We have recently installed Exchange 2016 into our Exchange 2013 environment, with the aim to eventually decommission the 2013 servers. Two DAGs - one in the 2013 environment and on in the 2016 environment.
When assign our SAN certificate to the relevant services (IIS, SMTP, POP and IMAP) the "Microsoft Exchange" certificate still has IIS assigned to it. Is this right, or should the IIS service only be assigned to the SAN certificate?
We are having issues accessing OWA externally, and I'm pretty sure it is the certificate configuration. Certificates we have are as follows:
- SAN certificate (IMAP, POP, IIS, SMTP)
- Microsoft Exchange (SMTP)
- Microsoft Exchange Server Auth Certificate (SMTP)
- Microsoft Exchange (2nd one on one of the 2013 servers) (IIS, SMTP)
There are two Microsoft Exchange certificates on one of our 2013 servers, not sure why.
Can anyone advise on how these should be configured? Is it safe to delete the duplicate Microsoft Exchange certificate on that one server?