Solved

Certificate Server and OWA

Posted on 2007-04-09
5
325 Views
Last Modified: 2012-05-05
I am planning to demote one of my Windows 2003 DC to a member server and install a new DC. The DC that I will demote presently has Exchange 2003. I will like to install certificate server on Exchange for secure OWA access. Should I demote the DC with Exchange before or after installing certificate server? Or does it matter?

0
Comment
Question by:rbrindisi
  • 2
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
czcdct earned 125 total points
ID: 18877894
You cannot demote a Domain Controller that also has Exchange on it. You must construct a new server, move Exchange to it and then uninstall Exchange from the DC. Once Exchange is off the DC it is your decision on what you then do with it.

When you install Certificate Services you can no longer promote or demote or change the domain status or membership of a server without first remving Certificate Services.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18878053
What are you going to use Certificate services for?
Are you planning to issue every user with their own certificate for OWA access?
If not, then you should look at purchasing an SSL certificate rather than issuing your own. Self issued certificates will always generate an SSL certificate prompt when users connect, which doesn't look very good and could expose you to attack.

Simon.
0
 

Author Comment

by:rbrindisi
ID: 18881620
czcdct

Thank for the info. I was unaware that Exchange had to be removed first.

Simon

Where can these certificates be purchase and at what cost?
 
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 125 total points
ID: 18881642
There are lots of certificate vendors available. You can pay anything from US$20 up to US$600 or more.

For OWA protection I tend to suggest one of two.
GoDaddy or one of their resellers such as http://www.certificatesforexchange.com which cost US$20 a year. Advantages of these certificates is that they are trusted by most Windows Mobile 5.0 devices.

RapidSSL http://www.rapidssl.com (Geotrust) or one of their resellers, which cost $60 or less if you look around. RapidSSL have a 30 day trial certificate which is trusted by Windows so you can get a certificate to test the process and see how things work.

I use both - I have some sites on RapidSSL and some on GoDaddy, depends on the cost and the client.

Simon.
0
 

Author Comment

by:rbrindisi
ID: 18881672
Thank for all your help guys
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now