Exchange 2010 Domain Name change in a multitenant (hosted) environment

Is there a way to change a domain name from one of our domains?
We have exchange 2010 SP1 in hosted mode so we have several domains we deliver to our customers.
However, now 1 of our customers would like to change their domain name.
For example abc.com should become 123.com
To make it even a litle bit more complicated, in the first instance they want to add the 123.com domain so they receive emails on both domains. After a month they want to delete the old domain ( abc.com ) and keep on receiving emails on the new domain
( 123.com ).
Please keep in mind that the other domain that we also provide must not be affected.
Any help would be grate as I am stuck on this one.
I simply don't know the correct powershell commands.

Hi Peter,
I read the email and as I was writing a reply I thought by myself, why not share it with the rest.
I am sure other people need this to so I copy paste it in here :-):
===================================
Hi Peter,
If this helps you out, the only thing I want back is for you to help 3 others and share this message so they help out other people aswell. :-D peace
Unfortunately there is no way according to microsoft ( as far as I am aware ) to make a domain change in the hosted edition and for this reason I had to figure it all out myself.
I am no scripter so I didn't build a tool for it, sorry.
I will send you all the information you need.
1- add the accepted domain: New-AcceptedDomain -Name NameOfOrg -Organization ForWhichDomainWillThisBeTheAcceptedDomain -DomainName NewDomain.Eu -DomainType Authoritative
2- to create an alias ( tenant admin )
Import-CSV name-of-textfile.txt | foreach-object {Set-Mailbox $_.alias -EmailAddresses @{add=$_.smtp1}}
The text file has to be in the following format:
alias,smtp1
firstalias,newemailaddress
secondalias,newemailaddress
etc.
3- Make the new alias the primarysmtpaddress ( main exchange admin ):
Import-CSV name-of-textfile.txt | foreach-object {Set-Mailbox $_.alias -primarysmtpaddress $_.smtp1 -emailaddresspolicyenabled $false}
The txt file should be in the following format:
alias,smtp1
domain\alias1,newemailaddress
domain\alias2,newemailaddress
etc.
4- Rename the alias ( tenant admin ):
Import-CSV name-of-textfile.txt | foreach-object {Set-Mailbox $_.alias -alias $_.smtp1}
The txt file should be in the following format:
alias,smtp1
alias1,newalias1
alias2,newalias2
etc.
5- Change UserPrincipalName (main exchange admin ). This is the username to sign in to OWA
Import-CSV name-of-textfile.txt | foreach-object {Set-Mailbox $_.alias -userprincipalname $_.smtp1}
The txt file should be in the following format:
alias,smtp1
domain\alias1,newemailaddress
domain\alias2,newemailaddress
etc.
6- Change displayname (tenant admin ):
Import-CSV name-of-textfile.txt | foreach-object {Set-Mailbox $_.alias -displayname $_.smtp1}
The txt file should be in the following format:
alias,smtp1
alias1,displayname
After a while you might to remove the previous email address ( i waited for this for 3 months! 1 month is way to short for people to communicate it, trust me.. ):
7- Import-CSV name-of-textfile.txt | foreach-object {Set-Mailbox $_.alias -EmailAddresses @{remove=$_.smtp1}}
The txt file should be in the following format:
alias,smtp1
alias1,OldEmailAddress1
alias2,OldEmailAddress2
Andre
Peace

Similar Messages

Domain name change broke oms/agents/grid control

We merged with another company and the domain names changed for all servers last weekend. I fixed all servers (tnsnames, listner.ora and db_domain parameter), so sqlplus works and all processes work.
My question is: which parameters do I need to change in the agents and the oms for gridcontrol to work again. Where are those parameters? Is there any documentation I can follow?
Thanks.

Hi.
if the domain name from EM GC has changed you need to migrate the repository
and reinstall the oms.
*T
Oracle® Enterprise Manager
Grid Control Installation and Configuration Guide
10g Release 5 (10.2.0.5.0)
E10953-11
September 2009
Oracle® Enterprise Manager
Advanced Configuration
10g Release 5 (10.2.0.5)
E10954-03
Edited by: tbrinkmann on Feb 16, 2010 6:00 AM

Connection Errors to Remote Desktop from OSX after Domain name change

We have an issue using Microsoft Remote Desktop from Macs in our school. All was well until we changed the domain name of our RDS servers and installed a new wildcard certificate. Connections work perfectly in Windows 7/8 and also iOS on iPads, but we cannot
get any Macs to connect having tried OSX 10.7 and 10.9. The error message says the connection failed to load but seems to add a spurious end to the connection string - TS/en-US/Default.aspx - but we cannot trace where this is being picked up.
We can get to the site in a web browser and sign in to receive the "browser not supported" message in Safari so traffic is obviously getting to the severs.
Has anyone else had a similar issue? We have spent days poking around with DNS etc but can't seem to make any progress here.

