If you would like to read the other parts of this article series please go to:
Introduction
In part 8 of this multi-part article series revolving around Exchange hybrid deployment based migrations to Office 365 or more precisely Exchange Online, we looked at what deploying Exchange 2010 hybrid servers will provide us with in terms of features and functionality. In addition, we configured the two Exchange 2010 Hybrid Deployment servers in a Windows Network Load Balancing (WNLB) farm.
In this part 9, we will continue where we left off in part 8. That is we will import and assign a third party certificate to IIS and SMTP on the Exchange 2010 hybrid servers. Moreover, we will configure the miscellaneous Exchange URLs on these servers to point to “hybrid.office365lab.dk”, which is the hybrid deployment coexistence FQDN, I have chosen for this specific environment.
Let’s get going…
Import & Enable Third Party Certificate on Hybrid Servers
When configuring a hybrid deployment, one of the requirements is a SSL certificate from a trusted 3rd party certificate provider. This certificate will be used to secure the communication between the on-premise Exchange 2010 hybrid servers, Exchange clients and Exchange Online.
Note:
We already have a SSL certificate from a trusted 3rd party certificate provider installed on the two Exchange 2007 servers in our on-premise environment. Since this is a wildcard certificate, we can use it for the hybrid servers without having to add an additional FQDN (hybrid.office365lab.dk) to it. This would of course have been required if we used an SAN certificate.
To use the wildcard certificate that is used for the Exchange 2007 servers, we need to export it to a file. Since we do not have a certificate wizard to do this (an Exchange 2010 feature only), we must use the Exchange Management Shell (EMS). So first, open the EMS and then type the following command in order to get the thumbprint for the certificate:
Get-ExchangeCertificate | fl Issuer, CertificateDomains, RootCAType, Thumbprint
Figure 1: Listing certificates on the Exchange 2007 servers
We can see there are two certificates installed on the respective Exchange 2007 multi-role server, one self-signed SAN certificate and a wildcard certificate from a trusted 3rd party CA provider. To export the wildcard certificate, we’ll use this command:
Export-ExchangeCertificate –Thumbprint <insert thumbprint> -BinaryEncoded:$true –Path c:\certificates\export.pfx –PasswordLGet-Credential).password
Enter any text in the User name field (this value is not stored/saved in the exported certificate) and then the password you wish to protect the exported certificate with.
Figure 2: Exporting the wildcard certificate from an Exchange 2007 server
With the certificate exported, switch over to one of the Exchange 2010 hybrid servers and open the Exchange Management Console (EMC). In the EMC, select “Server Configuration” and then right-click on one of the hybrid servers in the result pane. In the context menu that appears, select “Import Exchange Certificate” as shown in Figure 3.
Figure 3: Importing the wildcard certificate on the Exchange 2010 Hybrid Servers
In the “Import Exchange Certificate” wizard, point to the exported certificate and then specify the password used to protect it.
Click “Next”.
Figure 4: Import Exchange Certificate wizard – Introduction
On the “Select Servers” page, make sure to add both hybrid servers and then click “Next”.
Figure 5: Import Exchange Certificate wizard – Select Servers
On the “Import Exchange Certificate”, click “Import” to import the certificate.
Figure 6: Import Exchange Certificate wizard – Configuration Summary
Finally, click “Finish” to exit the wizard.
Figure 7: Import Exchange Certificate wizard – Completion page
Now that we have imported the certificate on both hybrid servers, it’s time to assign it to the required Exchange services. To do this, right-click on the certificate in EMC and then select “Assign Services to Certificate” in the appearing context menu.
Figure 8: Assigning the wildcard certificate to respective services
On the “Select Servers” page, make sure to add both hybrid servers and then click “Next”.
Figure 9: Assign Services to Certificate wizard – Select Servers page
On the “Select Services” page, tick “Simple Mail transfer Protocol (SMTP)” and “Internet Information Services (IIS)” and then click “Next”.
