Migration: Ex 2007 to Ex 2013 and co-exist scenario: Subject Alternative Name certificate

Similar Messages

• ACE and SSLM support Subject Alternative Name (SAN)

  Hi
  I want to  migrate Exchange server to Exchange 2010, I would like to know if ACE and SSLM support Subject Alternative Name (SAN).
  1.   Can the current CSM (WS-SVC-SSL-1-K9) support SSL certificates that have Subject Alternative Names? I.e. a certificate that has both of these names in it.
  a.       exchange.ww.edu
  b.       legexchange.ww.edu.
  2)      Can the new ACE( ACE20-MOD-K9) support SSL certificates that have Subject Alternative Names? I.e. a certificate that has both of these names in it:
  a.       exchange.ww.edu
  b.       legexchange.ww.edu
  Thanks
  Nomi

  I dont see anything in the config guide where the ACE can generate certs with SANs. However, if you are going to generate the cert and keys offline, then it might work. Can you supply a sample pkcs12 file in PEM format that I can test in the lab ? Which s/w version ?
  Matthew

• Nodemanager configuration with SSL and Subject Alternative Names.

  We want to configure serveral nodemanagers in serveral machines using SSL. Is possible to use only one certificate with one CN and several subject alternative names (one per machine)?
  We cannot configure the nodemanager, we always get an SSLHandShake exception.
  Thanks.

  Hi,
  Hope you found out resolution to your issue. 
  incase you havent , presuming the CN used in your certificate is not the host name and all the host servers can resolved/ identify that CN. Dont see major problem in the way you explained.
  However handshake exception only points at certain specific case
  - where the certs are not imported into keystores ( client or server side) or
  - certs mismatching at clent & server
  - too many certs with the same CN in the same keystore or CN resolving to more than 1 cert ( if its possible).
  Let me know if you need help in reolving this and also paste the error trace of 'handshake' exception you see.
  Sri

• CF10, CFHTTP and SSL subject alternative names

  I have an SSL certificate where the Common Name doesn't match the url, but the Subject Alternative Name does.  The Common Name is the actualMachineName.subnet.subnet.mynetwork.com and the SAN is www.prettyurl.com.  I understand older versions of CF don't support this, but the comments regarding Bug #3566218 say that CF10 does.  However, I am still getting connection failures telling me the name doesn't match.
  Can anyone confirm this should/shouldn't work in CF10?  I have imported all of the certs via the keytool and explored all of those issues.  The only remaining issue is that the url doesn't match the CN.
  TIA,
  Eric

  I received the message,"this site has sent an untrusted certificate", on my N95.  It would prompt me to continue or view certificate.   If I select Continue, everything worked fine.  It got annoying after a awhile.  I went thru 2 pages of google results and could not find the answer to fix my issue.  I gave up and then somehow figured it out on my own at the bar the next day.  
  The issue was that I had the incorrect date.  This was actually one of the first things I checked.  However I overlooked that the date format was ddmmyyyy.  I simply updated to mmddyyyy and fixed the date and the issue was resolved.
  Hope this helps.

• Fab40 templates migration from 2007 to SP 2013

  We are working on migrating  SP 2007 sites to sp 2013 and in 2007 Fab40 templates are installed and we are getting issue in SP 2013 when doing visual upgrade because of site definitons.Will these templates get upgraded to SP 2013 ?

   SharePoint 2013 does not support for FAB 40 feature.
  Try these links: 
  https://social.technet.microsoft.com/Forums/sharepoint/en-US/b3363e1d-ad1f-45cf-b1f0-1ddb40797876/40-fab-templates-migration-to-sharepoint-2013
  https://social.technet.microsoft.com/Forums/sharepoint/en-US/b920c152-8488-4d43-b609-a507c5730372/proper-upgrade-procedure-from-2007-2013-with-fab-40-templates
  [custom.development]

• Migrate Sharepoint 2007 to sharepoint 2013 questions

  I am in the process of moving sp 2007 to 2013 using db attach/detach. I have some questions.
  1) Should I do visual upgrade in 2010, then migrate to 2013  or wait until 2013 and do visual upgrade?
  2) Should I convert to Claim in 2010, then migrate to 2013 or wait until migrate to 2013 then convert to claim. 
  3) What happen if i attached db that was ntlm to web application that currently use use claim?
  4) any good article show step by step and things to look for?