Hi Jeremy,
I have tried removing connections and also re-installing the App. We have been using this App since January with no real issues until we made our domain name change - I really don't understand why it works fine in Windows and iOS but not OSX. We are doing
nothing different to what we have done from day 1.
Log file from our old connection when it was working looked like this:
[2014-Mar-24 10:41:43] RDP (0): Final rdp configuration used: redirectcomports=1
server port=3389
use multimon=1
redirectdrives=1
promptcredentialonce=1
authentication level=0
full address=rdsfarm.xxxxxxx.internal
session bpp=16
prompt for credentials on client=1
redirectprinters=1
drivestoredirect=*
alternate shell=||OpenMind
gatewayusagemethod=2
alternate full address=rdsfarm.xxxxxx.internal
workspace id=rdsgw.xxxxxxx.internal
allow font smoothing=1
redirectposdevices=0
audiocapturemode=1
gatewaycredentialssource=0
remoteapplicationname=OpenMind 2.0
devicestoredirect=*
remoteapplicationmode=1
remoteapplicationprogram=||OpenMind
enablecredsspsupport=1
redirectsmartcards=1
redirectclipboard=1
span monitors=1
gatewayprofileusagemethod=1
gatewayhostname=rds.xxxxxxx.sch.uk
remoteapplicationcmdline=
The log file looks very different now, all I am getting is:
[2014-Jun-17 10:26:41] RDP (0): --- BEGIN INTERFACE LIST ---
[2014-Jun-17 10:26:41] RDP (0): lo0 af=18 addr= netmask=
[2014-Jun-17 10:26:41] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-Jun-17 10:26:41] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2014-Jun-17 10:26:41] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-Jun-17 10:26:41] RDP (0): gif0 af=18 addr= netmask=
[2014-Jun-17 10:26:41] RDP (0): stf0 af=18 addr= netmask=
[2014-Jun-17 10:26:41] RDP (0): en0 af=18 addr= netmask=
[2014-Jun-17 10:26:41] RDP (0): en1 af=18 addr= netmask=
[2014-Jun-17 10:26:41] RDP (0): en1 af=30 (AF_INET6) addr=fe80::21f:5bff:feb8:3f72%en1 netmask=ffff:ffff:ffff:ffff::
[2014-Jun-17 10:26:41] RDP (0): en1 af=2 (AF_INET) addr=192.168.0.65 netmask=255.255.255.0
[2014-Jun-17 10:26:41] RDP (0): fw0 af=18 addr= netmask=
[2014-Jun-17 10:26:41] RDP (0): --- END INTERFACE LIST ---
[2014-Jun-17 10:26:41] RDP (0): ----- BEGIN ACTIVE CONNECTION -----
[2014-Jun-17 10:26:41] RDP (0): client version: 8.0.24875
[2014-Jun-17 10:26:41] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-Jun-17 10:26:41] RDP (0): correlation id: 9f18df13-7c84-dc4b-a780-e6b77a280000
[2014-Jun-17 10:26:41] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-Jun-17 10:26:41] RDP (0): ------ END ACTIVE CONNECTION ------
[2014-Jun-17 11:44:15] RDP (0): *** Application terminated ***
[2014-Jun-18 09:51:37] RDP (0): *** Application terminated ***
[2014-Jun-19 12:00:19] RDP (0): *** Application terminated ***
[2014-Jun-19 12:15:32] RDP (0): *** Application terminated ***
[2014-Jun-19 12:16:21] RDP (0): *** Application terminated ***

Domain Name Change in CSS

We have a CSS doing HTTP load balancing. There is no SSL termination done on this device.
will the domain name change have any impact on the load balancer?
thanks
sathappan

If you see the domain name in your CSS config, then yes there will be an impact.
Otherwise, no.
By default we do not check the domain name.
Gilles.