Figure 10: Assign Services to Certificate wizard – Select Services page
Finally click “Assign” and then “Finish”.
We have now imported and enable the required third party certificate.
Configure the URLs on the Exchange 2010 Hybrid Servers
With the third party certificate in place, we can now start configuring the Exchange URLs on the two hybrid servers. Basically we just need to point the internal as well as external URL for the respective virtual directories and the internal autodiscover URI to “hybrid.office365lab.dk”.
To do so using the Exchange Management Shell use the following commands for each respective virtual directory:
Outlook Web App (OWA):
Let’s begin with the internal and external URLs for Outlook Web App (OWA). For this we should use:
Set-OwaVirtualDirectory -Identity “EX03\OWA (Default Web Site)” -InternalURL https://hybrid.office365lab.dk/OWA -ExternalURL https://hybrid.office365lab.dk/OWA
Set-OwaVirtualDirectory -Identity “EX04\OWA (Default Web Site)” -InternalURL https://hybrid.office365lab.dk/OWA -ExternalURL https://hybrid.office365lab.dk/OWA
Figure 11: Configuring the Internal and External URL for the OWA virtual directory
Exchange Control Panel (ECP):
For the Exchange Control Panel (ECP), we should use:
Set-EcpVirtualDirectory -Identity “EX03\ECP (Default Web Site)” -InternalURL https://hybrid.office365lab.dk/ECP -ExternalURL https://hybrid.office365lab.dk/ECP
Set-EcpVirtualDirectory -Identity “EX04\ECP (Default Web Site)” -InternalURL https://hybrid.office365lab.dk/ECP -ExternalURL https://hybrid.office365lab.dk/ECP
Figure 12: Configuring the Internal and External URL for the ECP virtual directory
Exchange ActiveSync (EAS):
For the Exchange ActiveSync (EAS), we should use:
Set-ActivesyncVirtualDirectory -Identity “EX03\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync -ExternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync
Set-ActivesyncVirtualDirectory -Identity “EX04\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync -ExternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync
Figure 13: Configuring the Internal and External URL for the EAS virtual directory
Offline Address Book (OAB):
For the Offline Address Book (OAB), we should use:
Set-OABVirtualDirectory -Identity “EX03\oab (Default Web Site)” -InternalUrl https://hybrid.office365lab.dk/oab -ExternalURL https://hybrid.office365lab.dk/oab
Set-OABVirtualDirectory -Identity “EX04\oab (Default Web Site)” -InternalUrl https://hybrid.office365lab.dk/oab -ExternalURL https://hybrid.office365lab.dk/oab
Figure 14: Configuring the Internal and External URL for the OAB virtual directory
Exchange Web Services (EWS):
For the Exchange Web Services (EWS), we should use:
Set-WebServicesVirtualDirectory -Identity “EX03\EWS (Default Web Site)” -InternalUrl https://hybrid.office365lab.dk/ews/exchange.asmx -ExternalURL https://hybrid.office365lab.dk/ews/exchange.asmx
Set-WebServicesVirtualDirectory -Identity “EX04\EWS (Default Web Site)” -InternalUrl https://hybrid.office365lab.dk/ews/exchange.asmx -ExternalURL https://hybrid.office365lab.dk/ews/exchange.asmx
Figure 15: Configuring the Internal and External URL for the EWS virtual directory
Internal Autodiscover URI:
For the internal Autodiscover URI, we should use:
Set-ClientAccessServer –Identity EX03 -AutoDiscoverServiceInternalUri: https://hybrid.office365lab.dk/Autodiscover/Autodiscover.xml
Set-ClientAccessServer –Identity EX04 -AutoDiscoverServiceInternalUri: https://hybrid.office365lab.dk/Autodiscover/Autodiscover.xml
Figure 16: Configuring the Internal URI for the Autodiscover Service
This concludes part 9 of this multi-part article in which I explain how you configure Exchange hybrid deployment followed by migrating to Office 365 (Exchange Online).
If you would like to read the other parts of this article series please go to: