• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 87
  • Last Modified:

Rename domain with exchange 2010 server

I have a 2 server domain. My primary File Server is also my domain controller. It is running Windows 2008 32 bit Server. My other server is running Windows 2008 R2 with Exchange 2010. My clients are all using Outlook 2010. Forever the internal domain has been xxx.local and the external domain is yyyyyy.org. When running Exchange 2003 this never created any significant issues. After migrating to Exchange 2010, I quickly discovered the issue with SSL Certificates not being issued for .local domains anymore. I did purchase a Certificate for the external domain do users have no issues there. The internal users can use Outlook 2010 but get regular and annoying messages about a certificate mismatch error because of the xxx.local domain.

Is there an easy way to rename the domain without having to basically wipe and reload exchange after a domain rename? Everything I read says domain renames are not supported if Exchange 2007 or Exchange 2010 exist in the domain.

Thanks,
0
P Hurdle
Asked:
P Hurdle
1 Solution
 
Will SzymkowskiSenior Solution ArchitectCommented:
You need to configure Split DNS internally to avoid the security alert prompt. You will also need to update all of your virtual directories for internal to match what you have set externally. High level steps below...

- Create a new Zone on the DNS server (internally)
- Named yyyy.org
- In that zone create an A (host) record for mail.yyyy.org (pointing to your CAS server or cas load balanced IP)
- Open the EMC
- modify all of the virtual directories so that they all match what you have externally.. example

External: https://mail.yyyy.org/owa
Internal: https://mail.yyyy.org/owa

Once you have done that have your clients re-launch Outlook and they will not see the prompt with the security warning.

There is no need to RENAME your domain. Split DNS is the answer here.

Will.
0
 
P HurdleAuthor Commented:
Are more detailed instructions available? I have never completed these tasks.

Thanks
0
 
GuyMontagCommented:
Will's response is the correct answer and the solution, I would just like to add one comment:

By creating yyyy.org zone on your internal DNS it will then try to resolve all queries for that domain.  If you have a.yyyy.org and b.yyyy.org externally you will want those internal as well otherwise internal cleints won't be able to resolve them.

The other option is to create your internal zone as the full name of your mail server then simply ad a "same as parent" record.  This way all DNS queries will still go to the web except for that specific host.

Steps:

Create new primary zone on your DNS server, name it mail.yyyy.org.
Create new host record in that zone, leave the host name blank and just enter the IP address. This will create a "same as parent" record.
Follow the rest of Will's steps.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Will SzymkowskiSenior Solution ArchitectCommented:
If you want complete detail on this then ExchangeServerPro has a complete article regarding this. See below link.
http://exchangeserverpro.com/ssl-requirements-for-exchange-when-certificate-authorities-wont-issue-certificate/

Will.
0
 
P HurdleAuthor Commented:
I don't see any parts of that article that are relevant to me. I need assistance creating the split domain.

Thanks,

Peter
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Do the following...
- Login to one of your DNS servers
- Open the DNS Console

See the below screenshots...
dns1.JPGdns2.JPGdns3.JPGdns4.JPGdns5.JPGdns6.JPGdns7.JPGdns8.JPGdns9.JPG
Once you have completed those steps you just need to update your virtual directories like i mentioned in my first post.

Will.
0
 
P HurdleAuthor Commented:
Thanks for that help. How do I update my virtual directories?

Thanks
0
 
P HurdleAuthor Commented:
Also, what IP address do I use? I am getting a message that say" Warning "the associated PTR record cannot be created, probably because the referenced reverse lookup zone cannot be found.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now