Migration: Ex 2007 to Ex 2013 and co-exist scenario: Subject Alternative Name certificate
We are planning the migration of Exchange 2007 to Exchange 2013. In our Existing SAN certificate for Exchange services (OWA,ActiveSync), we have a URL that we included that we no longer have a service for or anything associated with it. For
example: mail.contoso.com.
Can we use this URL in the new Exchange 2013 certificate (3rd Party) we request/obtain as opposed to putting an entry for legacy.contoso.com? Or will we get errors?
Thanks for your answers!
Hello,
No problem. For example, currently, you have two records in SAN, the last one is not in use.
{a.domian.com, b.domain.com}
You can:
a.domain.com -> Exchange 2007
b.domain.com -> Exchange 2013
BTW, you must have autodiscover.domain.com point it to Exchange 2013.
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support
Similar Messages
-
ACE and SSLM support Subject Alternative Name (SAN)
Hi
I want to migrate Exchange server to Exchange 2010, I would like to know if ACE and SSLM support Subject Alternative Name (SAN).
1. Can the current CSM (WS-SVC-SSL-1-K9) support SSL certificates that have Subject Alternative Names? I.e. a certificate that has both of these names in it.
a. exchange.ww.edu
b. legexchange.ww.edu.
2) Can the new ACE( ACE20-MOD-K9) support SSL certificates that have Subject Alternative Names? I.e. a certificate that has both of these names in it:
a. exchange.ww.edu
b. legexchange.ww.edu
Thanks
NomiI dont see anything in the config guide where the ACE can generate certs with SANs. However, if you are going to generate the cert and keys offline, then it might work. Can you supply a sample pkcs12 file in PEM format that I can test in the lab ? Which s/w version ?
Matthew -
Nodemanager configuration with SSL and Subject Alternative Names.
We want to configure serveral nodemanagers in serveral machines using SSL. Is possible to use only one certificate with one CN and several subject alternative names (one per machine)?
We cannot configure the nodemanager, we always get an SSLHandShake exception.
Thanks.Hi,
Hope you found out resolution to your issue.
incase you havent , presuming the CN used in your certificate is not the host name and all the host servers can resolved/ identify that CN. Dont see major problem in the way you explained.
However handshake exception only points at certain specific case
- where the certs are not imported into keystores ( client or server side) or
- certs mismatching at clent & server
- too many certs with the same CN in the same keystore or CN resolving to more than 1 cert ( if its possible).
Let me know if you need help in reolving this and also paste the error trace of 'handshake' exception you see.
Sri -
CF10, CFHTTP and SSL subject alternative names
I have an SSL certificate where the Common Name doesn't match the url, but the Subject Alternative Name does. The Common Name is the actualMachineName.subnet.subnet.mynetwork.com and the SAN is www.prettyurl.com. I understand older versions of CF don't support this, but the comments regarding Bug #3566218 say that CF10 does. However, I am still getting connection failures telling me the name doesn't match.
Can anyone confirm this should/shouldn't work in CF10? I have imported all of the certs via the keytool and explored all of those issues. The only remaining issue is that the url doesn't match the CN.
TIA,
EricI received the message,"this site has sent an untrusted certificate", on my N95. It would prompt me to continue or view certificate. If I select Continue, everything worked fine. It got annoying after a awhile. I went thru 2 pages of google results and could not find the answer to fix my issue. I gave up and then somehow figured it out on my own at the bar the next day.
The issue was that I had the incorrect date. This was actually one of the first things I checked. However I overlooked that the date format was ddmmyyyy. I simply updated to mmddyyyy and fixed the date and the issue was resolved.
Hope this helps. -
Fab40 templates migration from 2007 to SP 2013
We are working on migrating SP 2007 sites to sp 2013 and in 2007 Fab40 templates are installed and we are getting issue in SP 2013 when doing visual upgrade because of site definitons.Will these templates get upgraded to SP 2013 ?
SharePoint 2013 does not support for FAB 40 feature.
Try these links:
https://social.technet.microsoft.com/Forums/sharepoint/en-US/b3363e1d-ad1f-45cf-b1f0-1ddb40797876/40-fab-templates-migration-to-sharepoint-2013
https://social.technet.microsoft.com/Forums/sharepoint/en-US/b920c152-8488-4d43-b609-a507c5730372/proper-upgrade-procedure-from-2007-2013-with-fab-40-templates
[custom.development] -
Migrate Sharepoint 2007 to sharepoint 2013 questions
I am in the process of moving sp 2007 to 2013 using db attach/detach. I have some questions.
