Replacing Exchange 2003 Front End OWA server

Posted on 2013-06-05
Last Modified: 2013-07-15
We have a current Exchange 2003 Front End server that is really out of date and has limited processor speed and memory and is due for an upgrade.

Since I cannot really upgrade this old server anymore I opted to purchase another one to replace it.

I have installed Server 2003 and Exchange 2003, I've added it to my domain, ESM see's the current Servers right now, I have copied over all the IIS settings and have done all the updates needed.

The only thing I have left to do is to change it to the Static IP of the old server and move the SSL cert to the new server also tick the check box in ESM to tell it that its a Front End.

So far so good?

I want to leave the old server in place as a backup just in case something happens to the new one, also just in case once I swap it over if issues occur I can just swap it back.

So can the SSL cert be copied out of the old server and imported into the new server without it being deleted out of the old one?

Once I tick the box in ESM that the new server is the Front End do I have to untick the old server in ESM?

Anything else I'm missing?
Question by:Neogeo147
  • 2
  • 2
  • 2
  • +1

Expert Comment

ID: 39223089
If it's a third party certificate (VeriSign, GoDaddy, Thawte, etc), it is keyed by the issuer, and is keyed against a specific machine.  You cannot simply copy the SSL from the old server to the new one.  You'll need to generate a new CSR code, and re-key the certificate with the issuer against the new server.  This will render the old server SSL certificate invalid.  However, it normally only takes a few minutes to re-key an SSL certificate, so if you ever did have to go back to the old server, you would simply repeat this process.

Is it safe to assume your mailboxes and information stores are on other back-end servers?
LVL 16

Expert Comment

ID: 39223538

I know it's probably too late but if the problem was memory and processor limitation on the old physical server my simpliest solution (I mean the solution I would have tried or envisage at first) would have been to virtualize the current front-end server on Hyper-V (or VMware if you prefer).
After the P2V process you just have to add memory and vProc to your VM... The good thing is that it is the SAME server ! Nothing to change, nothing to move, nothing to migrate.

Yes of course, Microsoft does not support Exchange 2003 in a virtualized environment. But it works very very well anyway.
Also, you don't have to care about the MS support because Exchange 2003 support is ending in any case.

Also, virtualization resolve your "backup just in case" problem... You just have to save the VM files somewhere to be able to make it run on any other Hyper-V server...

Have a good day.
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 334 total points
ID: 39223561
The first response above is incorrect.
SSL certificates are not keyed against specific machines. You can simply export the certificate AND the private key to a file, then import them.

However many of the major SSL providers (not GoDaddy, but Verisign and their associates) will tell you that you need another "licence" for the new server and want to charge you some more money.

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails


Author Comment

ID: 39223979
Thank you for the responses, actually the virtual sounds like a good plan, so how would I go about the full process?

The SSL cert is from Thawte so I can export and import it into the new server and it will still maintain the SSL cert on the old server.

Yes all mailboxes reside on the back end server.
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 334 total points
ID: 39224002
Exchange 2003 doesn't care about the host name, so just export the certificate, remember to tick the box to include the private key.
Then import it in to the new server. You might have a root or intemediate certificate to import as well.

Then switch the DNS and/or firewall to point to the new server.


Author Comment

ID: 39224243
would I even have to switch DNS and or Firewall even though its pointing to the same IP address, the name of the server is slightly different though.

Assisted Solution

MrC63 earned 166 total points
ID: 39224253
If you switch the static IP address as you suggested in your original post, there should be no need to make any DNS changes.

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now