• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 575
  • Last Modified:

Replacing Exchange 2003 Front End OWA server

We have a current Exchange 2003 Front End server that is really out of date and has limited processor speed and memory and is due for an upgrade.

Since I cannot really upgrade this old server anymore I opted to purchase another one to replace it.

I have installed Server 2003 and Exchange 2003, I've added it to my domain, ESM see's the current Servers right now, I have copied over all the IIS settings and have done all the updates needed.

The only thing I have left to do is to change it to the Static IP of the old server and move the SSL cert to the new server also tick the check box in ESM to tell it that its a Front End.

So far so good?

I want to leave the old server in place as a backup just in case something happens to the new one, also just in case once I swap it over if issues occur I can just swap it back.

So can the SSL cert be copied out of the old server and imported into the new server without it being deleted out of the old one?

Once I tick the box in ESM that the new server is the Front End do I have to untick the old server in ESM?

Anything else I'm missing?
0
Neogeo147
Asked:
Neogeo147
  • 2
  • 2
  • 2
  • +1
3 Solutions
 
MrC63Commented:
If it's a third party certificate (VeriSign, GoDaddy, Thawte, etc), it is keyed by the issuer, and is keyed against a specific machine.  You cannot simply copy the SSL from the old server to the new one.  You'll need to generate a new CSR code, and re-key the certificate with the issuer against the new server.  This will render the old server SSL certificate invalid.  However, it normally only takes a few minutes to re-key an SSL certificate, so if you ever did have to go back to the old server, you would simply repeat this process.

Is it safe to assume your mailboxes and information stores are on other back-end servers?
0
 
Bruno PACIIT ConsultantCommented:
Hi,

I know it's probably too late but if the problem was memory and processor limitation on the old physical server my simpliest solution (I mean the solution I would have tried or envisage at first) would have been to virtualize the current front-end server on Hyper-V (or VMware if you prefer).
After the P2V process you just have to add memory and vProc to your VM... The good thing is that it is the SAME server ! Nothing to change, nothing to move, nothing to migrate.

Yes of course, Microsoft does not support Exchange 2003 in a virtualized environment. But it works very very well anyway.
Also, you don't have to care about the MS support because Exchange 2003 support is ending in any case.


Also, virtualization resolve your "backup just in case" problem... You just have to save the VM files somewhere to be able to make it run on any other Hyper-V server...

Have a good day.
0
 
Simon Butler (Sembee)ConsultantCommented:
The first response above is incorrect.
SSL certificates are not keyed against specific machines. You can simply export the certificate AND the private key to a file, then import them.

However many of the major SSL providers (not GoDaddy, but Verisign and their associates) will tell you that you need another "licence" for the new server and want to charge you some more money.

Simon.
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
Neogeo147Author Commented:
Thank you for the responses, actually the virtual sounds like a good plan, so how would I go about the full process?

The SSL cert is from Thawte so I can export and import it into the new server and it will still maintain the SSL cert on the old server.

Yes all mailboxes reside on the back end server.
0
 
Simon Butler (Sembee)ConsultantCommented:
Exchange 2003 doesn't care about the host name, so just export the certificate, remember to tick the box to include the private key.
Then import it in to the new server. You might have a root or intemediate certificate to import as well.

Then switch the DNS and/or firewall to point to the new server.

Simon.
0
 
Neogeo147Author Commented:
would I even have to switch DNS and or Firewall even though its pointing to the same IP address, the name of the server is slightly different though.
0
 
MrC63Commented:
If you switch the static IP address as you suggested in your original post, there should be no need to make any DNS changes.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now