2007 noob questions 1

[OCS1]

Hi all,

I am new to Exchnage all together and due to the circumstances, I have been forced to put together an 2007 exchange server in about a weeks time.

My question is this:

They already have email and website hosted through godaddy.com I am now in the portion of setup that I have to get a SSL cert. My question is this: Does the FQDN have to be the same as thier email? For instance, if thier email is joe.blow@joe.blow.com does the FQDN of the server have to be, for instance, exchange.joe.blow.com ?

I am asking because of the SSL cert. Can I just request an SSL cert using their static IP address as the common name?

 

[computerhighguy]

NO. Name the server mail.domain.com. If you domain is ihateexchange.com then your SSL cert will be mail.ihateexchange.com. You will need to run some cmdlets to let Exchagne know what the "internet" name is for this server. You will then create a DNS record for the domain called "mail" and give it the IP address of the Exchange Server's routable IP. Then you make or change the existing MX record for the domain to the server "mail". Once you change hte MX record you will start to see mail flow through. I would suggest one of the following.

1) Change the MX record a week ahead of time and forward all mail to the godaddy SMTP smarthost or
2) Get with godaddy and have them forward all e-mail for your domain to your exchange server after you change the MX record.

If you do that, all mail will be delivered during the cutover time.

Make sure you test test and do some more testing. Download all the old e-mails into a PST file and then copy the messages back into thier mailboxes using Outlook.

There will be lots of little things along the way, so get confortable with the Exchange cmdlets. they will be your fried.


It is what it is!!
__________________________________
A+, Net+, I-Net+, Certified Web Master, MCP, MCSA, MCSE, CCNA, CCDA, and few others (I got bored one day)

 

[OCS1]

Ok.

Lemme see if I have this straight.

Right now, my server is named Exchange.domain.local

Can the SSL cert still be mail.domain.com or am I looking at reloading the server to rename it?

 

[computerhighguy]

The local name can be whatever you want. Whatever your FQDN is on the internet, that is the name you will get on the SSL cert. In addition the above, you will want to create an internal DNS zone for your Internet FQDN so the cert is good on the inside and well as the outside.


It is what it is!!
__________________________________
A+, Net+, I-Net+, Certified Web Master, MCP, MCSA, MCSE, CCNA, CCDA, and few others (I got bored one day)

 

[OCS1]

Ok...thank you very much!

Dont be surprised if I pop back in here with more questions

 

[computerhighguy]

You will need the following link after you get the ssl cert installed.

http://technet.microsoft.com/en-us/library/bb123703.aspx

It is what it is!!
__________________________________
A+, Net+, I-Net+, Certified Web Master, MCP, MCSA, MCSE, CCNA, CCDA, and few others (I got bored one day)

 

[OCS1]

Thanks for all your help.

And to reply to your post in my other thread...yes...I am in one hell of a pickle.

Next question:

Basic vs NTLM authentication for Outlook Anywhere...what should I use?

There will be people in Atlanta, which is an 8 hour drive from here that I wont be able to get on the domain right away. It may be a few weeks before they are able to make it up here.

This Exchange server will not be behind an ISA Server (at least not for a while) and I do not want the users to have to type in a username and password everytime...so Im assuming I should use NTLM. However, if I use NTLM will this cause a problem for the people in Atlanta who will not be a member of the local domain for a while?

 

[OCS1]

I think I may have just found my answer. It appears that NTLM can use the current Windows OS logon info for authentication?

 

[computerhighguy]

That basically is what NTLM is. It will use the credentials that the person used to log onto the computer with. It requires the workstation to be a member of the same domain. RPC over HTTP uses an SSL connection. User names and passwords, at least I would image, would be encrypted also. Much like the logon page to OWA. Although you write the username/upn/whatever in the boxes, the info is still encrypted using the SSl certificate. Short of the NSA looking at it, no one can reasonably hack it. If your clients are using Outlook 2007, your life just got a lot easier. All they need is thier e-mail address and password. Autodiscover will take care of the rest. If you users are using Outlook 2003, I would suggest downloading the Office Resource Kit and make a custum MST file for use in an administritive installation. You can fill in all the RPC over HTTP stuff ahead of time.

Short answer: Use both

It is what it is!!
__________________________________
A+, Net+, I-Net+, Certified Web Master, MCP, MCSA, MCSE, CCNA, CCDA, and few others (I got bored one day)

 

[OCS1]

Is there any way to send a private message on these boards?

 

[Davetoo]

No

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[OCS1]

Ok...the Exchange server has been up and running for a couple weeks now. Thanks for all of your help!

One issue I have a question about:

When I originally set up the exchange server, I got a certificate from godaddy.com for mail.domainname.com and set up the default website in IIS to reflect that- however, due to a long story that Im not going to go into right now, I had to change the certificate to mobile.domainname.com. Since Ive done that, obviously OWA and Exchange activesync no longer work. My question is, how do I edit the default website in IIS to reflect the change in certificate? Ive looked through and cannot find anywhere to edit what I need to edit...

Thank you!