[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 428
  • Last Modified:

OWA on second Exchange server

All servers are Windows 2003 SP1.
We run ISA 2004 Standard (Version: 4.0.2163.213).
All Exchange servers are 2003 SP2.
The entry point to and from the internet is the ISA 2004 server.

We currently have one production exchange server. This server is published through ISA. OWA can only be accessed through SSL and therefore there is a certificate that was imported into the publishing rule. I am in the midst of taking everyone to a new exchange box. Both servers reside on the private network and do not have public IP addresses. There is a test user that currently resides on the new server. They are able to send/receive email both internally and externally. However, when I try to use OWA for the test user how should it be setup?

Do I have to publish the new server as well or will the old one just forward the request?

Do I need to buy another certificate from Verisign for this new server?

Can I just use the same certificate to import into the new publishing rule since the certifictae is tied to only one hostname?

Or what else am I forgetting that I may need to do to have OWA work on this second box?

Any and all help is appreciated.

Thanks.
0
hiltzj
Asked:
hiltzj
  • 2
1 Solution
 
SembeeCommented:
You basically have two options.

1. You purchase a second certificate for the other server. It will need a second external IP address and a dedicated name. This second server is published through ISA server.
Users will need to know which server their mailbox is on, as redirection will not work.
You don't have to purchase one of Verisign's overpriced certificates, there are plenty of other choices.

2. You put a third server in front of the other two and configure it as a frontend server. The SSL certificate is moved to that server and it is the one that is published through ISA. That provides a single point of entry and Exchange handles the email without redirection.

You cannot expect traffic to go through the first server, it will simply redirect the browser to the other server's real name.

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.
0
 
hiltzjAuthor Commented:
So lets say my best option is to just set a cut off date and move everyone over on a Saturday or something. Would I then still have to purchase another certificate or could I just keep my current one and move it to the new server?
0
 
SembeeCommented:
As long as the certificate isn't issued to the original server's real name (so is issued to mail.domain.com and not server2.domain.com for example) then you can just move the certificate across and adjust your NAT settings on the firewall.

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now