Exchange 2013 Upgrade with SSL and Name Change

Posted on 2014-01-28
Last Modified: 2014-01-29

We are looking to transition from Exchange 2007 to 2013.  We are a relatively small organization (~600 mailboxes), so we have decided to use just one server for MBX+CAS.  I have a couple of questions about this upgrade:

We have named our 2007 server and all of the service names "exchangesvr" (except for autodiscover).  We are considering switching to use "mail" as the service name for everything except autodiscover, since that seems to be pretty standard.  Is it a good idea to use the name "mail", or should we keep our existing name?  It seems like we may run into problems during co-existence if we keep the name "exchangesvr" for 2013 because that will still be the name of the physical 2007 machine, even though the service name will have switched to our 2013 server.  Also, if we do change the name from "exchangesvr" to "mail", does this mean that we do not need to use a legacy namespace?  We can just refer to "exchangesvr" as the legacy server, correct?

Also, our 2007 server has no SSL certificate.  We will most definitely be implementing an SSL certificate on the 2013 server.  How will that affect users during co-existence?  When we go live with 2013, I know we will have to change the ActiveSync profile on all our company phones to the new server name (if we go with a  new name) and to use SSL.  If a user's mailbox has not been migrated to the 2013 server, will there be issues when the user goes from an SSL connection with the 2013 server to not having an SSL connection with the 2007 server?  Would it be possible to have users who haven't been migrated to the new server continuing to use the same ActiveSync settings until we do migrate their mailbox to the new server?

Thanks in advance for your input.
Question by:ejscn
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

David Carr earned 250 total points
ID: 39815897
Using mail for Exchange Server 2013 is a good idea. You should still use a legacy namespace.

The ActiveSync/SSL piece would be trickier. Do you have a way to get the  new SSL cert pushed out to mobile devices? The certificate should have a URL with the new namespace. For 2007, Exchange will re-direct ActiveSync requests to a CAS in the domain where the mailbox server is located. It may be possible to get a new ActiveSync profile on the device with the settings for Exchange 2013 since it will be using a new  SSL Certificate while the "old" 2007 configuration is on the device.
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 250 total points
ID: 39817082
Surprised you have no SSL on Exchange 2007, someone must have done a lot of work to get you in to that state.

What I would do is get a trusted SSL UC/SAN certificate with the following names on it: (common name)

Install the certificate on both the old and the new server.
On Exchange 2007, configure all external and internal URLs to
Ensure that resolves on the internet to Exchange 2007 server, as well as on the internal network.
Use the method I have outlined here to do that, but ignore the Autodiscover part.
Also configure to resolve internally to the new Exchange server.

Configure the other names EXTERNALLY to resolve to Exchange 2013 and in IIS manager turn off the require SSL option on the ActiveSync virtual directory.
On Exchange 2007, remove the external URL for ActiveSync.

That should allow everything to work correctly as it currently does. Exchange 2013 will proxy the ActiveSync traffic to the Exchange 2007 server.

Then start getting to the mobile devices and change their connection to the correct URL. Some of them will change on their own, if they support Autodiscover, as they will be corrected by Exchange when they connect the first time.


Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question