MSExchangeGuru.com

Today we will see the steps to install or replace the steps of Exchange 2007. We will also see the changes required in the co-existence.

I would recommend to review this blog to know how to request new cert and review the private key: https://msexchangeguru.com/2012/07/24/edge-server-tls/

Exchange 2007 Certificate Installation and replacement

1. Get the certificate for the following urls from your certificate provider
   

   autodiscover.domain.com – for autodiscover

   legacy.domain.com – for Exchange 2007 owa and ews

   mail.domain.com – for owa, outlook anywhere, pop, imap, EWS and activesync

2. Go to Start Run
   
3. Type MMC hit enter
   

   
   

4. Click File à add/remove snap-in
   

   
   
   

    

5. Select Certificates à Computer accountàLocal Computer
   

   
   

6. Click ok then ok.
   

   
   

    

7. Browser to Personal à Certificates
   
8. Right Click here à Import certficate à Select .cer or .pfx (pfx file will ask password) à Click next à next and Finish
   

   
   

   
   

9. Certificate is installed but not enabled
   
10. Open Exchange management shell with run as administrator
    
11. Run the cmd to get the thumbprint:
    

    Get-ExchangeCertificate | fl Thumbprint,Friendlyname
    

12. Run the cmd to enable certificate and assign it to services
    

    Get-ExchangeCertificate -Thumbprint “thumbprint which we got in the previous cmd” | Enable-ExchangeCertificate -Services IIS
    

13. IISreset /noforce
    
14. You might need to run iisreset few times until services say stopped and started
    

    Are We Done?
    

    Answer is yes if this is the only certificate you have install on this server like.
    

    Answer is no if this is a renewal or new certificate installation means you had a working certificate.
    

    Exchange 2007 is way different than Exchange 2010 or 2013 which cannot work with multiple certificates for the same url. So we need to remove the old certificate other you owa will stop working because of existing certificate.
    

15. Got back to the below location, Export the old certificate for backup them remove the old certificate.

Select Certificates à Computer àLocal Computer à Browser to Personal à Certificates                               

             16. IISreset /noforce

             17. You might need to run iisreset few times until services say stopped and started

Co-Existence with Exchange 2013:

Here are some facts about Exchange 2007 co-existence with 2013:

• Exchange 2007 works differently than Exchange 2010 so it becomes important for OWA and EWS to use different urls.
  
• This also means we need to obtain a new certificate if you just have 2 urls mail and autodiscover.
  
• If we will use same url on both 2013 and 2007 for OWA and EWS then redirection will fail with most likely error “The Webpage has a redirect loop”
  

  
  

• If you have 3^rd url exist in the certificate then you can use this as legacy url on exchange 2007.
  
• Legacy can be replaced with any other word or url.
• Public host record is required for all 3 urls.
• Internal AD Host record is required for all 3 urls.
• So for co-existence with Exchange 2013 you need to use 3 urls mentioned below:
  

   

1. Mail.domain.com = Exchange 2013 OWA/POP/ECP/EWS/IMAP/OA/Activesync
   
2. Autodiscover.domain.com = Exchange 2013 and 2007 Autodiscover
   
3. Legacy.domain.com = Exchange 2007 OWA/POP/ECP/EWS/IMAP/OA/Activesync
   

Prabhat Nigam

Microsoft MVP | Exchange Server

Team@MSExchangeGuru

Posted September 20th, 2013 under CAS, Exchange 2007, Exchange 2013, OWA. RSS 2.0 feed. Leave a response, or trackback.