Spoof your old dead Exchange Server

jeffstok — Tue, 09 Sep 2008 01:29:00 GMT

Ok, so if you have say, Citrix, or a standard image with Office pre-installed, then someone had to pick an Exchange server to point to for the Outlook profile creation wizard.

So sometimes, in large organizations, teams don't necessarily speak to one another before they make small decisions like which server to point to. The person creating the Office install might pick, say, his home mail server.

So when that mail server, years later, gets decommissioned, this can suddenly cause problems.

How do you fix this?

Simple! Glad you asked.

2 things need to be done.

1. Establish IP connectivity to the old server name. Easy enough, go into DNS and create a new A record for the old/missing Exchange server, with the IP of the server you'd like this task to point to.

2. Go into ADSIEdit, find the computer object for the target server, right click and hit properties. Scroll down to ServicePrincipalName and edit. Add the following type of record:

exchangeRFR/servername

Give that a little time to replicate around and voila, everything goes back to normal.

Why is step 2 necessary? Kerberos security rearing it's ugly head. The target server needs to know it's acting as the old server or it will refuse connections.

Note that this is a possible work around and may cause corrupt MAPI profiles on your clients. The real fix here is to address the install, or clients configured to a server that no longer exists.

Dude where's my PFE? : Kerberos

Spoof your old dead Exchange Server