Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 763
  • Last Modified:

New Exchange Certificate Exchange 2010 & Which Exchange server is sending/receiving mail.

I just purchased a Standard UCC SLL (up to 5) certificate from Godaddy.  I currently have an SSL Certificate installed on an Exchange 2003 server.  I've installed a new Exchange 2010 server, and have them coexisting for the time being.  I have not moved the mailboxes over yet, but will soon.

I want to get the SSL certificate setup and ready on the Exchange 2010 server, and when I initiated the New Exchange Certificate, I selected all items on Exchange Configuration (Share, Outlook WebApp, Exchange ActiveSync, Web Services, OWA, and Autodiscover, POP/IMAP, Hub Transport, and Legacy).  I omitted Unified Messaging.

Anyway, when pasting the CSR I see 7 subject names when there is a limit of 5 as per the certificate that was purchased.  Please note our AD domain uses .local.

I need to enable secure communications for OWA and ActiveSync.

I am not sure if I need Outlook Web App, Hub Transport Server, or Legacy Exchange Server.  I do not believe we use POP/IMAP, so they can be excluded if necessary.  

I contacted Godaddy support about this, and they suggested upgrading the cert to one that supports 8 names.  They also suggested I use the following article to reconfigure MS Exchange to use a FQDN.

http://support.godaddy.com/help/article/6281/reconfiguring-microsoft-exchange-server-to-use-a-fully-qualified-domain-name

I need to know which exchange configuration options to select when generating the CSR as described above, and then know if I should follow the steps defined in the above link to reconfigure Exchange to use FQDN.

I would like to get this certificate installed on the new Exchange 2010 server, move all the mailboxes, ensure all pubic folders replicate, and decommission the exchange 2003 server.  

I also had a question as to how to tell whether the new Exchange 2010 server can send and receive mail without the existing Exchange 2010 server.  I can't tell which server actually receives/sends mail.  As of this morning I was able to resolve a troubling issue with the routing group connector/SMTP virtual server that would not allow mail from Exchange 2003 to a test user's mailbox on the Exchange 2010 server.  So, I am curious to know how I can force mail to be sent and received on the Exchange 2010 server once all the mailboxes are moved to it.  

Thank you for any feedback.  I included a screenshot for a quick review.
0
cmp119
Asked:
cmp119
  • 15
  • 9
1 Solution
 
Alan HardistyCo-OwnerCommented:
You only need 2 names - mail.domain.com (or whatever you want to use) and autodiscover.domain.com.

Anything else is no longer necessary unless you have other requirements for the SSL certificate.
0
 
cmp119Author Commented:
So when I create the CSR the only Exchange Configuration options I need to select are the second option Exchange ActiveSync and the third one Web Services, Outlook Anywhere, and Autodiscover?  

What about following the procedures Godaddy support sent me:

http://support.godaddy.com/help/article/6281/reconfiguring-microsoft-exchange-server-to-use-a-fully-qualified-domain-name

Or can I simply continue processing the existing CSR  and remove all the .local references along with legacy.domain.com and anywhere.domain.com?
SSL-Cert-Names.jpg
0
 
Alan HardistyCo-OwnerCommented:
You can select the majority of the options but just choose the names you want to use.

mail. for everything except autodiscover and autodiscover. for the autodiscover part.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
cmp119Author Commented:
Okay, what about the .local ones?  Do I follow the steps in the article Godaddy suggested I do or its not necessary?  

I will most likely use the following names then:

mail.domain.com
autodiscover.domain.com
anywhere.domain.com
legacy.domain.com

meaning the remaining three .local ones will be removed.
0
 
Alan HardistyCo-OwnerCommented:
Ignore those - .local won't be accepted past Nov 2015.  You can point the internal URL's to the external FQDN to match the SSL cert name.

Not sure about the article - I'll check in a sec.
0
 
Alan HardistyCo-OwnerCommented:
Use the article after installing the certificate, or just amend then copy / paste the following into the Exchange Management Shell:

et-AutodiscoverVirtualDirectory -Identity * -internalurl “https://mail.domain.com/autodiscover/autodiscover.xml”
Set-ClientAccessServer -Identity * -AutodiscoverServiceInternalUri “https://mail.domain.com/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory -Identity * -internalurl “https://mail.domain.com/EWS/Exchange.asmx”
Set-oabvirtualdirectory -Identity * -internalurl “https://mail.domain.com/oab”
Set-owavirtualdirectory -Identity * -internalurl “https://mail.domain.com/owa”
Set-ecpvirtualdirectory -Identity * -internalurl “https://mail.domain.com/ecp”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "https://mail.domain.com/Microsoft-Server-ActiveSync"
0
 
cmp119Author Commented:
I initiated all the above commands individually modifying the mail.domain.com with mail.rcsch13.com, and they all completed successfully.  All mailboxes now reside on the Exchange 2010 server.  

