Solved

SSL Certs and IP addresses?

Posted on 2013-11-04
8
187 Views
Last Modified: 2013-11-14
We have 2x sites with an exchange 2010 box @ each site.  ASite A and B

Site A has all production mailboxes, site B has none but both are configured the same settings in case we need to utilise site B.

Both have the same CAS and SSL cert installed.  We believe the server at site b is accepting the SSL EAS requests.

I want to either force production server to handle these requests.

Can i achive this?  Where does the external IP address (in our case a firewall) reside?  In the SSL cert or exchange?

Thanks
0
Comment
Question by:CHI-LTD
  • 5
  • 3
8 Comments
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39621280
To confirm on a test i see:

      The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
       Exchange ActiveSync was tested successfully.
       
      Additional Details
       
Elapsed Time: 9815 ms.
       
      Test Steps
       
      Attempting to resolve the host name mail.domain.co.uk in DNS.
       The host name resolved successfully.
       
      Additional Details
       
IP addresses returned: external IP address Site A, External IP address Site B
Elapsed Time: 124 ms.
0
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39621286
You need to check with your network team if any Load Balancer is configured to route the traffic to Site B, in that case it need to be blocked
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39621293
There isnt.  Both are in the same domain, over a VPN connection.
Trying to find out where the external ip addresses are stored?  SSL cert?  DNS?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Accepted Solution

by:
Ram Balachandran earned 500 total points
ID: 39621301
It  will be in router and then accessed by DNS
0
 
LVL 14

Assisted Solution

by:Ram Balachandran
Ram Balachandran earned 500 total points
ID: 39621311
Also, external IP address will be with Vendor/Service Provider from where you purchased IP addresss .  
Outside DNS will need to point to the address your ISP has given you on the outside.

Your MX Record needs to be the server that is going to receive your emails, in your case if GoDaddy is going to receive it and forward it to you, then it should be their IP Address and GoDaddy folks needs to be provided the internet facing IP of your firewall / router

Refer :

http://forums.msexchange.org/Which_IP_address_to_be_used_in_Exchange_server_(_External_IP_or_Internal_IP_)_%3F/m_1800562438/tm.htm
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39621324
ah yes, DNS on our domain....

With 123reg..
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39621349
Is there a way to prioritise the way in which EAS on device setup accesses mail.domain.com from external into our network(s) as it seems to be talking to the backup server?
Must be site a then site b.
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 39648463
found that there was a dns entry in there for the 2nd server which couldnt then connect to the other exchange server...
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This video discusses moving either the default database or any database to a new volume.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question