[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 217
  • Last Modified:

Multiple OWA on one IP (no front end back end)

We've had a single Exchange server behind an ISA for awhile. OWA was set up with certificates yada yada. Well. We added a new Exhagne server and anyone on said new server cannot get thier webmail. I created a new certificate for the new exchange server and hooked the certificate onto the ISA server with a new listener. However all requests for the old domain name seemed to want the new certificate. I jiggled a few settings and got the original cert back but is there a was I can trick ISA into allowing both servers to pass through. What if I instaled the older certificate into the new exchange server IIS?
0
Tennessee_Pride
Asked:
Tennessee_Pride
  • 5
  • 2
1 Solution
 
Tennessee_PrideAuthor Commented:
I tried putting the old certificate in the new server, it asked for a secoind login and didnt return all of the proper stuff..images missing, red x's etc
0
 
jabiiiCommented:
Are the servers using the same dns name? could be a client issue.
0
 
Tennessee_PrideAuthor Commented:
Well...one server has been published via ISA as webmail.tnpride.com. The new server I was going to publish as dkmail.tnpride.com however the ssl listener is using the webmail.tnpride.com certificate and if I try to create a new listener using 443 it gets all testy and says that the current rule is using the certificate. Basicaly, two internal exchange servers in a non-front end back end configuration trying to publish both OWA sites out of one IP address
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
jabiiiCommented:
hmm, if it's the same iP you should be able to use the came cert, and dns name.
a second cert will only confuse the boxes. and the client machines.

Every time you try to load it, it should give you an error, saying you already had x cert for this box, instead of this one....
0
 
Tennessee_PrideAuthor Commented:
So theoretically


External DNS (webmail.tnpride.com 65.105.216.133) ---- (webmail cert on listener)ISA ----------Exchange 1 (webmail cert on IIS) ------- Exchange 2(webmail cert on IIS)
these exchange servers are on different subnets

should I change any hosts files?
0
 
SaineolaiCommented:
I think you will run into problems with this configuration.  Have a look at this document for an indepth explaination.  I'm not sure if there are other solutions.

http://www.isaserver.org/tutorials/2004wildcardcert.html
0
 
Tennessee_PrideAuthor Commented:
hmmm..I was using Forms based authentication. The walkthrough said to set it for Basic. If I set it or basic and set the exchange http to use forms then one works fine (original one) and the second one gives a 440 login time out error. If I turn off basic on ISA and use Forms then the original exchange server works fine but the second one returns links with no images (red x'x) and a login box on the left colum if you ty to go to any link. very strange stuff..Ill keep bangin on it
0
 
Tennessee_PrideAuthor Commented:
The 440 was fixed with this
http://msmvps.com/blogs/cgross/archive/2004/08/08/11472.aspx
but the posted article was pretty much what got me goin.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now