How to add second IP address to Exchange MESA


I want to add a second IP address for Exchange to listen to.

I have a two node active/passive cluster, running Windows Server 2003 Enterprise 32-bit and Exchange Server Enterprise 2003.

I have a wildcard certificate for my domain (*, and everything works perfectly except for ActiveSync on my phone. This is because Windows Mobile 5.0 ActiveSync doesn't understand wildcard certificates.

To get around this problem I have created a new Certificate Authority on my PDC and issued a new certificate to a new HTTP virtual server. Having installed the root certificate in my phone I can access OWA on port 444 with no problems and no security warnings.

The problem is that ActiveSync doesn't allow you to use anything other than port 443 for ssl connections. As 443 is already in use for the wildcard certificate from a "real" third-party CA, I can't listen on port 443 on the exchange ip address.

To get around this, I have created a new IP & Network Name resources in the Cluster Administrator, and told IIS to listen on 443 on the new IP Address.

IIS seems to remember these new IP addresses when falling over, but I cannot set them in Exchange System Manager - which is where I would prefer to set them.

Is it possible to add the new IP Address to the list of possible IP Addresses in Exchange System Manager?

Peter Clark.
Who is Participating?
Strange, I don't see the port numbers and IP addresses here.  The only option I have for the Virtual Server is whether or not to enable FBA.

This article suggests that IIS6 will support host headers and SSL if you have SP1;
I don't know if it applies to a cluster, though, maybe you will have to try an experiment.
The IP address and port number are not properties that you can set in ESM, which is generally limited to security settings.

BTW, you may also be able to use Host Headers to solve your problem.  Unless you prefer the IP address method? Just a thought.
PJAClarkAuthor Commented:
In ESM on the HTTP Virtual server, I definitely can specify the the port numbers. The IP address is in a drop-down-list, which suggests very strongly that it's possible to have more than 1 IP address listed there.

I thought SSL connections ignore the host headers? And as such, if you want two different websites on SSL you had to have two different IP addresses, or two different ports?

PJAClarkAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.