Domain Name Change procedure

Can anyone tell me which are the changes to do in the alui portal when the domain name change ? Which are the files to modify ? Does any tool exist to automate the task ?
ex : portal.toto.com became portal.titi.corporate.com

I'm interested to any solutions too.
For instance, my solution was to find and change all configuration files with a command line like "find . -name "*.xml""...
But you have also to change configuration inside the portal, like all remote web services addresses
I think it's not so easy to change the domain name

IP - Domain names changes

Hello,
We have 3 Nodes RAC 11gR2 (11.2.0.2.3) on Redhat Enterprise Linux 5.5.
We will move the servers from one datacenter to another. This means we will have to change the IPs and domain name of the nodes.
In our environment, we are using:
- Role separation method: grid user as grid infrastructure owner and Oracle user as the RAC database owner.
- Non shared Oracle Home and Non shared grid infrastructure home.
- No Grid Naming Service (GNS)
- No IPMI
- Voting Disk and OCR are shared in ASM; ASM disk group Name: OCRVOTE
- SCAN resolves through DNS.
- 3 Nodes clusters: below the content of /etc/hosts;
-bash-3.2$ cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
#::1 localhost6.localdomain6 localhost6
# Oracle RAC Configuration
# Public
10.119.144.136 db01.lds.com db01
10.119.144.138 db02.lds.com db02
10.119.144.140 db03.lds.com db03
# Public VIP
10.119.144.137 db01-vip.lds.com db01-vip
10.119.144.139 db02-vip.lds.com db02-vip
10.119.144.141 db03-vip.lds.com db03-vip
# Private
10.119.144.193 db01-priv
10.119.144.194 db02-priv
10.119.144.195 db03-priv
-bash-3.2$
- Oracle Home value: /opt/app/oracle/product/11.2.0/db_1
- Grid Home value: /opt/11.2.0/grid
- ADVMAIN is the global database name.
- advmain1, advmain2, advmain3 are the database instance names.
- advcluter is the cluster name.
When installing the grid infrastructure,we used the FQDN including the domain name...
Could you provide me please the steps to change the IP and domain names addresses to have an operational environment.
Thank you,
Diego

ssolbach wrote:
If it is just the SCAN, this can be changed. (srvctl modify scan).
The services could be dropped and recreated.
Important thing is, that your public hostname does not contain the domain.
Regards
SebastianSebastian,
How can I check the public hostname does not contain the domain? I have checked the OCR Dump file and didn't found Public string ...
Thanks,
Diego

Domain Name Change Disabling Keys

I'm told that our domain name change from hhp.umd.edu to
sph.umd.edu will disable the Contribute keys.
Is that correct and if so, how do I get new keys that are
usable with the new domain?
thanks for your assistance.
daniel

I have a related question. I have about 20 different
connections that I have set up manually. Now that our domain login
has changed the connections are no longer there. Where is that
information stored. I'd like to recover it.

App server domain name changed

Hi All,
Our App server domain name changed so we did following ways to take the changes to effect. When starting the Middle-tire gives error
Old name=koredm104715.in.company.com
New name=ias-instance id=koredm104715.apac.company.com
C:\Oracle\Product\OraMidTier10gR2\chgip\scripts>cmd chgiphost.bat -mid
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Oracle\Product\OraMidTier10gR2\chgip\scripts>cmd /c chgiphost.bat -mid
Oracle Home set to C:\Oracle\Product\OraMidTier10gR2
Starting Change Hostname/IP...
Enter fully qualified hostname (hostname.domainname) of destination
(koredm104715.APAC.company.com)>>koredm104715.APAC.company.com
Enter fully qualified hostname (hostname.domainname) of source
(koredm104715.in.company.com)>>koredm104715.APAC.company.com <----------- Issue is here as source should be koredm104715.IN.company.com
Enter valid IP Address of destination
(10.47.32.43)>>10.47.32.43
Enter valid IP Address of source
(10.47.32.43)>>10.47.32.43
Source and destination hostname/IP are identical.
Continue? (y/n) y
Change Hostname/IP completed successfully.
C:\Oracle\Product\OraMidTier10gR2\chgip\scripts>cd..
C:\Oracle\Product\OraMidTier10gR2\chgip>cd..
C:\Oracle\Product\OraMidTier10gR2>cd opmn\bin\
C:\Oracle\Product\OraMidTier10gR2\opmn\bin>opmnctl startall
opmnctl: starting opmn and all managed processes...
==============================================================================
opmn id=koredm104715:6200
    5 of 7 processes started.
ias-instance id=OMT_10gR2.koredm104715.in.company.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ias-component/process-type/process-set:
    WebCache/WebCache/WebCache
Error
--> Process (pid=3152)
    failed to start a managed process after the maximum retry limit
    Log:
    C:\Oracle\Product\OraMidTier10gR2\opmn\logs\WebCache~WebCache~1
ias-component/process-type/process-set:
    WebCache/WebCacheAdmin/WebCacheAdmin
Error
--> Process (pid=4924)
    failed to start a managed process after the maximum retry limit
    Log:
    C:\Oracle\Product\OraMidTier10gR2\opmn\logs\WebCache~WebCacheAdmin~1
C:\Oracle\Product\OraMidTier10gR2\opmn\bin>Edited by: Lokanath Giri on १९ जनवरी, २०१२ १:५८ अपराह्न

