WOW – thank you for that reply!!!!! I will definitely get the UCC cert and get it from certificateesforexchange.com.
My Exch2003 currently has the mail.mydomain.com certificate installed on it. I’m curious, what happens to that certificate? Does it stay on exch2003 until the box is de-commissioned? Joseph Danielsen From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, November 09, 2011 2:07 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition You have touched on what, for some, is the most confusing aspect of a migration. If you are going to be in coexistence mode, you will need at least one additional certificate – the legacy certificate. This is used to securely redirect users on the new server to the old server when necessary. You MAY require a second name – the autodiscover name. You will require it if some of your computers are not domain joined. AND if you don’t have it, you’ll need to create a SRV record I RECOMMEND you get a new UCC certificate that has 3 names: mail, autodiscover, legacy – available for about USD $60 per year from certificatesforexchange.com. It really makes configuring things much easier. I wrote a mini-sidebar-article for EMO early last year that covers this: You’ve decided to upgrade from Exchange 2003 to Exchange 2007/2010 and you don’t want to replace your existing SSL certificate. What can you do? First, be aware that the so-called Unified Communications certificates are inexpensive from a number of vendors. Second, configuring and maintaining a single-named certificate is harder and more difficult to maintain (which is another way of saying that it costs you and your company time and money). However, it can be done. From a broad overview perspective, you will take the existing certificate and install it on your new server. Then, on the new server, you will create a “redirection site” for the new Autodiscover feature. Next, you’ll update your internal DNS so that the name of the SSL certificate points to the IP address of the new server. Next, you’ll update DNS to contain an SRV record that points to the Autodiscover feature. Finally, you’ll configure Exchange to use those names. Sound easy? It’s harder than it sounds! For the details, see the white paper “Exchange 2007 Autodiscover Service” at http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx and the knowledge base article KB940726 at http://support.microsoft.com/kb/940726. I gave a 75 minute session on Exchange and SSL certificates at the Exchange Connections conference last week and barely covered the common scenarios. The possible permutations are many and there is a huge amount of misunderstanding out there. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: ExchList [mailto:exchl...@networkblade.com] Sent: Wednesday, November 09, 2011 1:52 PM To: MS-Exchange Admin Issues Subject: RE: Ex2003 to 2010 Transition Thank you everyone for replying – I have printed most of them, starting with Michael’s. I’ve read half already. Regarding SSL certs (I don’t yet know if your article explains it clearly) I’m a bit confused. Currently my one Exchange 2003 server uses mail.mydomain.com. I seem to believe that I have to get another SSL cert for Autodiscover.mydomain.com. But I read somewhere that I need a third cert pointing to legacy.mydomain.com too? Is that correct? Remote devices are only Droid and iPhone. Can’t I just move/copy my current cert from Exch2003 server to the Exch2010 server? From: Steve Ens [mailto:stevey...@gmail.com]<mailto:[mailto:stevey...@gmail.com]> Sent: Wednesday, November 09, 2011 1:34 PM To: MS-Exchange Admin Issues Subject: Re: Ex2003 to 2010 Transition Hey Joseph Yes the articles that have been outlined are good. A few of us have been through this migration already. Jaap and MBS and the technet articles are great resources. It isn't hard, but make sure to read the documentation through thoroughly first and outline your steps on paper. Give yourself a week and you can do most everything online/realtime. Steve On Wed, Nov 9, 2011 at 11:55 AM, ExchList <exchl...@networkblade.com<mailto:exchl...@networkblade.com>> wrote: I’m late to the game on this project and need to get a jump start on this fast moving project. Can you folks point me to a widely accepted How To article on transitioning from Exchange 2003 to 2010? I have only one Exchange 2003 server/site and want to end with only one Exchange 2010 server (knowing that I might be required to co-exist 2003 for a short time period). My domain functional level has already be raised and I do have a 2008 DC in place already. Thanks in advance! Joseph Danielsen --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