1) Should I do visual upgrade in 2010, then migrate to 2013 or wait until 2013 and do visual upgrade?
2) Should I convert to Claim in 2010, then migrate to 2013 or wait until migrate to 2013 then convert to claim.
3) What happen if i attached db that was ntlm to web application that currently use use claim?
4) any good article show step by step and things to look for?1) You must do the visual upgrade to 2010 prior to migration to 2013. SharePoint 2013 does not support the 2007 UI look and feel.
2) Personally, I convert to Claims in SharePoint 2013. Given you're running 2013 SP1 with the April 2014 CU (I recommend Sept 2014 CU) or higher, the conversion will be quicker.
3) Windows Claims is just NTLM or Kerberos. You would need to re-covert. If you're converting in 2013, after you attach the Windows Classic-enabled db to the Claims-enabled web application, you would run Convert-SPWebApplication.
http://technet.microsoft.com/en-us/library/cc263299(v=office.15).aspx
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Unable to edit document from SharePoint 2007 using Office 2013 and IE 11
I am getting the following error when I try to edit a document from SharePoint 2007: "Edit document
requires a Windows Sharepoint services-compatible application and Microsoft Internet Explorer 6.0 or greater". I am using Windows 7 with Office 2013 and Internet Explorer 11. Troubleshooting steps that I've tried so far (that haven't worked) are as follows:
1) repaired Office; 2) switched from 64 bit version of IE to 32 bit version; 3) moved the owssupp.dll from C:\Program Files (x86)\Microsoft Office\Office14\ to C:\Program Files (x86)\Microsoft Office\Office15; 4) tried removing old versions of Office (but
I still need to use Office Communicator 2007 r2 and couldn't figure out how to get rid of the Office14 files from Program Files); and 5) running SharePoint in IE compatibility mode. Please advise...thanks!Hi,
It seems you installed mixed version Office2007/2010/2013 on your client machine?
I would suggest you remove all Office 2007 and 2010 version, and reinstall Office 2013(include Office Tools->Microsoft SharePoint Foundation Support component) on your machine, and make sure "Open SharePointDocuments class" add-on is enabled
from IE11, then check if it could fix the issue.
If above works, please test again after installing the Office Communicator 2007 r2 on your machine.
http://social.microsoft.com/Forums/en-US/3e8c0976-2794-49a2-92fe-6a254b3cc4ca/a-microsoft-sharepoint-foundation-compatible-application-could-not-be-found?forum=projserv2010setup
http://blogs.technet.com/b/emeaoffice/archive/2013/04/29/you-get-an-error-message-when-you-open-an-office-file-from-sharepoint-on-a-computer-on-which-you-installed-more-than-one-version-of-office.aspx
Thanks,
Daniel Yang
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Daniel Yang
TechNet Community Support -
I have created a custom blog site definition using SharePoint 2010 blog site definition with Configuration ID 31 in onet.xml (new value). This was working fine for SharePoint 2010.
We created new SharePoint 2013 farm and deployed the all Custom solutions in
14/15 folders. After migrating the sites to SharePoint 2013 using Content DB approach, site created previously using my custom definition are working fine.
But after running site collection upgrade these sites stop working. When I post a comment then comments not getting listed on post detail page. However comments are getting added to Comments List but
PostTitle column of Comment is not getting populated.
Also, when we create a new site in SharePoint 2013 using my custom blog template then that is also not getting provisioned. default.aspx and look-up between post and comment list are not working.
If any one has faced such issue then please share your findings and any solution to fix this.
Thanks in Advance :)Hi ,
According to your description, my understanding is that the blog based on custom blog site definition didn’t work correctly after migrating custom blog site definition to SharePoint 2013.
If you customized the Onet.xml file in a previous version's site definition, you should modify some sections in the file to work in the current version, like <BaseTypes> and <ListTemplate> etc. More information, please refer
to the link below:
http://msdn.microsoft.com/en-us/library/office/aa543837(v=office.14).aspx
For that the PostTitle column of Comment is not getting populated, please try to modify the view, then compare the result.
I hope this helps.
Thanks,
Wendy
Wendy Li
TechNet Community Support -
Download and overwrite existing file with same name
Is there a way to tell Safari to erase previous versions of downloads, ie not adding a '-1' or '-n' to the file name, but overwrite an already existing file?
I was going to say "hurrah!" but..... no.
