerns and questions:
There was no autodiscover issue when there was one domain. Should I expect any now that I am going back to having one domain after removing firstdomain.com?
Would I still need to purchase a cert that included autodiscover.seconddomain.
When the internet wizard is run for secondomain.com, would it also create virtual directories for owa, ews, etc whereby I can now use mail.seconddomain as the new URL for RWW?
Can I leave the old MX record in place until the new one populates the DNS servers around the internet? I just dont want any or minimal email down time. I guess the better question would be, How do I avoid or minimize email down time?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You are a genius Simon, I actually forgot I could use GoToAssist for the remote work. I think for consistency I will create an A record called mail.seconddomain.com on the external dns, then add a MX record entry called mail.seconddomain.com with a priority of 15 since the other (current) one is set to 10. The current MX record points to IP of firstdomain.com and since she wants to totally dump the old one, I may go with a new record. That way the record will already be in place for when I add the cert, plus mail won't use the new one unless the one with the priority of 10 is not accessible. Your thoughts please. Thanks for the tip on the cert provider.
ASKER
Ok so I went ahead and bought the cert, will generate the request once I change the domain name. Once I change the primary domain on SBS, does the current email function stop working i.e owa, outlook etc? I am trying to get a feel of what to expect outage wise so I can prepare for it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks again for the detailed response Simon. I always thought that with SBS being to temperamental that not using the built in wizard was advised. This is Exchange 2007, so I will have to figure out how to request the cert via EMS. If not too much to ask, can you assist me with that as well? Here are what I would like in the SAN request:
mail.wtaylorrealestate.com
mail.taylorrealestate.com<
autodiscover.wtaylorreales
autodiscover.taylorrealest
Not sure if I need to include the server name, but if I do, then its wtr-dc01.wtaylor.local
mail.wtaylorrealestate.com
mail.taylorrealestate.com<
autodiscover.wtaylorreales
autodiscover.taylorrealest
Not sure if I need to include the server name, but if I do, then its wtr-dc01.wtaylor.local
ASKER
http://exchange.sembee.info/ I believe I found your site, I will follow the instructions. Do you still recommend including "Sites" in the SAN? I have generated the CSR using EMS:
Should I redo and include "Sites"? Only issue is I am only allowed 5 entries for the cert I purchased, if I have to include Sites, which can I remove and still be in the green?
New-ExchangeCertificate -GenerateRequest -Path c:\mail_taylorrealestate_c
Should I redo and include "Sites"? Only issue is I am only allowed 5 entries for the cert I purchased, if I have to include Sites, which can I remove and still be in the green?
New-ExchangeCertificate -GenerateRequest -Path c:\mail_taylorrealestate_c
ASKER
First let me extend a million thanks for your help. I have performed the operation, and all went well except for one glitch. Now for some odd reason, when users launch Outlook internally, they are prompter with cert warning that reference the old domain. See screenshot. The cert does include the old domain as well as the new domain, so not sure what the problem is at this point.
mail.taylorrealestate.png
mail.taylorrealestate.png
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My apologies Simon, I forgot to close this question and award you your points. I followed your article on the site you host, and got everything working. I was also able to solve the issue of the cert warning where it referenced the old domain. I simply set all the internal uri for the ews, owa and oab to the exteral uri. Thanks again for everything.
ASKER