  1) You must do the visual upgrade to 2010 prior to migration to 2013. SharePoint 2013 does not support the 2007 UI look and feel.
  2) Personally, I convert to Claims in SharePoint 2013. Given you're running 2013 SP1 with the April 2014 CU (I recommend Sept 2014 CU) or higher, the conversion will be quicker.
  3) Windows Claims is just NTLM or Kerberos. You would need to re-covert. If you're converting in 2013, after you attach the Windows Classic-enabled db to the Claims-enabled web application, you would run Convert-SPWebApplication.
  http://technet.microsoft.com/en-us/library/cc263299(v=office.15).aspx
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Unable to edit document from SharePoint 2007 using Office 2013 and IE 11

  I am getting the following error when I try to edit a document from SharePoint 2007: "Edit document
  requires a Windows Sharepoint services-compatible application and Microsoft Internet Explorer 6.0 or greater". I am using Windows 7 with Office 2013 and Internet Explorer 11. Troubleshooting steps that I've tried so far (that haven't worked) are as follows:
  1) repaired Office; 2) switched from 64 bit version of IE to 32 bit version; 3) moved the owssupp.dll from C:\Program Files (x86)\Microsoft Office\Office14\ to C:\Program Files (x86)\Microsoft Office\Office15; 4) tried removing old versions of Office (but
  I still need to use Office Communicator 2007 r2 and couldn't figure out how to get rid of the Office14 files from Program Files); and 5) running SharePoint in IE compatibility mode. Please advise...thanks!

  Hi,
  It seems you installed mixed version Office2007/2010/2013 on your client machine?
  I would suggest you remove all Office 2007 and 2010 version, and reinstall Office 2013(include Office Tools->Microsoft SharePoint Foundation Support component) on your machine, and make sure "Open SharePointDocuments class" add-on is enabled
  from IE11, then check if it could fix the issue.
  If above works, please test again after installing the Office Communicator 2007 r2 on your machine.
  http://social.microsoft.com/Forums/en-US/3e8c0976-2794-49a2-92fe-6a254b3cc4ca/a-microsoft-sharepoint-foundation-compatible-application-could-not-be-found?forum=projserv2010setup
  http://blogs.technet.com/b/emeaoffice/archive/2013/04/29/you-get-an-error-message-when-you-open-an-office-file-from-sharepoint-on-a-computer-on-which-you-installed-more-than-one-version-of-office.aspx
  Thanks,
  Daniel Yang
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Daniel Yang
  TechNet Community Support

• Issue in Custom Blog site definition based on SharePoint 2010 blog site definition after migrating the sites to SharePoint 2013 and site collection upgrade

  I have created a custom blog site definition using SharePoint 2010 blog site definition with Configuration ID 31 in onet.xml (new value). This was working fine for SharePoint 2010.
  We created new SharePoint 2013 farm and deployed the all Custom solutions in
  14/15 folders. After migrating the sites to SharePoint 2013 using Content DB approach, site created previously using my custom definition are working fine.
  But after running site collection upgrade these sites stop working. When I post a comment then comments not getting listed on post detail page. However comments are getting added to Comments List but
  PostTitle column  of Comment is not getting populated.
  Also, when we create a new site in SharePoint 2013 using my custom blog template then that is also not getting provisioned.  default.aspx and look-up between post and comment list are not working.
  If any one has faced such issue then please share your findings and any solution to fix this.
  Thanks in Advance :)

  Hi ,
  According to your description, my understanding is that the blog based on custom blog site definition didn’t work correctly after migrating custom blog site definition to SharePoint 2013.
  If you customized the Onet.xml file in a previous version's site definition, you should modify some sections in the file to work in the current version, like  <BaseTypes> and  <ListTemplate>  etc. More information, please refer
  to the link below:
  http://msdn.microsoft.com/en-us/library/office/aa543837(v=office.14).aspx
  For that the PostTitle column  of Comment is not getting populated, please try to modify the view, then compare the result.
  I hope this helps.
  Thanks,
  Wendy
  Wendy Li
  TechNet Community Support

• Download and overwrite existing file with same name

  Is there a way to tell Safari to erase previous versions of downloads, ie not adding a '-1' or '-n' to the file name, but overwrite an already existing file?

  I was going to say "hurrah!" but..... no.
  I does ask me for the file name, it does ask me if I want to replace, but it does not replace the file, and just saves it in dummy-1.ppt.
  Funny thing: it has the expected behaviour for pdf files, where replacement actually occurs.
  Bug report sent.

• Migrating Users from Exchange 2007 to Exchange 2013 Without redirection through exchange 2013.