I does ask me for the file name, it does ask me if I want to replace, but it does not replace the file, and just saves it in dummy-1.ppt.
Funny thing: it has the expected behaviour for pdf files, where replacement actually occurs.
Bug report sent. -
We have all our users and mailboxes on Exchange 2007 and I have introduced two Exchange 2013 servers in my organization and both have mailbox and CAS server installed on them.
With Exchange 2007 server, I had not modified any of the internal and external url/uri and had stayed with the defaults.
For migration most of the documents are suggesting of changing the default internal URL and Auto Discover Service internal URI values.
In my case, I want to migrate all the users and mailbox (everything that is on Exchange 2007) form 2007 to 2013 and decommission exchange 2007 completely from our organization.
I am in the phase of transferring users from Exchange 2007 to Exchange 2013 and do not want to change any settings on the existing 2007 servers.
I have created new dns entry mailx.abc.com with two IPs of both exchange 2013 and changed the Outlook Anywhere internal URL on both Exchange 2013 server to mailx.abc.com.
So by doing these, I think all existing clients will still connect to exchange 2007 and after moving their mailbox they will be connect to exchange 2013.
In short I am not redirecting or using 2013 as proxy for 2007 clients and clients whose mailbox is on exchange 2013 will directly connect to 2013 server.
Questions are, Is this the right way to migrate all the users to Exchange 2013?
Will it affect the operation of existing Exchange 2007 server?Read the below blog on Client Connectivity in Exchange co-existence. There can't be better blog than this on this topic.
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
Clients connect to Exchange from Internal-Outlook, External-Outlook, Web & Active Sync.
For Internal the configuration that you have mentioned should work as clients would get Autodiscover information from Active Directory (SCP) and get connected to right server.
However, for external connectivity it makes sense to use External URL on Exchange 2013 servers (keep the Exchange exposed to Internet), configure legacy URL for exchange 2007 and use Exchange 2013 external URL for mailboxes that are Exchange 2007 and Exchange
2013 for standardization.
Refer article for configuring URLs -
http://silbers.net/blog/2014/01/22/exchange-20072013-coexistence-urls/
- Sarvesh Goel - Enterprise Messaging Administrator -
Hi all, I am in full migration from Exchange 2007 to Exchange 2013 and everything went correctly.
I have migrated several mailboxes and are working well. But a few days ago, when I try to migrate a mailbox I get the following error and can not migrate:
"Could not find a valid mailbox migration for this organization"
Do you know that you can be?
regards
Microsoft Certified IT Professional Server AdministratorHi,
From your description, the issue should be related to the migration mailbox. I recommend you check if the following account is existed in ADUC.
Migration.8f3e7716-2011-43e4-96b1-aba62d229136
If this account does not exist, you need to run setup /prepareAD and then enable this migration mailbox to check the result.
Hope this can be helpful to you.
Best regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Amy Wang
TechNet Community Support -
Upgrade exchange 2007 to exchange 2013 on SBS 2008
Hi,
I need to upgrade EX07 to EX13 on small business server 2008, So I am looking for the documents or steps which will help in Implementation.
Thanks in advance!
-avHi,
Any update about the issue?
In-place upgrade is not possible. According to the MS article:
When you're upgrading your existing Exchange 2007 organization to Exchange 2013, there's a period of time when Exchange 2007 and Exchange 2013 servers will coexist within your organization. You can maintain this mode for an indefinite period of time, or
you can immediately complete the upgrade to Exchange 2013 by moving all resources from Exchange 2007 to Exchange 2013, and then decommissioning the Exchange 2007 servers. You have a coexistence scenario if the following conditions are true:
Exchange 2013 is deployed in an existing Exchange organization.
More than one version of Microsoft Exchange provides messaging services to the organization
Upgrade from Exchange 2007 to Exchange 2013
https://technet.microsoft.com/en-us/library/jj898581%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Migration from SP 2010 - SP 2013
Hi...
We have migrated SP 2010 to SP 2013 and did some changes in the master page and publishing Pages, but when we login into the site having edit access permissions in the Permissions group, old master page and page content is showing but for Contribute and
all other permissions showing new changes...what could be the problem and how to resolve it.
