Solved

Can i  use same certificate on 2 different CAS Server across sites.

Posted on 2014-09-04
2
21 Views
Last Modified: 2016-06-13
Hi All

I have a question I have been playing with for a few days,

I have the following setup,
2 sites connected via a VPN and a DAG configured between sites.

Site 1-Head Office
2 exchange 2010 servers,
1 running CAS and Mailbox (this server is entry point to all clients for owa etc.)
1 running Hub, CAS, Mailbox. (this is the main server and a DAG Member)
We have a UNC certificate associated with all records pointing to remote access and its installed on both servers.

** Everything in this site works fine.
** The AD DNS server does not have a zone for the public domain with all the external records only the .local domain. Planning to change this soon.

Site 2.
1 exchange 2010 servers,
1 running Hub, CAS, Mailbox. (this is the main server for this site, a DAG Member and no entry point at this time but we intend to use it for redundancy)

** Currently all BD are on server in site 1.
** The AD DNS server does not have a zone for the public domain with all the external records only the .local domain. Planning to change this soon.

My questions are as follows:

1      on site 2’s the cas server can I use the same certificate I’m using onsite 1. in other words all clients currently use mail.domain.com which has an IP pointing to site 1, can I use that same certificate in site 2 and associate it with the CAS server there? (in the event of a failover I just change the records IP)
2      All smtp traffic come through site 1, when I test moving active databases to site 2, all email stay in the ques of exchange server in site one, they don’t get delivered. (I have not set AD replication through smtp so don’t know if this is a factor)
3      When I do set the active databases to site 2, webmail and remote services stop working, I get the infamous error when logging onto webmail, service unavailable because it’s been moved. I have read a lot about this being an internal external url issue.

All these issues im starting to think they all interlinked, and would like some help.

Cheers.
0
Comment
Question by:lcete
2 Comments
 
LVL 13

Accepted Solution

by:
George Sas earned 500 total points
ID: 40304659
You can use the SSL on both sites, this is the way to do it when you have multiple exchange servers you can use same SSL.
I recommend buying an SSL with multiple alternate names (SAN'S) to include both internal and external url, cas server names, and whatever you need more in one SSL, this will be cheaper at the end.

As for your replication issue I guess it has something to do with the site to site connection and routing.
Messages should be delivered to site two when you change active passive database.
Here is a nice reading for you :
http://technet.microsoft.com/en-us/library/dd638104%28v=exchg.150%29.aspx
http://technet.microsoft.com/en-us/library/dd638129%28v=exchg.150%29.aspx

And a complete guide :
http://www.msexchange.org/articles-tutorials/exchange-server-2010/high-availability-recovery/uncovering-exchange-2010-database-availability-groups-dags-part1.html
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now