  We have all our users and mailboxes on Exchange 2007 and I have introduced two Exchange 2013 servers in my organization and both have mailbox and CAS server installed on them. 
  With Exchange 2007 server, I had not modified any of the internal and external url/uri and had stayed with the defaults.
  For migration most of the documents are suggesting of changing the default internal URL and Auto Discover Service internal URI values.
  In my case, I want to migrate all the users and mailbox (everything that is on Exchange 2007) form 2007 to 2013 and decommission exchange 2007 completely from our organization.
  I am in the phase of transferring users from Exchange 2007 to Exchange 2013 and do not want to change any settings on the existing 2007 servers.
  I have created new dns entry mailx.abc.com with two IPs of both exchange 2013 and changed the Outlook Anywhere internal URL on both Exchange 2013 server to mailx.abc.com.
  So by doing these, I think all existing clients will still connect to exchange 2007 and after moving their mailbox they will be connect to exchange 2013.
  In short I am not redirecting or using 2013 as proxy for 2007 clients and clients whose mailbox is on exchange 2013 will directly connect to 2013 server.
  Questions are, Is this the right way to migrate all the users to Exchange 2013?
  Will it affect the operation of existing Exchange 2007 server?

  Read the below blog on Client Connectivity in Exchange co-existence. There can't be better blog than this on this topic.
  http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
  Clients connect to Exchange from Internal-Outlook, External-Outlook, Web & Active Sync.
  For Internal the configuration that you have mentioned should work as clients would get Autodiscover information from Active Directory (SCP) and get connected to right server.
  However, for external connectivity it makes sense to use External URL on Exchange 2013 servers (keep the Exchange exposed to Internet), configure legacy URL for exchange 2007 and use Exchange 2013 external URL for mailboxes that are Exchange 2007 and Exchange
  2013 for standardization.
  Refer article for configuring URLs -
  http://silbers.net/blog/2014/01/22/exchange-20072013-coexistence-urls/
  - Sarvesh Goel - Enterprise Messaging Administrator

• Move Mailboxes from Exchange 2007 to Exchange 2013 (Could not find a valid mailbox migration for esta organization)

  Hi all, I am in full migration from Exchange 2007 to Exchange 2013 and everything went correctly.
  I have migrated several mailboxes and are working well. But a few days ago, when I try to migrate a mailbox I get the following error and can not migrate:
  "Could not find a valid mailbox migration for this organization"
  Do you know that you can be?
  regards
  Microsoft Certified IT Professional Server Administrator

  Hi,
  From your description, the issue should be related to the migration mailbox. I recommend you check if the following account is existed in ADUC.
  Migration.8f3e7716-2011-43e4-96b1-aba62d229136
  If this account does not exist, you need to run setup /prepareAD and then enable this migration mailbox to check the result.
  Hope this can be helpful to you.
  Best regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Amy Wang
  TechNet Community Support

• Upgrade exchange 2007 to exchange 2013 on SBS 2008

  Hi,
  I need to upgrade EX07 to EX13 on small business server 2008, So I am looking for the documents or steps which will help in Implementation.
  Thanks in advance!
  -av

  Hi,
  Any update about the issue?
  In-place upgrade is not possible. According to the MS article:
  When you're upgrading your existing Exchange 2007 organization to Exchange 2013, there's a period of time when Exchange 2007 and Exchange 2013 servers will coexist within your organization. You can maintain this mode for an indefinite period of time, or
  you can immediately complete the upgrade to Exchange 2013 by moving all resources from Exchange 2007 to Exchange 2013, and then decommissioning the Exchange 2007 servers. You have a coexistence scenario if the following conditions are true:
  Exchange 2013 is deployed in an existing Exchange organization.
  More than one version of Microsoft Exchange provides messaging services to the organization
  Upgrade from Exchange 2007 to Exchange 2013
  https://technet.microsoft.com/en-us/library/jj898581%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Migration from SP 2010 - SP 2013

  Hi...
  We have migrated SP 2010 to SP 2013 and did some changes in the master page and publishing Pages, but when we login into the site having edit access permissions in the Permissions group, old master page and page content is showing but for Contribute and
  all other permissions showing new changes...what could be the problem and how to resolve it.
  Ravindranath

  Hi Ravi,
  Please find below links which should be helpful
  http://www.metalogix.com/help/Content%20Matrix%20Console/SharePoint%20Edition/002_HowTo/003_MigrationActions/022_MasterPageGallery.htm
  https://social.technet.microsoft.com/Forums/en-US/ad08e4b9-544f-46a7-939c-03096d098a68/upgrade-custom-master-page-to-sharepoint-2013?forum=sharepointadmin
  https://support.office.microsoft.com/en-us/article/Branding-issues-that-may-occur-when-upgrading-to-SharePoint-2013-0c849002-cdf4-4843-9d4a-0a643a7c64f3?CorrelationId=a514df67-03f6-4040-813d-3f9c586dcc5a&ui=en-US&rs=en-US&ad=US
  Please remember to click 'Mark as Answer' on the answer if it helps you

