Exchange 2013 coexistance during phaseout of Exchange 2007 Certificate Problem

Posted on 2014-11-24
Last Modified: 2014-11-30
I am in the process of moving our email to a new Exchange 2013 server. I am at the coexistence point and have moved owa to point to the new server. The Certificate includes the new server name and internal emails seem to be fine. The one test account I have on the new server is able to send and receive emails  from the old server. However my iphone generates a certificate not trusted for the owa server name.

The Certificate was created from a request from the old server while it was the owa ip address. Now I have altered the IP address to the new server making it the owa source. It passes owa to the old server fine however when the mailbox is on the old server.

So what am I missing on the Iphone that would cause this cert error? It also appears to only be on one of the two email accounts I have on the phone. The second generates the error and it is our helpdesk account. But the first does not generate any errors and email flows fine. The helpdesk emails do not  however. So my phone does not have any of the emails since the transition to the new IP address for owa.

The IP address is an internal IP, the external IP is of course our public address. I have a Cisco 5505 ASA as the firewall for the private network and it has rules passing email traffic to the old ip address. So should I change those rules to the new IP allowing all emails to flow to the exchange 2013 in the hopes the server sends them on to the old server, or do I need to generate a new certificate request from the new server.

I'm stumped!
Question by:dpcsit
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40464404
Do you have an external host name configured within ActiveSync on the Exchange 2007 server?

You haven't said who your SSL provider is, but a lot of them require an additional intermediate or root certificate to be installed on the server. You should check if that is the case and install it.


Author Comment

ID: 40464803
SSL provider godaddy and I installed the intermediate cert in intermediate Certificate Authorities on both servers using MMC.

The ActiveSync was changed to the legacy address as in on the 2007 server.

On the 2013 server it points to the name of the new exchange sever. As in
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 500 total points
ID: 40465617
If this is a new certificate did you install the new intermediate certificate - it was changed earlier this year.
Run a test account through the Microsoft test site at and see whether that flags anything.

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Assisted Solution

dpcsit earned 0 total points
ID: 40465642
I found the issue. Godaddy change the names that could be used and now require the full domain name. We had an entry in a phone that was only the server name without the FQDN thus there was no cert for the server it was authenticating to.

Sorry to have wasted your time.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40465684
It isn't a GoDaddy rule that was changed - it is a global thing.
From November 2015 no certificates can have internal only names (so hostname, hostname.domain.local) or IP addresses listed.


Author Closing Comment

ID: 40472328
The actual issue was a change on the godaddy rules that removed a server name without a FQDN. The suggestion by the expert however would be a good starting point for this type of error!

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at
Suggested Courses
Course of the Month4 days, 13 hours left to enroll

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question