Solved

Certificate Question Migrating Exchange 2007 to 2013

Posted on 2016-10-25
4
42 Views
Last Modified: 2016-10-25
I am about to undergo a migration from Exchange 2007 to 2013 and I am seeing in the Deployment Assistant and Microsoft's step-by-step article that it seems like I am supposed to request a new certificate from my CA.
I thought that somewhere I would have to export my SSL certificate and any others from my 2007 Exchange and import them onto my new 2013 server. Is that not true?

Please advise and if there are any articles I'd be interested in reading those too.
0
Comment
Question by:Joe Lowe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 41

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41859556
The requirement for a new certificate is to allow both Exchange servers to have a valid host name that matches the certificate. When you migrate, you'll have to have two host names at a minimum (3 for the recommended scenario where autodiscover.domain.com is included), one for the 2013 server and one for the 2007 server. Normally, the 2007 server will be assigned a new host name called legacy.domain.com, while the 2013 server takes over the normal host name (mail.domain.com or whatever you're using). If your certificate only has mail.domain.com and autodiscover.domain.com (or just mail.domain.com) you'll need to generate a new certificate to support the additional host name the coexistence deployment requires.

Now, you can bypass the need for a new certificate, but doing so involves doing a complete cutover migration, where users may not have access to their mailboxes during the time it takes to move their mail from Exchange 2007 to 2013.

Also note, if you have a Wildcard certificate on Exchange 2007, you can use that for both servers without any issues or certificate regeneration.
0
 

Author Comment

by:Joe Lowe
ID: 41859567
I did see the legacy.domain.com steps and figured it was just for the coexistence. I don't necessarily need that and have prepared users for downtime so a complete cutover was my plan. So since it was, I can just export and import all certificates from Exchange 2007 to 2013? Or just the 1 SSL?

I guess another question I have as it was not in any of the instructions but Microsoft advised I do this..before I do the migration of the user mailboxes, I should dismount the database before the migration process correct?
0
 
LVL 41

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 41859575
You can just export the certificate that you're using for OWA and import that to 2013.

As for Microsoft's recommendation...The DB has to be mounted for the mail to migrate, so I thing they may be referring to the recommendation of switching the databases (on both sides) to use Circular logging during the migration. This prevents massive Transaction log growth during the move, which can cause huge problems if there isn't enough space to store the transaction logs. Switching to Circular logging requires dismounting and remounting the database.
0
 

Author Comment

by:Joe Lowe
ID: 41859592
Okay great. Thank you for the advise. Last question I believe. I found this site to export the certificates from 2007: http://msexchangeguru.com/2013/06/29/import-cert-e2013/

However when I do the command 'Get-ExchangeCertificate' I see 5 Thumbprints of certificates. How do I know which ones to export exactly? So far I followed the steps in the link I provided on all the certificates that are still valid. Should that be suffice?
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question