It is a good check list.
I just wanted to confirm regarding SSL certificate. We have Exchange 2010 servers with SSL certificate. I am going to install Exchange 2013 CAS and mailbox servers on separate servers. Since, our OWA, ActiveSync URLS are going to be remain same. I think I can just use the same certificate we are currently running on Exchange 2010. Do you see any issues in that?
Second: In our Exchange 2010 certificate we also have FQDN of all Exchange 2010 servers but if I use that same certificate it would have Exchange 2013 server’s FQDN. We have same URL for OWA from internally and externally. Do we even need FQDN in SSL certificates in Exchange 2010 and Exchange 2013?
No FQDN’s required provided none of your internal/external URLS and AutoDiscoverServiceInternalURI set on the CAS points to a URL in the cert and you can use the same cert if the URL’s are the same and if exchange 2013 accepts the format…
One more question. Although, all our users uses same messages.company.com from Intranet or Internet. But I have just noticed that OWA, OAB is showing Internal URL as FQDN. Although, no one uses that. I think it is default setting which it picks up automatically.
So does it means that when I install Exchange 2013 I should change Internal URL to same as External URL since, no one uses internal URL.
I am just wondering if Exchange 2013 OWA and OAB directories have Internal URL as FQDN by default and SSL certificate does not have FQDN then Outlook would prompt for certificate error or it would not?
We already have this in place and it works. My confusion is that Virtual directories Internal URL in Exchange 2010 are still FQDN. I think if we do not have FQDN in SSL certificate Outlook would prompt for certificate error. Or we need to change Internal URL same as External URL and then we do not need FQDN in SSL certificate. Especially with Exchange 2013 since SSL certificate would not have Exchange 2013 FQDN in SSL certificate.
I just installed Exchange 2013 and changed Internal URl to same as External URL. Used the same certificate with External URls but without Exchange 2013 FQDN. Since, we are still going to keep External URL pointing towards Exchange 2010 for couple of weeks until then it seems if I change autodiscoverserviceinternaluri to External URL Exchange 2013 does not map with mailbox which is obvious since autodiscover is still pointing to Exchange 2010.
So in my understanding if you want to install Exchange 2013 in co-existence and keep it running with Exchange 2010 without making any changes and moving external URl to Exchange 2013 then you need Exchange 2013 FQDN so no Exchagne 2010 user sees Certificate error in Outlook.
I am wondering in large organizations do people switch the external URLs to new servers you just installed.
I am a big fan of the blog
but something looks off to me
why do you need this”Load Balancer with GEO Global Multi-Site LoadMaster capability to ensure datacenter outages do not affect production” ?
do you have a third site?