Transfer Exchange 2003 to Exchange 2007 (P.7)

In the previous section, we have configured some of the necessary components in the Exchange 2007 environment, such as the CCR and Transport Dumpster configuration parameters.

In the previous section, we have configured some of the necessary components in the Exchange 2007 environment, such as the CCR and Transport Dumpster configuration parameters. In this article, we will work with licenses, one of the main areas of Exchange 2007. We will first check the license of what has changed on the Client Access Server of Exchange 2007 through the paper-making process. permission.

>> Transfer Exchange 2003 to Exchange 2007 (Part 1)
>> Transfer Exchange 2003 to Exchange 2007 (Part 2)
>> Transfer Exchange 2003 to Exchange 2007 (Part 3)
>> Transfer Exchange 2003 to Exchange 2007 (P.4)
>> Transfer Exchange 2003 to Exchange 2007 (P.5)
>> Transfer Exchange 2003 to Exchange 2007 (P.6)

License of Client Access Server

By default, Exchange 2007 installs self-specified licenses that are allowed to use on the Hub Transport and Edge Transport function servers in most cases. However, there are exceptions, such as using Edge Transport server features, such as domain security features. However, self-appointed licenses are not suitable for some Client Access Server features such as Outlook Anywhere and the ability to use Outlook Web Access permanently. Therefore we need to replace the self-specified licenses installed on the Client Access Server servers. In the example of the article, Client Access Server and Hub Transport co-exist on the servers so we will have to replace the Hub Transport server license.

In an Active Directory environment there is a Windows Certificate Authority (CA) capable of creating the necessary licenses. In addition to Exchange 2007, there are many other Microsoft software that require the use of licenses, such as Office Communications Server 2007. Once the Windows CA has been installed, we can create the CA itself without the cost of the license from a Public CA. Of course licenses issued by a Public CA are required on ISA Server because it approves public service requests such as Oultlook Web Access, Outlook Anywhere, and so on.

To create a new license for the Client Access Server, we first need to create a license request with the New-ExchangeCertificate command. It should be noted that licenses will use different names. Because the license requires different names, we will use the Subject Alternate Name attribute. In this example we will use the following names:

The server's FQDN, including hubcas1.neilhobson.com and hubcas2.neilhobson.com .
NetBIOS name of the server, such as hubcas1 or hubcas2 . Setting up the NetBIOS name for the server is not required, but doing so will not require you to receive warnings when using the server's NetBIOS name.
Domain name used for the system (in this example is neilhobson.com ) is only a single domain name being used. However, in cases where the Accepted Domain Name is added, we need to specify a name for them. There is a simple method to do this in Exchange 2007 SP1, using the –IncludeAcceptedDomains parameter of the New-ExchangeCertificate cmdlet to ensure that all Accepted Domains we have defined appear in the authorization request.
Automatic domain search, like autodiscover.neilhobson.com. In fact, they will use the new parameter –IncludeAutodiscover of the New-ExchangeCertificate command to serve this purpose. As the –IncludeAcceptedDomains parameter, this parameter ensures that the auto-search name for every additional approved domain name is included in the licensing request. We do not need to use this parameter, but if we use it we will not miss an additional additional domain name.
The name the user will use to access remote mail, such as email.neilhobson.com .

Create a license

To create a permission request, we will run the New-ExchangeCertificate command with several different parameters. The syntax of the full command looks like this:

New-ExchangeCertificate –GenerateRequest –Path c: hubcas1.txt –SubjectName cn = hubcas1.neilhobson.com –DomainName email.neilhobson.com, hubcas1, hubcas1.neilhobson.com –IncludeAcceptedDomains –IncludeAutodiscover –PrivateKeyExportable $ true

Inside:

GenerateRequest parameter: allows creating a license request file rather than a self-specified license.
Path parameter: is the location that specifies the file containing the authorization request, namely c: hubcas1.txt .
SubjectName parameter: link the license to a server name. In this example the license will be sent to hubcas1.neilhobson.com .
DomainName parameter: We need to make sure this parameter contains the external access name, NetBIOS name and Fully Qualified Domain Name (FQDN). This means that all names will appear in the license.
IncludeAutodiscover parameter: As with Accepted Domains, this parameter ensures that the additional Autodiscover Domain name is appropriate.
PrivateKeyExportable parameter: This is a useful tool for exporting licenses, such as when copying this license to an ISA Server.

This command then displays a symbol (Thumbprint) and a Subject Name as shown in Figure 1.

Transfer Exchange 2003 to Exchange 2007 (P.7) Picture 1

Figure 1: Output information when running the New-ExchangeCertificate command.

This command will also create the file c: hubcas1.txt on the Client Access Server. This is a file that requires the same license.

Transfer Exchange 2003 to Exchange 2007 (P.7) Picture 2

Figure 2: The content of the license request file.

As mentioned above, in this example, a Windows CA has been created and can be used to create licenses for Hub Transport and Client Access Server servers. Perform the following operations to create a license:

1. Go to the Web interface of this CA by opening the browser application and entering the following address into the address bar http:/// server / certsrv . Where 'server' will be replaced by the name of the server running Windows CA. We will then see the Welcome screen shown in Figure 3.

Transfer Exchange 2003 to Exchange 2007 (P.7) Picture 3

Figure 3: Windows CA Welcome Screen.

2. On the Welcome screen click on the Request a certificate link . The Request a Certificate screen will appear as shown in Figure 4.

Transfer Exchange 2003 to Exchange 2007 (P.7) Picture 4

Figure 4: Windows CA Request a Certificate Screen.

3. On the Request a Certificate screen, click the Submit an Advanced Certificate Request link . Then the Advanced Certificate screen will appear as shown in Figure 5.

Transfer Exchange 2003 to Exchange 2007 (P.7) Picture 5

Figure 5: Windows CA's Advanced Certificate Request screen.

4. On the Advanced Certificate Request screen, select the link Submit a certificate request by using a base-64-encoded CMC or PKCS # 10 file . Then the Submit a Certificate Request or Renewal Request screen will appear.

5. In the Saved Request field, paste the contents of the hubcas1.txt license request file. Next select Web Server for the Certificate Template field as shown in Figure 6.

Transfer Exchange 2003 to Exchange 2007 (P.7) Picture 6

Figure 6: Windows CA's Submit a Certificate Request or Renewal Request screen.

6. Once completed, click the Submit button and the Certificate Issued screen will appear as shown in Figure 7. Here, we will select the encoded DER option and then select the Download certificate link and save the resulting license file. (certnew.cer) locally on the Client Access Server.

Transfer Exchange 2003 to Exchange 2007 (P.7) Picture 7

Figure 7: Certificate Issued screen of Windows CA.

Conclude

In this section we have performed the first few steps in the process of replacing the license installed during the Client Access Server installation. The license creation process only needs to use a command in the Exchange Management Shell and create this license through the Certificate Authority Web site. In the next part of this series we will import and activate this license.