RavindranathHi Ravi,
Please find below links which should be helpful
http://www.metalogix.com/help/Content%20Matrix%20Console/SharePoint%20Edition/002_HowTo/003_MigrationActions/022_MasterPageGallery.htm
https://social.technet.microsoft.com/Forums/en-US/ad08e4b9-544f-46a7-939c-03096d098a68/upgrade-custom-master-page-to-sharepoint-2013?forum=sharepointadmin
https://support.office.microsoft.com/en-us/article/Branding-issues-that-may-occur-when-upgrading-to-SharePoint-2013-0c849002-cdf4-4843-9d4a-0a643a7c64f3?CorrelationId=a514df67-03f6-4040-813d-3f9c586dcc5a&ui=en-US&rs=en-US&ad=US
Please remember to click 'Mark as Answer' on the answer if it helps you -
Public Folder access on Exch 2007 from exch 2013 user
I have an issue with my test user that I migrated from 2007 to exch 2013 being able to access public folders that reside on the 2007 server. 2007 users accessing public folders on 2007 have no issues. I have it narrowed down to autodiscover. Please see the
below exerpt from autodiscover. The "<PublicFolderServer>ex2013.accessDOMAIN.net</PublicFolderServer>" section shows that autodiscover is giving the name of the exchange 2013 server as the publicfolderserver
instead of the exchange 2007 server. My question is how do I reflect the correct server "Exch2007" on this autodiscover output?
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<MicrosoftOnline>False</MicrosoftOnline>
<Protocol>
<Type>EXCH</Type>
<Server>[email protected]</Server>
<ServerDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]</ServerDN>
<ServerVersion>73C0834F</ServerVersion>
<MdbDN>/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/[email protected]/cn=Microsoft Private MDB</MdbDN>
<PublicFolderServer>ex2013.accessDOMAIN.net</PublicFolderServer>
<AD>DC.domain.local</AD>
<ASUrl>https://ex2013.accessDOMAIN.net/EWS/Exchange.asmx</ASUrl>
<EwsUrl>https://ex2013.accessDOMAIN.net/EWS/Exchange.asmx</EwsUrl>
<EmwsUrl>https://ex2013.accessDOMAIN.net/EWS/Exchange.asmx</EmwsUrl>
<EcpUrl>https://ex2013.accessDOMAIN.net/ecp/</EcpUrl>
<EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=domain.local</EcpUrl-um>
<EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=domain.local</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=domain.local</EcpUrl-mt>
<EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=domain.local</EcpUrl-ret>
<EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=domain.local</EcpUrl-sms>
<EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=domain.local</EcpUrl-publish>
<EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=domain.local</EcpUrl-photo>
<EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=domain.local</EcpUrl-tm>
<EcpUrl-tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=domain.local</EcpUrl-tmCreating>
<EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=domain.local</EcpUrl-tmEditing>
<EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=domain.local</EcpUrl-extinstall>
<OOFUrl>https://ex2013.accessDOMAIN.net/EWS/Exchange.asmx</OOFUrl>
<UMUrl>https://ex2013.accessDOMAIN.net/EWS/UM2007Legacy.asmx</UMUrl>
<ServerExclusiveConnect>off</ServerExclusiveConnect>
</Protocol>Thank you for your time. I verified that the build number on outlook is greater than SP1. This would indicate that the hotfix was applied as it was included in cumulative rollups.
The output from the geet-outlookanywhere command is found below. I have adjusted the auth to basic as that is where I would like it to be.
[PS] C:\Windows\system32>Get-Outlookanywhere | fl Identity,*auth*,*hostname,*ssl
Identity : Exch07\Rpc (Default Web Site)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm}
ExternalHostname : legacymail.DOMAIN.net
InternalHostname : legacymail.DOMAIN.net
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : True
Identity : Exch13\Rpc (Default Web Site)
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
ExternalHostname : webmail.DOMAIN.net
InternalHostname : webmail.DOMAIN.net
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : True -
Exchange 2013 and 2010 co-existance
We will have 2013 and 2010 exist together for a while...we plan to move away from using Unified Access Gateway for HTTP redirection to our Exchange services and implement Kemp
load balancers...two at our HQ site and two at our DR stie...
We plan to have a one arm configuration...from what I gathered...each load balancer will have a network connection and only one network connection and be on the same network as
our new Exchange 2013 servers. Can someone take a look at my config and give some input whether or not this will work and some suggestion on Ex13 urls, cert SAN names, etc.
HQKemp 2400 A
HQKemp 2400 B
DCKemp 2400 A DCKemp 2400 B
172.16.1.104
172.16.1.105
172.25.1.104
172.25.1.10
Virtual IP 172.16.1.106
Virtual IP
172.25.1.104
From the video I’ve watched for Kemp install…we’ll create the following internal DNS records for the Exchange services that will be configured on balancers.