Have you checked your web cache log files for errors? Also check the %ORACLE_HOME%\opmn\log directory as there are many log files which can be helpful resolving your issue.
Thanks,
EJ

Internet Email Domain Name Change

Mangagement wants our email domain name changed because of it's length. Another government agency handles hosting for us now and can't change it for us. I have paid for a new name using a company on the internet and now have to switch it over. I see, in console one, that I can create a second name in Tools -> Groupwise System Operations -> Internet addressing and then set one of them to preffered. Can I do this and then set the new name as preferred? I would like to allow email that is addressed to the old email domain name to flow to the users for 30 days. Looks like I will need to change the foriegn ID in the gwia and also the name in the internal groupwise domain properties. Is there anything else that needs to be done? Is this the best way to do this? Thanks

On 7/30/2012 3:36 PM, dgonnse wrote:
>
> Mangagement wants our email domain name changed because of it's length.
> Another government agency handles hosting for us now and can't change
> it for us. I have paid for a new name using a company on the internet
> and now have to switch it over. I see, in console one, that I can
> create a second name in Tools -> Groupwise System Operations -> Internet
> addressing and then set one of them to preffered. Can I do this and
> then set the new name as preferred? I would like to allow email that is
> addressed to the old email domain name to flow to the users for 30 days.
> Looks like I will need to change the foriegn ID in the gwia and also
> the name in the internal groupwise domain properties. Is there anything
> else that needs to be done? Is this the best way to do this? Thanks
>
>
assuming there's no po/user/domain overrides of IA settings, that should
work ok.

How to set same domain name for Azure Storage and Hosted Service

I have a web application running on azure and using azure storage with blob. My application allows to edit html files that are in the azure storage to save with another name and publish them later. I am using javascript to edit the html content that
I display in an Iframe but as the domain of my web application and the html that I try to edit are not the same, I got and this error "Unsafe JavaScript
attempt to access frame with URL "URL1" from frame with URL "URL2". Domains, protocols and ports must match".
I have been doing some research about it and the only way to make it work is to have the web application and the html that I want to access using javascript under the same domain.
So my question is: is it possible to have the same domain name in azure for the hosted service and the storage.
Like this:
hosted service: example.com
storage: example.com
By the way I already customize the domain names so they looks like this:
hosted service <mydomainname>.com
storage <blob.mydomainname>.com
Actually I have my application running in another hosting and I have no problem there since I have a folder where I am storing the files that I am editing so they are in the same domain as the application. I have been thinking in to do the same with Azure,
at least to have a folder where I can store the html file meanwhile I am editing it but I am not sure how much space I have in the hosted service to store temporary files.
let me know if you have a good tip or idea about how to solve this issue.

