Exchange 2013/07 migration certificate issues
Posted on 2014-09-09
I previously had a single server Exchange 07 environment. Stood up an Exchange2013 sever successfully. Mailflow is working, I have moved my own admin account over to EX2013 and am able to successfully send and receive mail with a few tweaks(on the outside need to use the temporary public a record).
Machine name: Ex07.domain.local
Internal URL: mail.domainname.com
External URL: mail.domainname.com
Machine name: EX2013.domain.local
Internal URL: EX2013.domainname.com
External URL: EX2013.domainname.com (Once I move everyone over I will change the ext URL to mail.domainname.com and switch the NAT rule in the firewall)
With netsol I have mail.domainname.com and EX2013.domainname.com(temp) setup with different public IPs, firewall allows smtp traffic and NATs them through to their proper internal IPs.
I created EX2013.domainname.com so I could test everything out before moving everyone over to the new server , making the NAT changes and decommissioning the old Ex07 server. I will get ride of the public A record EX2013.domainname.com once the transition is done.
I also have on internal DNS zone for domainname.com. It has Mail and autodiscover currently pointed to EX07 and a record EX2013.domainname.com pointed to EX2013's private IP.
I have a public CA cert with mail.domainname.com and autodiscover and EX2013.domainname.com as SANs installed on the new server successfully. The old server has a single cert through a different public CA, I just left that one alone.
Ultimately I want a seemless experience for my clients. I don't want them to have to change anything in Outlook, their smartphones, there Outlook on their home machine, anything, if I can avoid it.
Currently on my internal machine with Outlook 2013 I get prompt to login 2-3 times when I open Outlook and I get a certificate error(name mismatch). It claims it's looking for EX2013.domain.local.
I have been looking through site after site and have changed all the virtual directories internal URL to EX2013.domainname.com. I have run Set-ClientAccessServer and a few others to manually specify the internal URL. Yet I still get a cert name mismatch.
If I continue on under Account Settings->Server Settings-Server: reads "email@example.com". I believe that is normal.
I'm looking for any advise or areas to check to clear up this certificate name mismatch and the 2-3 logins every time I open outlook.
Your help is appreciated.