It's been an interesting few days here in our office, as I took the opportunity of the end-of-August lull to do some major network reconfiguration and upgrades. Things didn't go quite as smoothly as I hoped (they never really do), especially as the process included moving our mailserver from an Exchange 2007 system running on a dedicated Windows Server 2008 box to an Exchange Server 2010 SP1 system running on a Windows Server 2008 R2 virtual machine – and at the same time retiring the Windows Server 2008 system, which had been our Active Directory Server.
The whole process was decidedly painless, even through the complex process of transitioning FSMO roles to a new Active Directory host (just don't forget to handle the Forest level roles as well as the Domain level roles!). The one real issue came in getting a new Server Assigned Name certificate for the Exchange 2010 server.
Exchange 2010 makes it easier to install and use a certificate, with a GUI-driven process for creating a new certificate request ready for handing off to a CA (we've been using GoDaddy's service as it's the cheapest source for SAN certificates we've found). However changing boxes means changing server names, and that also means that you'll need to rekey your certificates – so you'll need to generate a new certificate request for your new server, upload it to the certificate provider, jump through their authentication hoops, issue the new certificate with the new server names, and finally download and install the new certificate into your Exchange 2010 system.
Getting a SAN certificate can be a palaver, but with so many roles in an Exchange server now, you're going to need one! And once you have it, you're set up for the long term, with a certificate that can be updated on the fly, and used to handle all the external facing client servers in an Exchange farm…
Exchange 2010 builds on the work in earlier versions to support Exchange Active Sync, Exchange Web Services (needed if you want to support Macs running Entourage), and the now renamed Outlook Anywhere RPC over HTTP service. The latter's really quite useful, as it lets you use Outlook to connect to your mail server without having to use a VPN. Unfortunately it's a bit of a pig to test – as you can only really connect to it from outside your firewall.
One option is to use a 3G dongle or a tethered mobile phone to connect a PC to the public Internet and then see if you can make a connection to your mail server – we're quite fond of the WiFi hotspot function in Android 2.2 for this! IF you've got things right first time, then you're good to go as soon as Outlook reports a connection to your mailserver. However, if there's problem, it's not the best way to diagnose the fault – as the negotiation needed to set up a RPC over HTTP connection requires several steps.
That's where Microsoft's Exchange Server Remote Connectivity Analyser comes in. It's a web-based tool that contains tests for many of Exchange's remote access scenarios. You can use it to make sure that Exchange Active Sync is working for your mobile devices, that Exchange Web Services is running and synchronising correctly, that SMTP send and receive works, and that Outlook Anywhere is operating.
Testing Outlook Anywhere means entering in a username and password for a mailbox, so you may want to use a sacrificial account created for just this purpose (the site's secure, so you won't be sending your username and password over the Internet in the clear). All you need to do is fill in a form, with the settings you've configured in Exchange, and the service does the rest. A progress dialog shows what tests are being carried out, from determining endpoints to certificate exchanges. The resulting diagnostic should give you enough information to make the changes you need to get things working (ready for another test with Outlook and a 3G modem!). You can drill down in the report for additional information on your setup, with the tool acting as a best practice analyser as well as a diagnostic.
Microsoft's delivered a very useful tool here. It's easy to use and helps diagnose several scenarios that can be hard to test any other way. The real result is a recommended tool for any Exchange administrator out there.