CAS Namespace and Cert Question
Hi all, I am about to install our first exchange 2010 CAS server (currently we have exchange 2007 and 2003) and I have a question about the namespace. Right now our namespaces for owa and activesync are "exchange1.domain.com", "exchange2.domain.com", exchange3.domain.com".
As you can see the namespaces are the names of the 3 servers. However, really only exchange1.domain.com is being used for external dns. My question is, since everything is currently configured for exchange1.domain.com, when I put in exchange 2010 CAS, do I
want to create a new namespace without the server name like "webmail.domain.com"? And, if I do this do I still need to create the "legacy" namespaces (legacy.domain.com) since I won't really be sharing the exchange1.domain.com namespace? Should I go with Option
A or Option B below?
Option A:
namespace and Cert = "exchange1.domain.com" with "legacy.domain.com" added to it? In other words, keep existing namespace and add legacy to the cert and external dns?
Option B:
namespace and Cert= "webmail.domain.com" for exchange 2010 and keep "exchange1.domain.com" for existing exchange 2007? In other words, create a new external namespace and purchase a new SSL Cert for webmail?
March 16th, 2012 3:19pm
Hello,
Do you have further questions on this thread?
Thanks,
Simon Wu
Exchange Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
March 19th, 2012 4:35am
Thank you all.
Yes, I will be in co-existence mode for some time. Also, "exchange1.mydomain.com" is what is being entered by the users for activesync and for OWA.
So, will I still need the name "legacy.mydomain.com" even if I get a new name with something generic like "webmail.mydomain.com" and still have my "exchange1.mydomain.com" namespace and cert? I guess what I am trying to ask is do I need the cert and namespace
"legacy" if "exchange1" is my legacy (exchange 2007) and "webmail" (exchange 2010) is my new? Or are you all saying that I need to go ahead and have all 3 namespaces and certs, "legacy, exchange1 and webmail"? Thank you all for your help!
March 19th, 2012 8:59am
perfect! thank you very much.
Free Windows Admin Tool Kit Click here and download it now
March 19th, 2012 10:51am
Will I need to generate the cert on exchange then submit it to my authority and have them add the names or do I just contact them without generating new cert code to submit to them and have them add the two new names, "webmail" and "legacy"?
March 19th, 2012 12:23pm
thank you, I understand how to generate the text, I was just wondering if I need to generate the text for a new cert or if I could just add "legacy" and "webmail" to my existing cert?
Free Windows Admin Tool Kit Click here and download it now
March 19th, 2012 1:41pm
gotcha, ok thank you very much!!
March 19th, 2012 1:54pm
I appoligize, this new cert will then be installed on 2010 CAS correct and not back on 2007? Also, I will have 2 2010 CAS, does each one need a seperate cert or do I install the same one on both? I will be using a CAS Array with windows NLB.
Free Windows Admin Tool Kit Click here and download it now
March 19th, 2012 3:34pm
Ok, I think I got it now :)
Thanks!
March 19th, 2012 3:51pm
I am sorry......one more question please.
the new "webmail.mydomain.com" namespace will be added to external DNS, do I need to change the external DNS of "exchange1.mydomain.com" to "legacy.mydomain.com" or add "legacy.mydomain.com" as an additional external IP?
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2012 12:27pm
Hi again, I just wanted to ask (because it wasn't mentioned in this thread) for those who might be reading this thread for similar help. The webmail.mydomain.com and legacy.mydomain.com will also need to be added as MX records too as they are
also added to the external DNS as A records, correct?
March 23rd, 2012 9:49am
MX records in another thing to address and is out of scope here, MX records related to the HUB servers (SMTP) and how to receive email from the internet, the URL's you mentioned is needed to connect the users to the CAS Servers so the MX should point to
your Public IP that used to receive emails, and the SMTP port on your firewall should eventually point to the Exchange 2010 Server I dont know how is your setup put in most cases only the SMTP port on the firewall will be changed to point to the HUB Servers
private IP Address (in-case you are not using Edge servers).
Free Windows Admin Tool Kit Click here and download it now
March 25th, 2012 7:04am
Thank you. All SMTP traffic goes through the firwall and the firewall sends it to a Spam Filter. The Spam Filter currently sends allowed email to my exchange 2007 CAS server. My plan was to point the Spam Filter to the new CAS Array.
March 26th, 2012 9:40am