• Public Folder access on Exch 2007 from exch 2013 user

  I have an issue with my test user that I migrated from 2007 to exch 2013 being able to access public folders that reside on the 2007 server. 2007 users accessing public folders on 2007 have no issues. I have it narrowed down to autodiscover. Please see the
  below exerpt from autodiscover. The "<PublicFolderServer>ex2013.accessDOMAIN.net</PublicFolderServer>" section shows that autodiscover is giving the name of the exchange 2013 server as the publicfolderserver
  instead of the exchange 2007 server.  My question is how do I reflect the correct server "Exch2007" on this autodiscover output?
  <Account>
        <AccountType>email</AccountType>
        <Action>settings</Action>
        <MicrosoftOnline>False</MicrosoftOnline>
        <Protocol>
          <Type>EXCH</Type>
          <Server>[email protected]</Server>
          <ServerDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
          <ServerVersion>73C0834F</ServerVersion>
          <MdbDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
          <PublicFolderServer>ex2013.accessDOMAIN.net</PublicFolderServer>
          <AD>DC.domain.local</AD>
          <ASUrl>https://ex2013.accessDOMAIN.net/EWS/Exchange.asmx</ASUrl>
          <EwsUrl>https://ex2013.accessDOMAIN.net/EWS/Exchange.asmx</EwsUrl>
          <EmwsUrl>https://ex2013.accessDOMAIN.net/EWS/Exchange.asmx</EmwsUrl>
          <EcpUrl>https://ex2013.accessDOMAIN.net/ecp/</EcpUrl>
          <EcpUrl-um>?rfr=olk&amp;p=customize/voicemail.aspx&amp;exsvurl=1&amp;realm=domain.local</EcpUrl-um>
          <EcpUrl-aggr>?rfr=olk&amp;p=personalsettings/EmailSubscriptions.slab&amp;exsvurl=1&amp;realm=domain.local</EcpUrl-aggr>
          <EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&amp;exsvurl=1&amp;IsOWA=&lt;IsOWA&gt;&amp;MsgID=&lt;MsgID&gt;&amp;Mbx=&lt;Mbx&gt;&amp;realm=domain.local</EcpUrl-mt>
          <EcpUrl-ret>?rfr=olk&amp;p=organize/retentionpolicytags.slab&amp;exsvurl=1&amp;realm=domain.local</EcpUrl-ret>
          <EcpUrl-sms>?rfr=olk&amp;p=sms/textmessaging.slab&amp;exsvurl=1&amp;realm=domain.local</EcpUrl-sms>
          <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&amp;exsvurl=1&amp;FldID=&lt;FldID&gt;&amp;realm=domain.local</EcpUrl-publish>
          <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&amp;chgPhoto=1&amp;exsvurl=1&amp;realm=domain.local</EcpUrl-photo>
          <EcpUrl-tm>?rfr=olk&amp;ftr=TeamMailbox&amp;exsvurl=1&amp;realm=domain.local</EcpUrl-tm>
          <EcpUrl-tmCreating>?rfr=olk&amp;ftr=TeamMailboxCreating&amp;SPUrl=&lt;SPUrl&gt;&amp;Title=&lt;Title&gt;&amp;SPTMAppUrl=&lt;SPTMAppUrl&gt;&amp;exsvurl=1&amp;realm=domain.local</EcpUrl-tmCreating>
          <EcpUrl-tmEditing>?rfr=olk&amp;ftr=TeamMailboxEditing&amp;Id=&lt;Id&gt;&amp;exsvurl=1&amp;realm=domain.local</EcpUrl-tmEditing>
          <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&amp;exsvurl=1&amp;realm=domain.local</EcpUrl-extinstall>
          <OOFUrl>https://ex2013.accessDOMAIN.net/EWS/Exchange.asmx</OOFUrl>
          <UMUrl>https://ex2013.accessDOMAIN.net/EWS/UM2007Legacy.asmx</UMUrl>
          <ServerExclusiveConnect>off</ServerExclusiveConnect>
        </Protocol>

  Thank you for your time. I verified that the build number on outlook is greater than SP1. This would indicate that the hotfix was applied as it was included in cumulative rollups.
  The output from the geet-outlookanywhere command is found below. I have adjusted the auth to basic as that is where I would like it to be.
  [PS] C:\Windows\system32>Get-Outlookanywhere | fl Identity,*auth*,*hostname,*ssl
  Identity                           : Exch07\Rpc (Default Web Site)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  ExternalHostname                   : legacymail.DOMAIN.net
  InternalHostname                   : legacymail.DOMAIN.net
  ExternalClientsRequireSsl          : True
  InternalClientsRequireSsl          : True
  Identity                           : Exch13\Rpc (Default Web Site)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  ExternalHostname                   : webmail.DOMAIN.net
  InternalHostname                   : webmail.DOMAIN.net
  ExternalClientsRequireSsl          : True
  InternalClientsRequireSsl          : True

