[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Apply certifcate for DAG Exchange 2010 servers

Posted on 2013-11-11
10
Medium Priority
?
553 Views
Last Modified: 2013-11-15
We have two Exchange servers EX1 and EX2  in DAG and a TMG gateway.

Suppose I finish applying the SAN certificate on EX1. How can I then load the certificate on EX2.

Inaddition, how to load this certificate on TMG ?

Great Thanks.
0
Comment
Question by:AXISHK
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 20

Assisted Solution

by:Peter Hutchison
Peter Hutchison earned 400 total points
ID: 39639176
Run mmc, add the Certificates snap in for the Local MAchine, then you can view the certificate under Personal, Certificates and export it to a PFX file (you need to include the private certificate).
Then you can copy the PFX file to EX2 and import it there and the same for the TMG.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 400 total points
ID: 39639208
You can also use the Exchange Management Console to export and import the certificate.
If you use the Exchange management tools you can do everything from a single machine.

The only thing you may have to do on the second machine is install any root or intermediate certificate supplied by the SSL vendor.

Simon.
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 1200 total points
ID: 39639209
Why your DAG server require SAN certificates ?
SAN certificate required by CAS servers...
You can apply certificate to all servers in CAS array at once through Exchange MMC
You need to export exchange certificate on CAS server in .pfx format and need to import on TMG server.
Then you need to create Web listener on TMG to publish OWA
Please check below articles for how to import certificates and create web listener:
http://technet.microsoft.com/en-us/library/gg589609(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/gg589610(v=ws.10).aspx

Step by step publishing OWA with TMG
http://www.isaserver.org/articles-tutorials/configuration-general/Publishing-Exchange-Outlook-Web-App-OWA-Microsoft-Forefront-Threat-Management-Gateway-TMG-2010-Part2.html
http://www.windows-noob.com/forums/index.php?/topic/3124-how-to-publish-owaactivesyncoutlook-anywhere-exchange-2010-with-microsoft-forefront-tmg/
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:AXISHK
ID: 39640609
All roles are installed on a Exchange server. And two exchange run in DAG.
0
 

Author Comment

by:AXISHK
ID: 39640634
"You can apply certificate to all servers in CAS array at once through Exchange MMC".

How to do this ?

Actually, what my plan is
1. Run New-ExchangeCertificate -GenerateRequest to generate a .req file.
2. Submit the certificate to VeriSign.
3. Import the certificate to EX01.
4. My question is how to load the certificate to EX02 ? As I plan to apply a SAN certificate, I can include the EX02 name in the certificate.

Appreciate to give me more information on this.

Great tks
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39640879
Its not advised to install CAS and mailbox server roles on same server.
Once you get the certificate from verisign, you can just right click pending cert request in EMC and click on "Complete pending request".
Once scertificate impotrted on Exchange server, assign that certificate to Exchnage services, at this time wizard will allow to select all exchange servers (CAS Servers) from list.
Please check below arfticle for step by step instruction

http://support.godaddy.com/help/article/5863/installing-an-ssl-certificate-in-microsoft-exchange-server-2010
https://support.globalsign.com/customer/portal/articles/1310888-install-certificate---microsoft-exchange-2010
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/managing-certificates-exchange-server-2010-part1.html

Hope that helps
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39644471
@ MaheshPM "Its not advised to install CAS and mailbox server roles on same server."

Really? Where does it advise that? Microsoft.com only - not any forums. Anything else isn't a primary source.

The best practise is to have all of the roles on the same server.

The only people who want to split CAS from the mailbox role are those that want to use the Windows NLB - which the Exchange product team don't recommend.

Simon.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39645003
@Sembee2
You may install all Exchange server roles on single server.
Nobody will stop you.
I am sure that companies having midsize to big setup definitely seperate the exchange roles
For testing \ small size organizations which may not afford multiple servers can do all roles on single server
Why should I look for other sources when I am getting product information from product manufacturer?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39645125
You said it isn't advised to put all of the roles on to the same server. I asked you to provide evidence of that advice.

I can tell you right now that for all installations, including the biggest, that isn't the case.

I sit on a group with some of Microsoft's biggest customers (100,000 plus) and all of them have all roles on all servers. This has even been noticed by Microsoft with the dropping of the hub transport role in Exchange 2013. The functionality of CAS has also been changed because of this new model.

Every design I do has all roles on all servers, and has been the case for over two years.

Simon.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39646077
Below is the MS article which provide you information about role seperation
http://technet.microsoft.com/en-us/magazine/hh536214.aspx
Below MS article explains about HUB and CAS Together (Not Mailbox)
http://technet.microsoft.com/en-us/library/ee832795(v=exchg.141).aspx


"Its not advised to install CAS and mailbox server roles on same server" is my earlier comment. Unfortunately I have not found MS article recommendation to put CAS + Mailbox on same server.

Also found below link for multirole servers recommendations which is not practicable in all scenarios.  
http://technet.microsoft.com/en-us/library/dd298121(v=exchg.141).aspx

You are talking about Exchange 2013, still microsoft has kept 2 Roles atleast,
even in Exchange 2003 also there is Frontend - backend servers ?
Then why Microsoft has not published Exchange without any role in Exchange 2013?

If I have exchange design with 10 Servers, why should I install all server roles on all servers where may be as per design calculations, 4 servers (Hub + CAS) are enough for client connectivity and 6 mailbox servers in DAG are enough to load balance mailboxes ?
If I install CAS on all 10 servers, then I would require 10 SSL certs
Now you might ask me to deploy 6 servers with all roles ?
Instead of installing all roles on all servers, I will prefer to simplify deployment by seperating roles with HA.
This will also help me in case of troubleshooting, performance, management, administration, security, simplicity, recovery, role seperation.
One suggestion\recommendation cannot be useful in all situations.
Now I request you to please stop this debate as the topic has changed dramatically from original post.
At least I will stop commenting on this topic now.

Thanks
Mahesh
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question