none
Exchange server 2013 SSl proxy certificate

    Question

  • Dear team,

    Presently we have one exchange server 2013 all roles ( CAS , MailBox)  in single server it's working fine and in this morning i have  installed another one exchange server 2013 successfully  it's also working fine but i have issues with client client machine when they try to login it's asking Certificate i don't want old exchange server no more i want only new exchange server 

    How can i solve this issues 

    Saturday, November 28, 2015 12:15 PM

Answers

  • Designing Exchange it's not so tough but u should remember about Namespace - http://blogs.technet.com/b/exchange/archive/2014/02/28/namespace-planning-in-exchange-2013.aspx. when you use two of more Exchange servers, they should have common name space share by both of them. Otherwise they will suggest clients different names, some of them could not be covered by certificate assigned to server - by default during installation Exchange assign selfsigned cert with hostname. I've published some time ago script to assign fast and simple all Exchange services to one name on all servers https://gallery.technet.microsoft.com/Set-all-virtual-directories-f4ec71d3. After that you can assign one certificate to both servers and finally uninstall the older one.

    Of course having the same cummulative updates level on all servers is also important.


    Regards, Konrad Sagala, MCT, MCSE+M, MCITP: Exchange 2007/2010, Lync 2010, Office365, Windows 2008, Virtualization

    • Marked as answer by Suriya Subash Saturday, November 28, 2015 12:59 PM
    Saturday, November 28, 2015 12:41 PM

All replies

  • Designing Exchange it's not so tough but u should remember about Namespace - http://blogs.technet.com/b/exchange/archive/2014/02/28/namespace-planning-in-exchange-2013.aspx. when you use two of more Exchange servers, they should have common name space share by both of them. Otherwise they will suggest clients different names, some of them could not be covered by certificate assigned to server - by default during installation Exchange assign selfsigned cert with hostname. I've published some time ago script to assign fast and simple all Exchange services to one name on all servers https://gallery.technet.microsoft.com/Set-all-virtual-directories-f4ec71d3. After that you can assign one certificate to both servers and finally uninstall the older one.

    Of course having the same cummulative updates level on all servers is also important.


    Regards, Konrad Sagala, MCT, MCSE+M, MCITP: Exchange 2007/2010, Lync 2010, Office365, Windows 2008, Virtualization

    • Marked as answer by Suriya Subash Saturday, November 28, 2015 12:59 PM
    Saturday, November 28, 2015 12:41 PM
  • Dear Sir Thanks for your mail 

    Today night i am going to shutdown one of the mail server name ( main-mail.kimb.com) another New one is ( main-mailserver.kimb.com ) how can i remove or move ssl certificate from old server new server ? please let me know i am not expert of exchange server pls can you give me step by step guide 

    Regards

    Subash

    Saturday, November 28, 2015 1:01 PM
  • Hi,

     

    You can export from the previous server:

    Export-ExchangeCertificate

    https://technet.microsoft.com/en-us/library/aa996305(v=exchg.160).aspx

    Import the certificate and enable it on the services:

    https://technet.microsoft.com/en-us/library/bb124424(v=exchg.160).aspx

    Thanks,

     

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnsfl@microsoft.com

     


    Simon Wu
    TechNet Community Support

    Monday, November 30, 2015 8:59 AM
    Moderator