OWA/ECP
mail.corp.local.com
172.16.1.107
EWS ews.corp.local.com
172.16.1.108
OAB oab.corp.local.com
172.16.1.109
ActiveSync mobile.corp.local.co
172.16.1.110
OA oa.corp.local.com
172.16.1.111
Autodiscover autodiscover.corp.local.com 172.16.1.112
Question:
We will configure the Exchange services with these ip addresses linked to each service on all four load balancers?
Or will DR site load balancers have different IPs configured for same Exchange services?
Exchange services are split between our two sites…meaning Outlook Anywhere is configured for our CAS servers at our DR site and ActiveSync comes to HQ CAS servers as an example…so
I want all Exchange services to come through the newly installed load balancers at HQ and if they don’t respond…the Exchange services get redirected to the load balancers at our DR site.
Can you give some insight on the config of load balancers as to how we can do that?
I have a question about the cert we will have.
Our Microsoft rep says we should get a new wildcard cert…currently we have a UCC cert with the following SANs attached.
Will this new cert have to be installed on load balancers?
If so…can you suggest some ideas as to what new SANs I need if any of the new cert with Exchange 2010 and 2013 co-existing for a while.
Below are the SANs on our current UCC cert.
Outside resolvable SANs
Webmail.corp.local.com
205.223.19.25 portal.corp.local.com 205.223.27.78
Portal2.corp.local.com
205.223.19.25
Autodiscover.corp.local.com
205.223.19.25
Internal SANs
Hqcas1.corp.local.com
Hqcas2.corp.local.com
Dccas1.corp.local.com
Dccas2.corp.local.com
Owamail.corp.local.com
(this CAS Array server name that HQ CAS servers create)
What do you suggest we use for the external urls on Exchange 2013 for these services?
Our firewall guy says we’ll use same names,
but I’m not sure if we try to use same name if we’ll get an error?
Active Directory may say name already in use?
We plan to have firewall to just redirect requests for external urls to load balancers…sound correct?
Meaning load balancer won’t have an external NIC defined…which makes it a one arm config…correct?Hi Techy,
According to your description, I am still not quite sure about your environment. Could you please provide more information about it, such as:
1. How many Exchange servers in your coexistence environment? One Exchange 2010 with all roles and one Exchange 2013 with all roles? Or several Exchange 2010 and multiple Exchange 2013?
2. Are there two sites in your environment? What’s the Exchange deployment in different sites?
3. Please confirm if both Exchange 2010 and Exchange 2013 are Internet-facing.
Additionally, if you are using different namespaces for different services for internal access and external accessing, we need to include all service namespaces in your certificate with IIS service. Personal suggestion, we can follow ED Crowley’s suggestion
to use split-brain DNS in your environment and only use the same namespace for Exchange service URLs.
The following article described the details about how to configure different namespace for Exchange services by using Load Balance in Exchange 2013:
http://www.msexchange.org/articles-tutorials/exchange-server-2013/high-availability-recovery/introducing-load-balancing-exchange-server-2013-part2.html
Regards,
Winnie Liang
TechNet Community Support
Maybe you are looking for
-
How to attach & send mp3 w/e-mail app?
How do you send an mp3 as an attachment (using the iPhone 3G e-mail app) which is stored in the iPhone 3G iPod files as an attachment in an e-mail? I don't have a 3Gs, but a 3G w/OS 3.1
-
My tool panel has frozen, I can't access hidden tols or dropdown menus I am using a macbook with trackpad
-
I installed 9.0.1.1.1 on a Win2k PC with default setup using the Oracle Installer. Afterwards, I also installed the OEM on the same machine. For some reason, when I login to SQLPlus without specifying an Host String, SQLPLus always logins into the OE
-
What is the trick in adding a "secondary zone" to my DNS server
Hello, I am having a hard time adding a secondary zone to my dns server. I followed the instructions carefully but I still get the "refuse" on my zone transfer. Do I need to go to the "NIC" of my interface card and make the primary DNS as the server
-
SUN T2000 and SOLARIS10 01/06
Hi, has anyone heard about problems with the above mentioned configuration? We got 1x T2000 / SOL10 1x 280R / SOL 8 in same subnet. snoop at 280R "snoops" the whole network traffic snoop at T2000 "snoops" less than ten percent of the snoop from 280R.