[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Replacing Exchange 2003 Front End OWA server

Posted on 2013-06-05
Medium Priority
Last Modified: 2013-07-15
We have a current Exchange 2003 Front End server that is really out of date and has limited processor speed and memory and is due for an upgrade.

Since I cannot really upgrade this old server anymore I opted to purchase another one to replace it.

I have installed Server 2003 and Exchange 2003, I've added it to my domain, ESM see's the current Servers right now, I have copied over all the IIS settings and have done all the updates needed.

The only thing I have left to do is to change it to the Static IP of the old server and move the SSL cert to the new server also tick the check box in ESM to tell it that its a Front End.

So far so good?

I want to leave the old server in place as a backup just in case something happens to the new one, also just in case once I swap it over if issues occur I can just swap it back.

So can the SSL cert be copied out of the old server and imported into the new server without it being deleted out of the old one?

Once I tick the box in ESM that the new server is the Front End do I have to untick the old server in ESM?

Anything else I'm missing?
Question by:Neogeo147
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1

Expert Comment

ID: 39223089
If it's a third party certificate (VeriSign, GoDaddy, Thawte, etc), it is keyed by the issuer, and is keyed against a specific machine.  You cannot simply copy the SSL from the old server to the new one.  You'll need to generate a new CSR code, and re-key the certificate with the issuer against the new server.  This will render the old server SSL certificate invalid.  However, it normally only takes a few minutes to re-key an SSL certificate, so if you ever did have to go back to the old server, you would simply repeat this process.

Is it safe to assume your mailboxes and information stores are on other back-end servers?
LVL 16

Expert Comment

by:Bruno PACI
ID: 39223538

I know it's probably too late but if the problem was memory and processor limitation on the old physical server my simpliest solution (I mean the solution I would have tried or envisage at first) would have been to virtualize the current front-end server on Hyper-V (or VMware if you prefer).
After the P2V process you just have to add memory and vProc to your VM... The good thing is that it is the SAME server ! Nothing to change, nothing to move, nothing to migrate.

Yes of course, Microsoft does not support Exchange 2003 in a virtualized environment. But it works very very well anyway.
Also, you don't have to care about the MS support because Exchange 2003 support is ending in any case.

Also, virtualization resolve your "backup just in case" problem... You just have to save the VM files somewhere to be able to make it run on any other Hyper-V server...

Have a good day.
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 1336 total points
ID: 39223561
The first response above is incorrect.
SSL certificates are not keyed against specific machines. You can simply export the certificate AND the private key to a file, then import them.

However many of the major SSL providers (not GoDaddy, but Verisign and their associates) will tell you that you need another "licence" for the new server and want to charge you some more money.

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.


Author Comment

ID: 39223979
Thank you for the responses, actually the virtual sounds like a good plan, so how would I go about the full process?

The SSL cert is from Thawte so I can export and import it into the new server and it will still maintain the SSL cert on the old server.

Yes all mailboxes reside on the back end server.
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1336 total points
ID: 39224002
Exchange 2003 doesn't care about the host name, so just export the certificate, remember to tick the box to include the private key.
Then import it in to the new server. You might have a root or intemediate certificate to import as well.

Then switch the DNS and/or firewall to point to the new server.


Author Comment

ID: 39224243
would I even have to switch DNS and or Firewall even though its pointing to the same IP address, the name of the server is slightly different though.

Assisted Solution

MrC63 earned 664 total points
ID: 39224253
If you switch the static IP address as you suggested in your original post, there should be no need to make any DNS changes.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question