Hi Rodrigo,
Though both Azure Blob and Azure applications support custom domain, one domain could have only one DNS record (in this case is CNAME record) at one time. For Steve's case, he has 3 domains, blog.smarx.com, files.blog.smarx.com and cdn.blog.smarx.com.
> I would like to find a way to storage my html page that I need to edit under the same domain.
For this case, a workaround will be adding a http handler in your Azure application to serve file requests. That means we do not use the actual blob url to access blob content but send the request to a http handler then the http handler gets the content
from blob storage and returns it.
Please check
Accessing blobs in private container without Shared Access Secret key for a code sample.
Thanks.
Wengchao Zeng
Please mark the replies as answers if they help or unmark if not.
If you have any feedback about my replies, please contact
[email protected]
Microsoft One Code Framework

Exchange domain name change + SSL deployment

My problem: Currently OWA and ActiveSync can be accessed through https://rmt.companyname.com/owa
and https://rmt.companyname.com/Microsoft-Active-Sync with a self-signed SSL. I would like to modify my environment and get a third party SSL so i can access OWA - rmt.companyname.com, ASync - activesync.companyname.com and everything else exchange.companyname/w/e
What changes do i have to make in exchange/iis for this to work?
what certificate attributes do i have to assign?
My Environment:
Barracuda AV/Anti-spam firewall - 10.0.0.1
mail.companyname.com(MX + A)
Exchange 2010 SP1 SERVER (CA, HUB, MB Roles) - 10.0.0.2
rmt.companyname.com (A-record)
My thoughts:
1)get an A-records for exchange.companyname.com, rmt.companyname.com, activesync.companyname.com to point to 10.0.0.2
2)Full reset of Virtual directory and reassign external/internal URLs to the names mentioned above
3)Create CSR with the following names:
   CommonName: exchange.companyname.com
   AltName1: rmt.companyname.com
   AltName2: activesync.companyname.com
4)Purchase & Import certificate
I see how OWA's and ActiveSync URL can be changed, but how do i change the domain name from rmt.companyname.com to exchange.companyname.com?

Are you talking about changing your SMTP domain name? Or you want to change AD DS domain name? If you want to change/add SMTP domain that you Exchange is using, just add accepted domain that you wish to use.
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Damir

Primary email domain name change

We are going to be changing our company's email domain name shortly in order to make it shorter. We are running Exchange 2010, mostly Outlook 2010, on a mostly Server 2008 domain but still running in 2003 mode. We have a trust with a sister company
and until they upgrade to 2008 we cannot upgrade.
As an example we are changing our domain name from @microsoftcontoso.com to @contoso.com.
I am testing in my machine and set exchange & our spam filters to accept email from contoso.com. I also changed my primary email address to be @contoso.com. I tested to my personal email and my new emails are coming from the correct email address.
My issue lies in the fact that my Outlook client still shows my email address as @microsoftcontoso.com. If I create a new outlook profile on a new computer, it does show it as being just @contoso.com.
My question is how do I mass update everyone's Outlook in order for their Outlook client to show their new domain email address? My fear is people will get confused and think they have the wrong address.
Thank you for any help provided.

Hi,
Based on my research, group policy can help Outlook sync the new primary email address.
For more information, you can refer to the following similar thread:
http://social.technet.microsoft.com/Forums/exchange/en-US/aa15d1c5-5d28-4f72-b698-038c90264876/sync-outlook-after-changing-primary-email-addresses-on-exchange-2010?forum=exchange2010
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support

Outlook does not connect to Exchange 2013 after name change due to marriage

When launching Outlook and clicking through the setup wizard to create a new profile, Outlook auto-discovers the correct email alias. When establishing a connection it successfully checks network connectivity and successfully searches the email settings.
When it attempts to logon to the mail server the error comes up.
"The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action."
Clicking "Check Name" gives the error:
"The name cannot be resolved. The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action."
The same result occurs with a manual setup.
We are running Exchange Server 2013. User workstations are running Outlook 2013 on Windows 7 Pro. All updates have been applied as of March 31, 2015.
All name changes have been made in AD and Exchange. Old aliases and new aliases are set in Exchange. Offline Address books are updated daily. The local profile and registry settings have been updated on the workstation and the user is successfully logging
into the profile. The issue is only with Outlook 2013. User can access mail through OWA and ActiveSync on their mobile device.
Logging the user into another workstation and running the wizard returns the same results, which rules out the possible problem being with the workstation.

