Link to home
Start Free TrialLog in
Avatar of Michael McGuire
Michael McGuireFlag for United States of America

asked on

Exchange 2016 URL'S & SSL Certs

Going to be migrating to Exchange 2016 (from EX2010) and need some advice on External URL's and SSL Certs.  On my Exchange 2010 I was using the host name of both my Internal & External URL's for Virtual Directories (ActiveSync, OWA, AOB, ..etc).  I was told that it is recommended to not use the host name on these external url's.  I should use ex.: mail.mydomain.com (use just general mail name instead of my host name).  So should i just use this on my External URL's or both Internal and External?

When creating my new SSL Cert for EX2016 would I still need to put my host name on this Cert?  My current SSL Cert (EX2010) has the following: hostname.mydomain.com; autodiscover.mydomain.com, legacy,mydomain.com; mydomain.com.

I would like to use as minimal amount of SAN names as possible.
ASKER CERTIFIED SOLUTION
Avatar of M A
M A
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Mahesh
Mahesh
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Michael McGuire
Michael McGuire
Flag of United States of America image

ASKER

Ok, my plan then is to use just the 2 names: mail.mydomain.com & autodiscover.mydomain.com.  I will setup all Ext & Int URL's to be mail.mydomain.com.  I will create an Internal DNS Host(A) record for mail that will point to the EX2016 internal IP Address and an External DNS A-Record that points to mail.mydomain.com to the external static IP that we own.  Will this make my migration more difficult because my current Ex2010 server is using host names?  Will this cause any issues with the mail flow during the migration progress?
Avatar of Mahesh
Mahesh
Flag of India image
Your external static ip should point to new exchange 2016 only
This causes no issues as long as you configure urls correctly
Refer sembee article or other article posted earlier for step by step

Exchange will proxy requests to exchange 2010 silently when user mailbox remains on exchange 2010

Do note that url configuration need to be done on exchange 2010 & 2016 both
Avatar of M A
M A
Flag of United States of America image
If you want you can create a host entry for mail.emaildomain.com and autodiscover.emaildomain.com which points to Exchange 2016 in a test PC. Open outlook in that PC if that works you can update the A records in your DNS server.
The same applies for your external access. Change NAT in firewall (After working hours)  to Exchange2016 and test from an external network. If that works you are good to go.
Below screenshot I created a host entry in my PC for your reference.
User generated image
Avatar of Michael McGuire
Michael McGuire
Flag of United States of America image

ASKER

Thanks guys for your help and pointing me in the right direction