Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Exchange 2013 Upgrade with SSL and Name Change

Posted on 2014-01-28
2
Medium Priority
?
617 Views
Last Modified: 2014-01-29
Hello,

We are looking to transition from Exchange 2007 to 2013.  We are a relatively small organization (~600 mailboxes), so we have decided to use just one server for MBX+CAS.  I have a couple of questions about this upgrade:

We have named our 2007 server and all of the service names "exchangesvr" (except for autodiscover).  We are considering switching to use "mail" as the service name for everything except autodiscover, since that seems to be pretty standard.  Is it a good idea to use the name "mail", or should we keep our existing name?  It seems like we may run into problems during co-existence if we keep the name "exchangesvr" for 2013 because that will still be the name of the physical 2007 machine, even though the service name will have switched to our 2013 server.  Also, if we do change the name from "exchangesvr" to "mail", does this mean that we do not need to use a legacy namespace?  We can just refer to "exchangesvr" as the legacy server, correct?

Also, our 2007 server has no SSL certificate.  We will most definitely be implementing an SSL certificate on the 2013 server.  How will that affect users during co-existence?  When we go live with 2013, I know we will have to change the ActiveSync profile on all our company phones to the new server name (if we go with a  new name) and to use SSL.  If a user's mailbox has not been migrated to the 2013 server, will there be issues when the user goes from an SSL connection with the 2013 server to not having an SSL connection with the 2007 server?  Would it be possible to have users who haven't been migrated to the new server continuing to use the same ActiveSync settings until we do migrate their mailbox to the new server?

Thanks in advance for your input.
0
Comment
Question by:ejscn
2 Comments
 
LVL 9

Accepted Solution

by:
David Carr earned 1000 total points
ID: 39815897
Using mail for Exchange Server 2013 is a good idea. You should still use a legacy namespace.

The ActiveSync/SSL piece would be trickier. Do you have a way to get the  new SSL cert pushed out to mobile devices? The certificate should have a URL with the new namespace. For 2007, Exchange will re-direct ActiveSync requests to a CAS in the domain where the mailbox server is located. It may be possible to get a new ActiveSync profile on the device with the settings for Exchange 2013 since it will be using a new  SSL Certificate while the "old" 2007 configuration is on the device.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1000 total points
ID: 39817082
Surprised you have no SSL on Exchange 2007, someone must have done a lot of work to get you in to that state.

What I would do is get a trusted SSL UC/SAN certificate with the following names on it:

mail.example.com (common name)
Autodiscover.example.com
legacy.example.com
exchangesvr.example.com

Install the certificate on both the old and the new server.
On Exchange 2007, configure all external and internal URLs to legacy.example.com
Ensure that legacy.example.com resolves on the internet to Exchange 2007 server, as well as on the internal network.
Use the method I have outlined here to do that, but ignore the Autodiscover part.
http://exchange.sembee.info/2007/install/singlenamessl.asp
Also configure mail.example.com to resolve internally to the new Exchange server.

Configure the other names EXTERNALLY to resolve to Exchange 2013 and in IIS manager turn off the require SSL option on the ActiveSync virtual directory.
On Exchange 2007, remove the external URL for ActiveSync.

That should allow everything to work correctly as it currently does. Exchange 2013 will proxy the ActiveSync traffic to the Exchange 2007 server.

Then start getting to the mobile devices and change their connection to the correct URL. Some of them will change on their own, if they support Autodiscover, as they will be corrected by Exchange when they connect the first time.

Simon.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
You finally migrated Public Folders to Office 365, decommissioned the Public Folder mailbox database and since then, when you send an email from on-premise to mail-enabled Public Folders, you get the following error: "Misconfigured public folder mai…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question