OWA works fine internally, in that https://ajax.ch13.local/owa works fine.

However, from an external location, https://mail.rcsch13.com/owa changes to https://ajax.ch13.local/owa and indicates page not found.  

https://mail.rcsch13.com/exchange indicates page not found as well.  

I tried recycling IIS on the Exchange 2010 server, but no joy.

Still looking for a solution!
0
 
Alan HardistyCo-OwnerCommented:
What do you get from the following EMS command: ?

get-owavirtualdirectory | fl externalurl

Alan
0
 
cmp119Author Commented:
[PS] C:\Windows\system32>get-owavirtualdirectory | fl externalurl


ExternalUrl : https://mail.rcsch13.com/owa
0
 
Alan HardistyCo-OwnerCommented:
Hmmm - that's correct.

Can you run the reset virtual directory wizard and select the OWA virtual directory please.

Exchange Management Console> Server Configuration> Client Access

Then run iisreset and test again.

Alan
0
 
cmp119Author Commented:
Okay hold on.  Thanks.
0
 
cmp119Author Commented:
I selected it, and the Microsoft Management Console is scrolling along.  Not sure how long this should take, but I would think it ought to run fast.
0
 
cmp119Author Commented:
Unable to end the task.  When I selected Reset Virtual Directory and error with the mmc was displayed, and then the MMC shows a scrolling green bar, but it does not appear to be doing anything since its been doing that for over 10 minutes now.
0
 
cmp119Author Commented:
I was able to end the task, but when I run Reset Virtual Directory there is an MMC snapin error that appears briefly, and the same green scrolling green bar scrolls along.

I decided using the command line instead.  I completed the following steps:

[PS] C:\Windows\system32>Remove-OwaVirtualDirectory -Identity 'ajax\owa (Default Web Site)''
>>
[PS] C:\Windows\system32>Remove-OwaVirtualDirectory -Identity 'ajax\owa (Default Web Site)'

Confirm
Are you sure you want to perform this action?
Outlook Web App virtual directory "ajax\owa (Default Web Site)" is being removed.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): Y
[PS] C:\Windows\system32>New-OwaVirtualDirectory -InternalUrl 'https://ajax.ch13.local/owa' -WebSiteName 'Default Web Si
te'

Name                                    Server                                  OwaVersion
----                                    ------                                  ----------
owa (Default Web Site)                  AJAX                                    Exchange2010
0
 
cmp119Author Commented:
I iisreset /noforce, and I received the service did not respond to the start or control the request in a timely fashion.  I waited for WWW service to completely stop and then I started it.  

When I go https://mail.rcsch13.com/owa, I receive the following error:

The page cannot be found

The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Please try the following:

Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.
If you reached this page by clicking a link, contact the Web site administrator to alert them that the link is incorrectly formatted.
Click the Back button to try another link.
HTTP Error 404 - File or directory not found.
Internet Information Services (IIS)

Technical Information (for support personnel)

Go to Microsoft Product Support Services and perform a title search for the words HTTP and 404.
Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled Web Site Setup, Common Administrative Tasks, and About Custom Error Messages.
0
 
Alan HardistyCo-OwnerCommented:
Where is port 443 pointing to at the moment on your firewall?

It won't find the /owa page if it is pointing to the Exchange 2003 server.

Alan
0
 
cmp119Author Commented:
I have one inbound firewall rule for both exchange servers that passes traffic: 25,80, and 443.  So the exchange 2003 server is 172.16.2.6, and the exchange 2010 server is 172.16.2.7.
0
 
Alan HardistyCo-OwnerCommented:
Do you have multiple Public IP's?
0
 
cmp119Author Commented:
No, just one.
0
 
cmp119Author Commented:
What is weird is when I type https://mail.rcsch13.com/owa it changes it to https://ajax.ch13.local/owa.
0
 
cmp119Author Commented:
From within the local network I receive the same error HTTP Error 404 - File or directory not found when entering https://mail.rcsch13.com/owa.  Entering https://ajax/owa works fine.
0
 
cmp119Author Commented:
One more thing, the Godaddy.com certificate info is as follows:

We have received a Certificate Signing Request for the following mail.rcsch13.com domain(s) :

anywhere.rcsch13.com
autodiscover.rcsch13.com
mail.rcsch13.com
0
 
Alan HardistyCo-OwnerCommented:
If you only have one Public IP Address, you can't forward the same port to multiple internal IP's - you would need a 2nd Public IP Address to be able to do that.

I would just simply move all the mailboxes from the 2003 server to the 2010 server and then change the port forwarding to the 2010 server on the firewall and that should be sufficient.

Alan
0
 
cmp119Author Commented:
Definitely a firewall issue.  Removed the old exchange server and replaced it with the new exchange server, and now owa works.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 15
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now