Solved

Exchange 2010 without UCC certificate

Posted on 2013-06-20
7
345 Views
Last Modified: 2013-12-02
Cutting a long story short, we are looking to migrate an SBS 2003 to SBS 2011 in the coming week.

Everything is set up and we are ready to start migrating mailboxes over. The final thing to do is to get a UCC certificate to cover the various domains. The problem we have is that multiple companies use this mail server and their legal department will not allow to have a certificate that contain all company domain names

There's 3 companies in total so is there anyway i can use individual certificates for each company? and if so how would the autodiscovery work?

This really is a pain as i think it could be a big problem to do thi.

Any advice would be greatly appreciated.
0
Comment
Question by:afflik1923
  • 4
  • 3
7 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39262153
SRV records are the answer here.
Get a generic domain name that doesn't belong to any of the three companies, then setup Exchange to use that.

Change Exchange thus: http://semb.ee/hostnames
SRV Records: http://semb.ee/srv

Simon.
0
 

Author Comment

by:afflik1923
ID: 39262239
Thanks Simon,

I've currently got a mail.domain.com certificate on the 2003 server that does belong to the primary company, could i just re-use that? or do i need to make sure the domain does not belong to any of the 3 companies?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39262299
You can use that if you want.
I suggested using another name to avoid any "political" issues if legal don't want the three company names on the same certificate.

Simon.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:afflik1923
ID: 39263070
I've done some reading regarding using the SRV records and it certainly does look like the way to go.

I am reliant on another IT company to add these records in, am i able to do these several days in advance? I just want to make sure they are correct but also not "break" the current setup.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39264610
Any clients that are outside the network with Outlook 2007 and higher will attempt to use those records as soon as they are created.
You don't need them until you are going to start moving users on to the server, so it might be a better option to build the server first then get the SRV record request in.

Simon.
0
 

Author Comment

by:afflik1923
ID: 39265196
ok so what if i create the records but the new server is not yet publicly accessible, am i right in thinking it will be ignored?

The server is built and ready to go, we intend to move them over this weekend, but ideally i'd add the records in today so they are ready (i'm relying on a 3rd party for the DNS records)
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39265456
They will not be "ignored" the client will attempt to connect to them and it may cause a startup delay in Outlook. However if you are intending to make the move this weekend I wouldn't worry about it. I would be more concerned about SSL certificates being in place.

If the connection can be made, but the account is still on Exchange 2003 then nothing will happen.

Simon.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question