We help IT Professionals succeed at work.

Rename domain with exchange 2010 server

P Hurdle
P Hurdle asked
on
I have a 2 server domain. My primary File Server is also my domain controller. It is running Windows 2008 32 bit Server. My other server is running Windows 2008 R2 with Exchange 2010. My clients are all using Outlook 2010. Forever the internal domain has been xxx.local and the external domain is yyyyyy.org. When running Exchange 2003 this never created any significant issues. After migrating to Exchange 2010, I quickly discovered the issue with SSL Certificates not being issued for .local domains anymore. I did purchase a Certificate for the external domain do users have no issues there. The internal users can use Outlook 2010 but get regular and annoying messages about a certificate mismatch error because of the xxx.local domain.

Is there an easy way to rename the domain without having to basically wipe and reload exchange after a domain rename? Everything I read says domain renames are not supported if Exchange 2007 or Exchange 2010 exist in the domain.

Thanks,
Comment
Watch Question

Senior Solution Architect
Most Valuable Expert 2015
Top Expert 2015
Commented:
You need to configure Split DNS internally to avoid the security alert prompt. You will also need to update all of your virtual directories for internal to match what you have set externally. High level steps below...

- Create a new Zone on the DNS server (internally)
- Named yyyy.org
- In that zone create an A (host) record for mail.yyyy.org (pointing to your CAS server or cas load balanced IP)
- Open the EMC
- modify all of the virtual directories so that they all match what you have externally.. example

External: https://mail.yyyy.org/owa
Internal: https://mail.yyyy.org/owa

Once you have done that have your clients re-launch Outlook and they will not see the prompt with the security warning.

There is no need to RENAME your domain. Split DNS is the answer here.

Will.

Author

Commented:
Are more detailed instructions available? I have never completed these tasks.

Thanks
Will's response is the correct answer and the solution, I would just like to add one comment:

By creating yyyy.org zone on your internal DNS it will then try to resolve all queries for that domain.  If you have a.yyyy.org and b.yyyy.org externally you will want those internal as well otherwise internal cleints won't be able to resolve them.

The other option is to create your internal zone as the full name of your mail server then simply ad a "same as parent" record.  This way all DNS queries will still go to the web except for that specific host.

Steps:

Create new primary zone on your DNS server, name it mail.yyyy.org.
Create new host record in that zone, leave the host name blank and just enter the IP address. This will create a "same as parent" record.
Follow the rest of Will's steps.
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
If you want complete detail on this then ExchangeServerPro has a complete article regarding this. See below link.
http://exchangeserverpro.com/ssl-requirements-for-exchange-when-certificate-authorities-wont-issue-certificate/

Will.

Author

Commented:
I don't see any parts of that article that are relevant to me. I need assistance creating the split domain.

Thanks,

Peter
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
Do the following...
- Login to one of your DNS servers
- Open the DNS Console

See the below screenshots...
dns1.JPGdns2.JPGdns3.JPGdns4.JPGdns5.JPGdns6.JPGdns7.JPGdns8.JPGdns9.JPG
Once you have completed those steps you just need to update your virtual directories like i mentioned in my first post.

Will.

Author

Commented:
Thanks for that help. How do I update my virtual directories?

Thanks

Author

Commented:
Also, what IP address do I use? I am getting a message that say" Warning "the associated PTR record cannot be created, probably because the referenced reverse lookup zone cannot be found.
Seth SimmonsSr. Systems Administrator

Commented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.