[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1074
  • Last Modified:

SAN SSL Certificate

Hello all and thank you in advance for taking the time to answer my question.

I have 2 Exchange 2010 servers in the same forest, different locations, different IP's, different domains. Exchange 1 is primary Exchange 2 is secondary.

mx and dns records points to ex1mail.exchange.com IP , ex2mail.exchange .com IP.

I need to purchase a SAN SSL Cert where ex1mail.exchange.com is primary and ex2mail.exchange.com is secondary.

 iPhone and OWA users can connect to both sites using either dns now but ex2mail.exchange.com gives a cert error since I have not purchased and installed it yet.

My question is: If Exchange 1 becomes unavaiable (internet drops) will the outside users (mainly iPhones) automatically failover to the secondary Exchange activesync site on the SSL cert.
0
NucorUT
Asked:
NucorUT
  • 2
  • 2
  • 2
1 Solution
 
Paul MacDonaldDirector, Information SystemsCommented:
I would expect access to fail over, but for users to be warned about the certificate error.

That said, since it's a SAN certificate, you should be able to put both ex1mail.exchange.com and ex2mail.exchange.com on the same certificate.
0
 
NucorUTAuthor Commented:
Thank you that was my thinking as well but having never tried this I wanted to make sure before spending $900 on a cert.
0
 
Paul MacDonaldDirector, Information SystemsCommented:
$900 is a bit much.  Digicert will sell you a SAN certificate for about $350/year.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Jamie McKillopCommented:
Hello,

I realize an answer has already been accepted but i don't believe your question has been fully addressed.

First, can you explain what you mean by "primary" and "secondary" sites? Are you using DAG or do you just have servers at each site?

In any case, if Exchange 1 becomes unavailable, your ActiveSync clients will not autmatically fail over to Exchange 2. To maintain service availability to your ActiveSync clients, you would need to use DAG and perform a site failover should you lose your internet connectivity in your primary site.

JJ
0
 
NucorUTAuthor Commented:
Primary would be the first Exchange server built. The secondary was added later. When the primary Exchange server goes offline mail still flows for the internal group at the location of the secondary server but external goes down.

Hope that makes sense.

DAG is not setup on either server.

Thanks JJ
0
 
Jamie McKillopCommented:
In that case, if your primary site goes down, users with mailboxes in that site will not be able to connect to ActiveSync. The only way to maintain availability in the event of a site failure is to use DAG.

JJ
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now