AXISHK
asked on
Apply certifcate for DAG Exchange 2010 servers
We have two Exchange servers EX1 and EX2 in DAG and a TMG gateway.
Suppose I finish applying the SAN certificate on EX1. How can I then load the certificate on EX2.
Inaddition, how to load this certificate on TMG ?
Great Thanks.
Suppose I finish applying the SAN certificate on EX1. How can I then load the certificate on EX2.
Inaddition, how to load this certificate on TMG ?
Great Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
"You can apply certificate to all servers in CAS array at once through Exchange MMC".
How to do this ?
Actually, what my plan is
1. Run New-ExchangeCertificate -GenerateRequest to generate a .req file.
2. Submit the certificate to VeriSign.
3. Import the certificate to EX01.
4. My question is how to load the certificate to EX02 ? As I plan to apply a SAN certificate, I can include the EX02 name in the certificate.
Appreciate to give me more information on this.
Great tks
How to do this ?
Actually, what my plan is
1. Run New-ExchangeCertificate -GenerateRequest to generate a .req file.
2. Submit the certificate to VeriSign.
3. Import the certificate to EX01.
4. My question is how to load the certificate to EX02 ? As I plan to apply a SAN certificate, I can include the EX02 name in the certificate.
Appreciate to give me more information on this.
Great tks
Its not advised to install CAS and mailbox server roles on same server.
Once you get the certificate from verisign, you can just right click pending cert request in EMC and click on "Complete pending request".
Once scertificate impotrted on Exchange server, assign that certificate to Exchnage services, at this time wizard will allow to select all exchange servers (CAS Servers) from list.
Please check below arfticle for step by step instruction
http://support.godaddy.com/help/article/5863/installing-an-ssl-certificate-in-microsoft-exchange-server-2010
https://support.globalsign.com/customer/portal/articles/1310888-install-certificate---microsoft-exchange-2010
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/managing-certificates-exchange-server-2010-part1.html
Hope that helps
Once you get the certificate from verisign, you can just right click pending cert request in EMC and click on "Complete pending request".
Once scertificate impotrted on Exchange server, assign that certificate to Exchnage services, at this time wizard will allow to select all exchange servers (CAS Servers) from list.
Please check below arfticle for step by step instruction
http://support.godaddy.com/help/article/5863/installing-an-ssl-certificate-in-microsoft-exchange-server-2010
https://support.globalsign.com/customer/portal/articles/1310888-install-certificate---microsoft-exchange-2010
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/managing-certificates-exchange-server-2010-part1.html
Hope that helps
@ MaheshPM "Its not advised to install CAS and mailbox server roles on same server."
Really? Where does it advise that? Microsoft.com only - not any forums. Anything else isn't a primary source.
The best practise is to have all of the roles on the same server.
The only people who want to split CAS from the mailbox role are those that want to use the Windows NLB - which the Exchange product team don't recommend.
Simon.
Really? Where does it advise that? Microsoft.com only - not any forums. Anything else isn't a primary source.
The best practise is to have all of the roles on the same server.
The only people who want to split CAS from the mailbox role are those that want to use the Windows NLB - which the Exchange product team don't recommend.
Simon.
@Sembee2
You may install all Exchange server roles on single server.
Nobody will stop you.
I am sure that companies having midsize to big setup definitely seperate the exchange roles
For testing \ small size organizations which may not afford multiple servers can do all roles on single server
Why should I look for other sources when I am getting product information from product manufacturer?
You may install all Exchange server roles on single server.
Nobody will stop you.
I am sure that companies having midsize to big setup definitely seperate the exchange roles
For testing \ small size organizations which may not afford multiple servers can do all roles on single server
Why should I look for other sources when I am getting product information from product manufacturer?
You said it isn't advised to put all of the roles on to the same server. I asked you to provide evidence of that advice.
I can tell you right now that for all installations, including the biggest, that isn't the case.
I sit on a group with some of Microsoft's biggest customers (100,000 plus) and all of them have all roles on all servers. This has even been noticed by Microsoft with the dropping of the hub transport role in Exchange 2013. The functionality of CAS has also been changed because of this new model.
Every design I do has all roles on all servers, and has been the case for over two years.
Simon.
I can tell you right now that for all installations, including the biggest, that isn't the case.
I sit on a group with some of Microsoft's biggest customers (100,000 plus) and all of them have all roles on all servers. This has even been noticed by Microsoft with the dropping of the hub transport role in Exchange 2013. The functionality of CAS has also been changed because of this new model.
Every design I do has all roles on all servers, and has been the case for over two years.
Simon.
Below is the MS article which provide you information about role seperation
http://technet.microsoft.com/en-us/magazine/hh536214.aspx
Below MS article explains about HUB and CAS Together (Not Mailbox)
http://technet.microsoft.com/en-us/library/ee832795(v=exchg.141).aspx
"Its not advised to install CAS and mailbox server roles on same server" is my earlier comment. Unfortunately I have not found MS article recommendation to put CAS + Mailbox on same server.
Also found below link for multirole servers recommendations which is not practicable in all scenarios.
http://technet.microsoft.com/en-us/library/dd298121(v=exchg.141).aspx
You are talking about Exchange 2013, still microsoft has kept 2 Roles atleast,
even in Exchange 2003 also there is Frontend - backend servers ?
Then why Microsoft has not published Exchange without any role in Exchange 2013?
If I have exchange design with 10 Servers, why should I install all server roles on all servers where may be as per design calculations, 4 servers (Hub + CAS) are enough for client connectivity and 6 mailbox servers in DAG are enough to load balance mailboxes ?
If I install CAS on all 10 servers, then I would require 10 SSL certs
Now you might ask me to deploy 6 servers with all roles ?
Instead of installing all roles on all servers, I will prefer to simplify deployment by seperating roles with HA.
This will also help me in case of troubleshooting, performance, management, administration, security, simplicity, recovery, role seperation.
One suggestion\recommendation cannot be useful in all situations.
Now I request you to please stop this debate as the topic has changed dramatically from original post.
At least I will stop commenting on this topic now.
Thanks
Mahesh
http://technet.microsoft.com/en-us/magazine/hh536214.aspx
Below MS article explains about HUB and CAS Together (Not Mailbox)
http://technet.microsoft.com/en-us/library/ee832795(v=exchg.141).aspx
"Its not advised to install CAS and mailbox server roles on same server" is my earlier comment. Unfortunately I have not found MS article recommendation to put CAS + Mailbox on same server.
Also found below link for multirole servers recommendations which is not practicable in all scenarios.
http://technet.microsoft.com/en-us/library/dd298121(v=exchg.141).aspx
You are talking about Exchange 2013, still microsoft has kept 2 Roles atleast,
even in Exchange 2003 also there is Frontend - backend servers ?
Then why Microsoft has not published Exchange without any role in Exchange 2013?
If I have exchange design with 10 Servers, why should I install all server roles on all servers where may be as per design calculations, 4 servers (Hub + CAS) are enough for client connectivity and 6 mailbox servers in DAG are enough to load balance mailboxes ?
If I install CAS on all 10 servers, then I would require 10 SSL certs
Now you might ask me to deploy 6 servers with all roles ?
Instead of installing all roles on all servers, I will prefer to simplify deployment by seperating roles with HA.
This will also help me in case of troubleshooting, performance, management, administration, security, simplicity, recovery, role seperation.
One suggestion\recommendation cannot be useful in all situations.
Now I request you to please stop this debate as the topic has changed dramatically from original post.
At least I will stop commenting on this topic now.
Thanks
Mahesh
ASKER