?
Solved

Exchange 2010 -DAG, CAS - SSL SAN Cert, update internal names to external

Posted on 2015-01-29
3
Medium Priority
?
47 Views
Last Modified: 2015-05-28
Hello Experts,

A little background about  my environment: Exchange 2010, 2 CAS servers using Windows NLB, and 2 Database DAG servers. Both running 2008 R2.

I am in the middle of renewing my SSL SAN cert for my Exchange 2010 environment and I know that your are no longer allowed to use Internal names on the cert. I know that I need to change my: Autodiscover, OAB, Web Services, ActiveSync, OWA, and ECP to reflect the external domain name which is not a problem. My worry comes when updating the CAS array name from casarray.internal.local to mail.external.domain.

I see that I can basically change the internal name on the NLB by updating the Full Internet Name value under properties of the load balancer. I can also update the RPC value of the mailbox databases to use the external domain via PS. What I need is some clarification on are the Outlook profiles. From what I am reading, Exchange 2010 SP2 RU 3 and higher will automatically force the Outlook client to update to the new value. Is that correct? I am running SP3 Rollup 8a so I should be in the clear. I would hate to have my users redo all their Outlook profiles...

Thanks in advance,
-Mike
0
Comment
Question by:BAYCCS
  • 2
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 40577943
There should be no issues doing this. Just make sure that you have the proper DNS records associated with your name change. Also you could test this by adding a local record to your host file as well. But you should be fine.

Will.
0
 
LVL 5

Author Comment

by:BAYCCS
ID: 40577982
What happens if I make these changes during the day? Would users see a major disruption or would they just get prompted in Outlook after the changes are made?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40577997
If the URL changes and you are using Exchange 2010 it uses persistent connections from CAS to the mailbox server. This means that you will break the connection between the CAS and Mailbox server for each user. They will need to close and re-open Outlook.

Autodiscover should take care of any clients pointing to a cached dns entree on their local machine for the internal.domain.com

Will.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question