Hey all,
I have begun migrating our exchange 2010 setup over to 2013, I have setup two CA servers with live IP addresses and one MD server on a local range, both CA servers are loadbalanced, external and internal URL's are setup to go to the external load balanced url (for now call it owa.bla.com) a wild card SSL has been installed onto the servers and OWA is accessible via https with the correct ssl.
imap and pop3 are another matter all together, when assigning the ssl to the system it says I need to use powershell it says this:
This certificate with thumbprint XXXX and subject '*.blah.com' cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-POPSettings to set X509CertificateName to the FQDN of the service.
pushing forward I went to the CLI and used set-popsettings -x509certificatename "owa.blah.com" which was successfully completed. going back to ECP I attempted to run this again with no love.
digging further into it I ran a get-popsettings |fl and get the following information:
RunspaceId : XXXXName : 1
ProtocolName : POP3
MaxCommandSize : 512
MessageRetrievalSortOrder : Ascending
UnencryptedOrTLSBindings : {[::]:110, 0.0.0.0:110}
SSLBindings : {[::]:995, 0.0.0.0:995}
InternalConnectionSettings : {md-1.office.blah.net:995:SSL, md-1.office.blah.net:110:TLS}
ExternalConnectionSettings : {}
X509CertificateName : owa.blah.com
Banner : The Microsoft Exchange POP3 service is ready.
LoginType : SecureLogin
AuthenticatedConnectionTimeout : 00:30:00
PreAuthenticatedConnectionTimeout : 00:01:00
MaxConnections : 2147483647
MaxConnectionFromSingleIP : 2147483647
MaxConnectionsPerUser : 16
MessageRetrievalMimeFormat : BestBodyFormat
ProxyTargetPort : 9955
CalendarItemRetrievalOption : iCalendar
OwaServerUrl :
EnableExactRFC822Size : False
LiveIdBasicAuthReplacement : False
SuppressReadReceipt : False
ProtocolLogEnabled : False
EnforceCertificateErrors : False
LogFileLocation : E:\Exchange 2013\Logging\Pop3
LogFileRollOverSettings : Daily
LogPerFileSizeQuota : 0 B (0 bytes)
ExtendedProtectionPolicy : None
EnableGSSAPIAndNTLMAuth : True
Server : MD-1
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=1,CN=POP3,CN=Protocols,CN=MD-1,CN=Servers,CN=Exchange Administrative Group
(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Netregistry,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=office,DC=blah,DC=net
Identity : MD-1\1
Guid : XXXX
ObjectCategory : office.blah.net/Configuration/Schema/ms-Exch-Protocol-Cfg-POP-Server
ObjectClass : {top, protocolCfg, protocolCfgPOP, protocolCfgPOPServer}
WhenChanged : 14/11/2013 11:23:13 AM
WhenCreated : 29/10/2013 3:01:14 PM
WhenChangedUTC : 14/11/2013 12:23:13 AM
WhenCreatedUTC : 29/10/2013 4:01:14 AM
OrganizationId :
OriginatingServer : adcore-2.office.blah.net
IsValid : True
ObjectState : Unchanged
seeing this I tried to change the ExternalConnectionSettings to match the certificate name (also tried the internalconnectionsettings)
and got this:
[PS] C:\Windows\system32>Set-PopSettings -ExternalConnectionSettings {owa.blah.com:995:SSL}The ExternalConnectionSettings property is read-only when the Mailbox role: Mailbox service server role is installed.
+ CategoryInfo : InvalidArgument: (:) [Set-PopSettings], ExInvalidArgumentForServerRoleException
+ FullyQualifiedErrorId : C197DF96,Microsoft.Exchange.Management.Tasks.SetPop3Configuration
+ PSComputerName : ca-1.blah.net
WARNING: Changes to POP3 settings will only take effect after all Microsoft Exchange POP3 services are restarted on
server MD-1.
any thoughts?
servers are setup like so:
ca-1.blah.net (live ip)
ca-1.office.blah.net(internal server)
ca-2.blah.net
ca-2.office.blah.net
both of these are load balanced onto owa.bla.com
Let me know if you need any more information.