Replacing Exchange 2003 Front End OWA server

Posted on 2013-06-05
Medium Priority
Last Modified: 2013-07-15
We have a current Exchange 2003 Front End server that is really out of date and has limited processor speed and memory and is due for an upgrade.

Since I cannot really upgrade this old server anymore I opted to purchase another one to replace it.

I have installed Server 2003 and Exchange 2003, I've added it to my domain, ESM see's the current Servers right now, I have copied over all the IIS settings and have done all the updates needed.

The only thing I have left to do is to change it to the Static IP of the old server and move the SSL cert to the new server also tick the check box in ESM to tell it that its a Front End.

So far so good?

I want to leave the old server in place as a backup just in case something happens to the new one, also just in case once I swap it over if issues occur I can just swap it back.

So can the SSL cert be copied out of the old server and imported into the new server without it being deleted out of the old one?

Once I tick the box in ESM that the new server is the Front End do I have to untick the old server in ESM?

Anything else I'm missing?
Question by:Neogeo147
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1

Expert Comment

ID: 39223089
If it's a third party certificate (VeriSign, GoDaddy, Thawte, etc), it is keyed by the issuer, and is keyed against a specific machine.  You cannot simply copy the SSL from the old server to the new one.  You'll need to generate a new CSR code, and re-key the certificate with the issuer against the new server.  This will render the old server SSL certificate invalid.  However, it normally only takes a few minutes to re-key an SSL certificate, so if you ever did have to go back to the old server, you would simply repeat this process.

Is it safe to assume your mailboxes and information stores are on other back-end servers?
LVL 16

Expert Comment

by:Bruno PACI
ID: 39223538

I know it's probably too late but if the problem was memory and processor limitation on the old physical server my simpliest solution (I mean the solution I would have tried or envisage at first) would have been to virtualize the current front-end server on Hyper-V (or VMware if you prefer).
After the P2V process you just have to add memory and vProc to your VM... The good thing is that it is the SAME server ! Nothing to change, nothing to move, nothing to migrate.

Yes of course, Microsoft does not support Exchange 2003 in a virtualized environment. But it works very very well anyway.
Also, you don't have to care about the MS support because Exchange 2003 support is ending in any case.

Also, virtualization resolve your "backup just in case" problem... You just have to save the VM files somewhere to be able to make it run on any other Hyper-V server...

Have a good day.
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 1336 total points
ID: 39223561
The first response above is incorrect.
SSL certificates are not keyed against specific machines. You can simply export the certificate AND the private key to a file, then import them.

However many of the major SSL providers (not GoDaddy, but Verisign and their associates) will tell you that you need another "licence" for the new server and want to charge you some more money.

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 39223979
Thank you for the responses, actually the virtual sounds like a good plan, so how would I go about the full process?

The SSL cert is from Thawte so I can export and import it into the new server and it will still maintain the SSL cert on the old server.

Yes all mailboxes reside on the back end server.
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1336 total points
ID: 39224002
Exchange 2003 doesn't care about the host name, so just export the certificate, remember to tick the box to include the private key.
Then import it in to the new server. You might have a root or intemediate certificate to import as well.

Then switch the DNS and/or firewall to point to the new server.


Author Comment

ID: 39224243
would I even have to switch DNS and or Firewall even though its pointing to the same IP address, the name of the server is slightly different though.

Assisted Solution

MrC63 earned 664 total points
ID: 39224253
If you switch the static IP address as you suggested in your original post, there should be no need to make any DNS changes.

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month10 days, 23 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question