Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Can i  use same certificate on 2 different CAS Server across sites.

Posted on 2014-09-04
2
Medium Priority
?
53 Views
Last Modified: 2016-06-13
Hi All

I have a question I have been playing with for a few days,

I have the following setup,
2 sites connected via a VPN and a DAG configured between sites.

Site 1-Head Office
2 exchange 2010 servers,
1 running CAS and Mailbox (this server is entry point to all clients for owa etc.)
1 running Hub, CAS, Mailbox. (this is the main server and a DAG Member)
We have a UNC certificate associated with all records pointing to remote access and its installed on both servers.

** Everything in this site works fine.
** The AD DNS server does not have a zone for the public domain with all the external records only the .local domain. Planning to change this soon.

Site 2.
1 exchange 2010 servers,
1 running Hub, CAS, Mailbox. (this is the main server for this site, a DAG Member and no entry point at this time but we intend to use it for redundancy)

** Currently all BD are on server in site 1.
** The AD DNS server does not have a zone for the public domain with all the external records only the .local domain. Planning to change this soon.

My questions are as follows:

1      on site 2’s the cas server can I use the same certificate I’m using onsite 1. in other words all clients currently use mail.domain.com which has an IP pointing to site 1, can I use that same certificate in site 2 and associate it with the CAS server there? (in the event of a failover I just change the records IP)
2      All smtp traffic come through site 1, when I test moving active databases to site 2, all email stay in the ques of exchange server in site one, they don’t get delivered. (I have not set AD replication through smtp so don’t know if this is a factor)
3      When I do set the active databases to site 2, webmail and remote services stop working, I get the infamous error when logging onto webmail, service unavailable because it’s been moved. I have read a lot about this being an internal external url issue.

All these issues im starting to think they all interlinked, and would like some help.

Cheers.
0
Comment
Question by:lcete
1 Comment
 
LVL 13

Accepted Solution

by:
George Sas earned 2000 total points
ID: 40304659
You can use the SSL on both sites, this is the way to do it when you have multiple exchange servers you can use same SSL.
I recommend buying an SSL with multiple alternate names (SAN'S) to include both internal and external url, cas server names, and whatever you need more in one SSL, this will be cheaper at the end.

As for your replication issue I guess it has something to do with the site to site connection and routing.
Messages should be delivered to site two when you change active passive database.
Here is a nice reading for you :
http://technet.microsoft.com/en-us/library/dd638104%28v=exchg.150%29.aspx
http://technet.microsoft.com/en-us/library/dd638129%28v=exchg.150%29.aspx

And a complete guide :
http://www.msexchange.org/articles-tutorials/exchange-server-2010/high-availability-recovery/uncovering-exchange-2010-database-availability-groups-dags-part1.html
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question