Rename domain with exchange 2010 server

I have a 2 server domain. My primary File Server is also my domain controller. It is running Windows 2008 32 bit Server. My other server is running Windows 2008 R2 with Exchange 2010. My clients are all using Outlook 2010. Forever the internal domain has been xxx.local and the external domain is yyyyyy.org. When running Exchange 2003 this never created any significant issues. After migrating to Exchange 2010, I quickly discovered the issue with SSL Certificates not being issued for .local domains anymore. I did purchase a Certificate for the external domain do users have no issues there. The internal users can use Outlook 2010 but get regular and annoying messages about a certificate mismatch error because of the xxx.local domain.

Is there an easy way to rename the domain without having to basically wipe and reload exchange after a domain rename? Everything I read says domain renames are not supported if Exchange 2007 or Exchange 2010 exist in the domain.

Thanks,
P HurdleAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
You need to configure Split DNS internally to avoid the security alert prompt. You will also need to update all of your virtual directories for internal to match what you have set externally. High level steps below...

- Create a new Zone on the DNS server (internally)
- Named yyyy.org
- In that zone create an A (host) record for mail.yyyy.org (pointing to your CAS server or cas load balanced IP)
- Open the EMC
- modify all of the virtual directories so that they all match what you have externally.. example

External: https://mail.yyyy.org/owa
Internal: https://mail.yyyy.org/owa

Once you have done that have your clients re-launch Outlook and they will not see the prompt with the security warning.

There is no need to RENAME your domain. Split DNS is the answer here.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
P HurdleAuthor Commented:
Are more detailed instructions available? I have never completed these tasks.

Thanks
0
GuyMontagCommented:
Will's response is the correct answer and the solution, I would just like to add one comment:

By creating yyyy.org zone on your internal DNS it will then try to resolve all queries for that domain.  If you have a.yyyy.org and b.yyyy.org externally you will want those internal as well otherwise internal cleints won't be able to resolve them.

The other option is to create your internal zone as the full name of your mail server then simply ad a "same as parent" record.  This way all DNS queries will still go to the web except for that specific host.

Steps:

Create new primary zone on your DNS server, name it mail.yyyy.org.
Create new host record in that zone, leave the host name blank and just enter the IP address. This will create a "same as parent" record.
Follow the rest of Will's steps.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Will SzymkowskiSenior Solution ArchitectCommented:
If you want complete detail on this then ExchangeServerPro has a complete article regarding this. See below link.
http://exchangeserverpro.com/ssl-requirements-for-exchange-when-certificate-authorities-wont-issue-certificate/

Will.
0
P HurdleAuthor Commented:
I don't see any parts of that article that are relevant to me. I need assistance creating the split domain.

Thanks,

Peter
0
Will SzymkowskiSenior Solution ArchitectCommented:
Do the following...
- Login to one of your DNS servers
- Open the DNS Console

See the below screenshots...
dns1.JPGdns2.JPGdns3.JPGdns4.JPGdns5.JPGdns6.JPGdns7.JPGdns8.JPGdns9.JPG
Once you have completed those steps you just need to update your virtual directories like i mentioned in my first post.

Will.
0
P HurdleAuthor Commented:
Thanks for that help. How do I update my virtual directories?

Thanks
0
P HurdleAuthor Commented:
Also, what IP address do I use? I am getting a message that say" Warning "the associated PTR record cannot be created, probably because the referenced reverse lookup zone cannot be found.
0
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.