Sunday, January 27, 2008, 9:30:32 PM | nospam@example.com (Mitch Roberson)
WOW what a week. I recently had to do an exchange 2007 single server migration from 2003 to 2007 it was great but there are some things that one must think about when doing this kind of deployment. one of the most important pieces is certificates. if you are putting multiple roles on the same server ie. mailbox/hubtransport/Clientaccess then you really need to think about certificates in depth.
when you have a domain that is named differently then your external domain name then you may have some issues with TLS especially if you are using outlook 2007. if your internal server name is exch.domain.local and your external is webmail.domain.com then you may have an issue maintaining TLS internally for owa and for autodiscover.
in order for outlook anywhere to work over the internet with tls the certificate has to match the website name you use. i.e. webmail.domain.com so if you purchase a public certificate they only allow subject alternative names for the same domain you are purchasing in most cases. So now when outlook tries to connect with TLS on the inside of your network. it will fail or come up with an error.
you can turn off the use encryption for outlook 2007 and it will keep you from getting the popup. So you just need to plan your deployment well. There are many steps to a migration and I will try to list some of the got you’s this week.
However there are other things to think about as well because exchange 2007 now has autodiscover services you need to ensure that the certificate and DNS are setup to handle this.
here is an excellent link that will help a lot.
Mitch's Blog 