Solved

Can i  use same certificate on 2 different CAS Server across sites.

Posted on 2014-09-04
2
38 Views
Last Modified: 2016-06-13
Hi All

I have a question I have been playing with for a few days,

I have the following setup,
2 sites connected via a VPN and a DAG configured between sites.

Site 1-Head Office
2 exchange 2010 servers,
1 running CAS and Mailbox (this server is entry point to all clients for owa etc.)
1 running Hub, CAS, Mailbox. (this is the main server and a DAG Member)
We have a UNC certificate associated with all records pointing to remote access and its installed on both servers.

** Everything in this site works fine.
** The AD DNS server does not have a zone for the public domain with all the external records only the .local domain. Planning to change this soon.

Site 2.
1 exchange 2010 servers,
1 running Hub, CAS, Mailbox. (this is the main server for this site, a DAG Member and no entry point at this time but we intend to use it for redundancy)

** Currently all BD are on server in site 1.
** The AD DNS server does not have a zone for the public domain with all the external records only the .local domain. Planning to change this soon.

My questions are as follows:

1      on site 2’s the cas server can I use the same certificate I’m using onsite 1. in other words all clients currently use mail.domain.com which has an IP pointing to site 1, can I use that same certificate in site 2 and associate it with the CAS server there? (in the event of a failover I just change the records IP)
2      All smtp traffic come through site 1, when I test moving active databases to site 2, all email stay in the ques of exchange server in site one, they don’t get delivered. (I have not set AD replication through smtp so don’t know if this is a factor)
3      When I do set the active databases to site 2, webmail and remote services stop working, I get the infamous error when logging onto webmail, service unavailable because it’s been moved. I have read a lot about this being an internal external url issue.

All these issues im starting to think they all interlinked, and would like some help.

Cheers.
0
Comment
Question by:lcete
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
George Sas earned 500 total points
ID: 40304659
You can use the SSL on both sites, this is the way to do it when you have multiple exchange servers you can use same SSL.
I recommend buying an SSL with multiple alternate names (SAN'S) to include both internal and external url, cas server names, and whatever you need more in one SSL, this will be cheaper at the end.

As for your replication issue I guess it has something to do with the site to site connection and routing.
Messages should be delivered to site two when you change active passive database.
Here is a nice reading for you :
http://technet.microsoft.com/en-us/library/dd638104%28v=exchg.150%29.aspx
http://technet.microsoft.com/en-us/library/dd638129%28v=exchg.150%29.aspx

And a complete guide :
http://www.msexchange.org/articles-tutorials/exchange-server-2010/high-availability-recovery/uncovering-exchange-2010-database-availability-groups-dags-part1.html
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
A hard and fast method for reducing Active Directory Administrators members.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question