Solved

Can i  use same certificate on 2 different CAS Server across sites.

Posted on 2014-09-04
2
27 Views
Last Modified: 2016-06-13
Hi All

I have a question I have been playing with for a few days,

I have the following setup,
2 sites connected via a VPN and a DAG configured between sites.

Site 1-Head Office
2 exchange 2010 servers,
1 running CAS and Mailbox (this server is entry point to all clients for owa etc.)
1 running Hub, CAS, Mailbox. (this is the main server and a DAG Member)
We have a UNC certificate associated with all records pointing to remote access and its installed on both servers.

** Everything in this site works fine.
** The AD DNS server does not have a zone for the public domain with all the external records only the .local domain. Planning to change this soon.

Site 2.
1 exchange 2010 servers,
1 running Hub, CAS, Mailbox. (this is the main server for this site, a DAG Member and no entry point at this time but we intend to use it for redundancy)

** Currently all BD are on server in site 1.
** The AD DNS server does not have a zone for the public domain with all the external records only the .local domain. Planning to change this soon.

My questions are as follows:

1      on site 2’s the cas server can I use the same certificate I’m using onsite 1. in other words all clients currently use mail.domain.com which has an IP pointing to site 1, can I use that same certificate in site 2 and associate it with the CAS server there? (in the event of a failover I just change the records IP)
2      All smtp traffic come through site 1, when I test moving active databases to site 2, all email stay in the ques of exchange server in site one, they don’t get delivered. (I have not set AD replication through smtp so don’t know if this is a factor)
3      When I do set the active databases to site 2, webmail and remote services stop working, I get the infamous error when logging onto webmail, service unavailable because it’s been moved. I have read a lot about this being an internal external url issue.

All these issues im starting to think they all interlinked, and would like some help.

Cheers.
0
Comment
Question by:lcete
2 Comments
 
LVL 13

Accepted Solution

by:
George Sas earned 500 total points
ID: 40304659
You can use the SSL on both sites, this is the way to do it when you have multiple exchange servers you can use same SSL.
I recommend buying an SSL with multiple alternate names (SAN'S) to include both internal and external url, cas server names, and whatever you need more in one SSL, this will be cheaper at the end.

As for your replication issue I guess it has something to do with the site to site connection and routing.
Messages should be delivered to site two when you change active passive database.
Here is a nice reading for you :
http://technet.microsoft.com/en-us/library/dd638104%28v=exchg.150%29.aspx
http://technet.microsoft.com/en-us/library/dd638129%28v=exchg.150%29.aspx

And a complete guide :
http://www.msexchange.org/articles-tutorials/exchange-server-2010/high-availability-recovery/uncovering-exchange-2010-database-availability-groups-dags-part1.html
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Read this checklist to learn more about the 15 things you should never include in an email signature.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video discusses moving either the default database or any database to a new volume.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question