PJAClark
asked on
How to add second IP address to Exchange MESA
Hi,
I want to add a second IP address for Exchange to listen to.
I have a two node active/passive cluster, running Windows Server 2003 Enterprise 32-bit and Exchange Server Enterprise 2003.
I have a wildcard certificate for my domain (*.mydomain.com), and everything works perfectly except for ActiveSync on my phone. This is because Windows Mobile 5.0 ActiveSync doesn't understand wildcard certificates.
To get around this problem I have created a new Certificate Authority on my PDC and issued a new certificate to a new HTTP virtual server. Having installed the root certificate in my phone I can access OWA on port 444 with no problems and no security warnings.
The problem is that ActiveSync doesn't allow you to use anything other than port 443 for ssl connections. As 443 is already in use for the wildcard certificate from a "real" third-party CA, I can't listen on port 443 on the exchange ip address.
To get around this, I have created a new IP & Network Name resources in the Cluster Administrator, and told IIS to listen on 443 on the new IP Address.
IIS seems to remember these new IP addresses when falling over, but I cannot set them in Exchange System Manager - which is where I would prefer to set them.
Is it possible to add the new IP Address to the list of possible IP Addresses in Exchange System Manager?
Peter Clark.
I want to add a second IP address for Exchange to listen to.
I have a two node active/passive cluster, running Windows Server 2003 Enterprise 32-bit and Exchange Server Enterprise 2003.
I have a wildcard certificate for my domain (*.mydomain.com), and everything works perfectly except for ActiveSync on my phone. This is because Windows Mobile 5.0 ActiveSync doesn't understand wildcard certificates.
To get around this problem I have created a new Certificate Authority on my PDC and issued a new certificate to a new HTTP virtual server. Having installed the root certificate in my phone I can access OWA on port 444 with no problems and no security warnings.
The problem is that ActiveSync doesn't allow you to use anything other than port 443 for ssl connections. As 443 is already in use for the wildcard certificate from a "real" third-party CA, I can't listen on port 443 on the exchange ip address.
To get around this, I have created a new IP & Network Name resources in the Cluster Administrator, and told IIS to listen on 443 on the new IP Address.
IIS seems to remember these new IP addresses when falling over, but I cannot set them in Exchange System Manager - which is where I would prefer to set them.
Is it possible to add the new IP Address to the list of possible IP Addresses in Exchange System Manager?
Peter Clark.
Last Comment
ASKER
In ESM on the HTTP Virtual server, I definitely can specify the the port numbers. The IP address is in a drop-down-list, which suggests very strongly that it's possible to have more than 1 IP address listed there.
I thought SSL connections ignore the host headers? And as such, if you want two different websites on SSL you had to have two different IP addresses, or two different ports?
Peter.
I thought SSL connections ignore the host headers? And as such, if you want two different websites on SSL you had to have two different IP addresses, or two different ports?
Peter.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
*bump*
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
BTW, you may also be able to use Host Headers to solve your problem. Unless you prefer the IP address method? Just a thought.