Hi,
According to your description, I understand that failed auto-configure Outlook with error “The name cannot be resolved. The connection to Microsoft Exchange is unavailable…”, however OWA works fine.
If I misunderstand your concern, please do not hesitate to let me know.
Are all account or any special user experience this question?
If OWA works fine, it indicate that the mailbox database is mounted, and mailbox works well.
I notice that you have changed the account name before issue arise, because external access, the client locates the Autodiscover service on the Internet by using the primary SMTP domain address from the user's email address.
More details about Autodiscover service, for your reference:
https://technet.microsoft.com/en-us/library/bb124251.aspx?f=255&MSPPError=-2147217396
Please try below command to force update address list, GAL, OAB, then test again:
Get-AddressList | update-AddressList
Get-GlobalAddressList | update-GlobalAdressList
Get-OfflineAddressBook | Update-OfflineAddressBook
If the issue persists, please wait for some time to complete configuration.
Thanks
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Allen Wang
TechNet Community Support

11g grid - domain name change

Hi
i have installed oracle 11g grid ( both rdbms repository and OMS on the same linux server 5.5) but now my domain name has changed slightly ...
do I need to change anything ?
does this require full reinstallation of grid ?
oracle v 11.2.0.2
I am trying to install the agent thru grid wizard but its coming back with a warning ..
WARNING : Expected result: The management server must be reachable from the target node via HTTP(S). Actual Result: HTTP url http://mygrid_server.old_domain_name.cm:4889/agent_download/ is not reachable from the target node Check complete. The overall result of this check is: Failed <<<<
RECOMMENDATION : If there is a firewall configured between the management server and target node, ensure that the HTTP(S) ports of the management server are open
thanks
Edited by: user9198889 on Dec 29, 2010 9:59 AM

Assuming the hostname changed on the host where the OMS and repository reside due to the domainname change, I would reinstall. You could update the emoms.properties file and reboot the OMS but not sure that would do the trick.
you can get details on updating the emoms.properties via emctl here: https://support.us.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=1111894.1&h=Y
Let me know.
Thanks

TMG 2010 publishing Exchange 2010 OWA cannot change password if user must change password at first logon is set

Hi,
I have an odd issue whereby if I set "user must change password" on an AD account, the end user cannot logon, they're simply taken back to the OWA login page as if their password is incorrect.
My setup is as follows:
outer TMG -- uses a listener for email.contoso.com and is configured for no authentication.This uses a publishing rule to publish the inner TMG server. This server is not a domain member.
inner TMG - uses a listener for email.contoso.com and is configured for NLTM\kerberos negotiation with forms authentication (Windows Active Directory). This server is a domain member and use a publishing rule to publish the internal CAS. Allow users to change
password is selected in the publishing rules.
Exchange 2010 SP1 - uses integrated windows and basic authentication. Has the appropriate registry key configured to allow users to change their AD password on first logon.
I've registered an snp for "http/email.contoso.com mailserver-dc1", all SSL certificates being used are valid and my configuration used to allow users to login and change their password with "user must change password on first login"
set in AD.
If I launch a web browser on an internal server and point it to email.contoso.com I'm immediately presented with a generic Windows authentication request (similar to what's seen in ADFS) rather than the standard OWA page. No matter what I do, I cannot login
and change my password using the correct URL. However if I point my browser at
http://192.168.4.10/owa I'm prompted to login and I can change my password using the sam credentials.
The only recent changes made are:
- Disabling SSL 3.0 and enabling TLS (http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html)
- Replacing the TMG listener certificates so that they now use SHA2 rather than SHA2 (certificates are trusted on each TMG server)
Looking on the outer TMG and the DC logs I can see schannel errors which I believe are related to the problem. TMG monitoring also shows "Failed connection attempt: 1907 The user'spassword must be changed before logging on for the first time"
I've checked that my inner TMG and DC are using the same certificate for server authentication and gone through this guide:
http://blogs.technet.com/b/keithab/archive/2012/02/29/setting-up-and-troubleshooting-ldaps-authentication-in-forefront-tmg-2010.aspx
If I try to use ldp.exe on the inner TMG, I get the error in the pic below
Thanks
IT Support/Everything

Hi,
You could try to analyze the TMG tracing and try the troubleshoot steps in the blog below.
TMG 2010 – FBA, troubleshooting the change password feature
http://blogs.technet.com/b/isablog/archive/2012/05/07/tmg-2010-fba-troubleshooting-the-change-password-feature.aspx
Best Regards,
Joyce

Exchange 2010 Domain Name change in a multitenant (hosted) environment

Similar Messages

Maybe you are looking for