• Exchange 2013 and 2010 co-existance

  We will have 2013 and 2010 exist together for a while...we plan to move away from using Unified Access Gateway for HTTP redirection to our Exchange services and implement Kemp
  load balancers...two at our HQ site and two at our DR stie...
  We plan to have a one arm configuration...from what I gathered...each load balancer will have a network connection and only one network connection and be on the same network as
  our new Exchange 2013 servers.  Can someone take a look at my config and give some input whether or not this will work and some suggestion on Ex13 urls, cert SAN names, etc.
  HQKemp 2400 A    
  HQKemp 2400 B               
  DCKemp 2400 A        DCKemp 2400 B
  172.16.1.104        
  172.16.1.105                     
  172.25.1.104          
  172.25.1.10
  Virtual IP   172.16.1.106          
                           Virtual IP 
  172.25.1.104
  From the video I’ve watched for Kemp install…we’ll create the following internal DNS records for the Exchange services that will be configured on balancers.
  OWA/ECP   
      mail.corp.local.com
                172.16.1.107
  EWS               ews.corp.local.com          
  172.16.1.108
  OAB               oab.corp.local.com           
  172.16.1.109
  ActiveSync      mobile.corp.local.co         
  172.16.1.110
  OA                 oa.corp.local.com            
  172.16.1.111
  Autodiscover   autodiscover.corp.local.com 172.16.1.112
  Question: 
  We will configure the Exchange services with these ip addresses linked to each service on all four load balancers? 
  Or will DR site load balancers have different IPs configured for same Exchange services?
  Exchange services are split between our two sites…meaning Outlook Anywhere is configured for our CAS servers at our DR site and ActiveSync comes to HQ CAS servers as an example…so
  I want all Exchange services to come through the newly installed load balancers at HQ and if they don’t respond…the Exchange services get redirected to the load balancers at our DR site. 
  Can you give some insight on the config of load balancers as to how we can do that?
  I have a question about the cert we will have. 
  Our Microsoft rep says we should get a new wildcard cert…currently we have a UCC cert with the following SANs attached.
  Will this new cert have to be installed on load balancers? 
  If so…can you suggest some ideas as to what new SANs I need if any of the new cert with Exchange 2010 and 2013 co-existing for a while. 
  Below are the SANs on our current UCC cert.
  Outside resolvable SANs
  Webmail.corp.local.com          
  205.223.19.25           portal.corp.local.com     205.223.27.78
  Portal2.corp.local.com             
  205.223.19.25         
  Autodiscover.corp.local.com     
  205.223.19.25
  Internal SANs  
  Hqcas1.corp.local.com              
  Hqcas2.corp.local.com              
  Dccas1.corp.local.com              
  Dccas2.corp.local.com              
  Owamail.corp.local.com     
  (this CAS Array server name that HQ CAS servers create)
  What do you suggest we use for the external urls on Exchange 2013 for these services?
  Our firewall guy says we’ll use same names, 
  but I’m not sure if we try to use same name if we’ll get an error? 
  Active Directory may say name already in use?
  We plan to have firewall to just redirect requests for external urls to load balancers…sound correct? 
  Meaning load balancer won’t have an external NIC defined…which makes it a one arm config…correct?

  Hi Techy,
  According to your description, I am still not quite sure about your environment. Could you please provide more information about it, such as:
  1. How many Exchange servers in your coexistence environment? One Exchange 2010 with all roles and one Exchange 2013 with all roles? Or several Exchange 2010 and multiple Exchange 2013?
  2. Are there two sites in your environment? What’s the Exchange deployment in different sites?
  3. Please confirm if both Exchange 2010 and Exchange 2013 are Internet-facing.
  Additionally, if you are using different namespaces for different services for internal access and external accessing, we need to include all service namespaces in your certificate with IIS service. Personal suggestion, we can follow ED Crowley’s suggestion
  to use split-brain DNS in your environment and only use the same namespace for Exchange service URLs.
  The following article described the details about how to configure different namespace for Exchange services by using Load Balance in Exchange 2013:
  http://www.msexchange.org/articles-tutorials/exchange-server-2013/high-availability-recovery/introducing-load-balancing-exchange-server-2013-part2.html
  Regards,
  Winnie Liang
  TechNet Community Support