Can i use same certificate on 2 different CAS Server across sites

Hi All
I have a question I have been playing with for a few days,
I have the following setup,
2 sites connected via a VPN and a DAG configured between sites.
Site 1-Head Office
2 exchange 2010 servers,
1 running CAS and Mailbox (this server is entry point to all clients for owa etc.)
1 running Hub, CAS, Mailbox. (this is the main server and a DAG Member)
We have a UNC certificate associated with all records pointing to remote access and its installed on both servers.
** Everything in this site works fine.
** The AD DNS server does not have a zone for the public domain with all the external records only the .local domain. Planning to change this soon.
Site 2.
1 exchange 2010 servers,
1 running Hub, CAS, Mailbox. (this is the main server for this site, a DAG Member and no entry point at this time but we intend to use it for redundancy)
** Currently all BD are on server in site 1.
** The AD DNS server does not have a zone for the public domain with all the external records only the .local domain. Planning to change this soon.
My questions are as follows:
1      on site 2’s the cas server can I use the same certificate I’m using onsite 1. in other words all clients currently use mail.domain.com which has an IP pointing to site 1, can I use that same certificate in site 2 and associate
it with the CAS server there? (in the event of a failover I just change the records IP)
2      All smtp traffic come through site 1, when I test moving active databases to site 2, all email stay in the ques of exchange server in site one, they don’t get delivered. (I have not set AD replication through smtp so don’t know
if this is a factor)
3      When I do set the active databases to site 2, webmail and remote services stop working, I get the infamous error when logging onto webmail, service unavailable because it’s been moved. I have read a lot about this being an internal
external url issue.
All these issues im starting to think they all interlinked, and would like some help.
Cheers

Answers to your questions:
Yes.  Understand that until you swap your external DNS so it points to Site 2, the mail.domain.com won't be accessed, but it will be there for when you want it to be.
AD replication is not the issue, so don't try to set it to use SMTP.  If you have hub servers in both sites, your inbound Internet email should be delivered from the Site 1 hubs to the Site 2 hubs.  We may need more information before we can give
you a good answer for this question.  However, you may check the following TechNet article (and its links) for assistance. 
http://technet.microsoft.com/en-us/library/aa998825(v=exchg.141).aspx
Web access requires that the CAS you connect to be either externally accessible and in the same site as your mailbox server, or that the CAS in the inaccessible Windows site needs to be configured as internal only and the accessible CAS needs to be configured
to proxy connections.  For this, make sure you have followed the directions in the following TechNet article.
http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
HTH ...

Similar Messages

  • In Bte can i use same Product for 2 different process

    in Bte can i use same Product for 2 different process

    hi
    as per i know yes but since there r two type of interface behaviour is defferent .
    For
    Publish & Subscribe interfaces 
    if any event occur in this type both the process can work simultaneously and they will not intervene each other
    whereas in
    Process interfaces
    at an time any one process can be active.
    Reward if usefull
    Cheers
    Snehi

  • Can we use same number range for different  fields

    can we use same number range for different  fields. how can we see the number range defined for a particular field

    Hai,
    Yes you can have same number range for different fields  by using the same domain to the data elements that are user to your two fields.
    To see the range:
    Go to SE11,Type table Name open it-->double click on the DataElement adjasent to the field name ,You will get Domian ,Double click on Domain You will get Domain.There See Value range option .Value range cam also be defined by Value Table which will also at the Doamin level.
    <b>Reward points if it helps you.</b>
    Regds,
    Rama.Pammi

  • Can we use same SOAP ACTION in different environments?

    Hi All,
    I have a doubt.
    Can we use same SOAP Action URL in different environments i.e suppose say Quality, Production and Pre production.And the Target URL is different in both environments.
    If yest what is the impact in different environment.

    Hi ,
    SOAP action is nothing but operation/method in webservice .
    Usually at end system end as a good practice/std they will maintain the same soap action name in all their environments,but it's always better to cross check url and soap action with end system folks before configuring in PI .
    We have faced an issue in production some time back ,at target system end they upgraded their server and used new wsdl which is almost similar to existing but one of the operation they duplicated by adding few addition fields but forgot to inform PI system.Though we are using new wsdl but pointed to old soap action .Interface got failed in PROD after investigation we come to know that we are using wrong soap action
    Regards
    Venkat

  • Can i use same address pool for different remote access VPN tunnel groups and policy

    Hi all,
    i want to create a different remote access VPN profile in ASA. ihave one RA vpn already configured for some purpose.
    can i use the same ip address pool used for the existing one for the new tunnel-group (to avoid add rotuing on internal devices for new pool) and its a temporary requirement)
    thanks in advance
    Shnail

    Thanks Karsten..
    but still i can have filtering right? iam planning to create a new group policy and tunnelgroup and use the existing pool for new RA  and i have to do some filetring also. for the new RA i have to restrict access to a particualr server ,my existing RA have full access.
    so iam planning to create new local usernames for the new RA and new group policy with vpn-filter value access-list to apply for that user as below,  this will achive waht i need right??
    access-list 15 extended permit tcp any host 192.168.205.134 eq 80
    username test password password test
    username test attributes
    vpn-group-policy TEST
    vpn-filter value 15
    group-policy TEST internal
    group-policy TEST attributes
    dns-server value 192.168.200.16
    vpn-filter value 15
    vpn-tunnel-protocol IPSec
    address-pools value existing-pool
    tunnel-group RAVPN type ipsec-ra
    tunnel-group RAVPN general-attributes
    address-pool existing-pool
    default-group-policy TEST
    tunnel-group Payroll ipsec-attributes
    pre-shared-key xxx

  • HT1386 We have 3 ipods in family. Can I use same computer for 3 different itune accounts? When I plug in my Daughters ipod or ipad, my own library with all my music comes up, not hers, even when I've logged out and logged her in? Can anyone help? Thanks

    We have 3 ipods and 2 ipads in our house, with one computer. I have set up my own itunes account and one each for my two Daughters. When I try to add music or sync their ipads/ipods, my own library with my own music comes up, even when I have signed out of my own account and put their account in. Am I able to have 3 accounts on the same computer with seperate music libaries and able to sync without each persons music syncing onto the wrong device? Thank you.

    How to use multiple iPods, iPads, or iPhones with one computer
    http://support.apple.com/kb/HT1495
    How To Best Use and Share Apple IDs across iPhones, iPads and iPods
    http://www.nerdsonsite.com/blog/2012/06/07/help-im-appleid-confused/
     Cheers, Tom

  • Can I use same IP to static to internal server from external dedicated ip?

    M question is would it cause my problems if I had the outside interface external ip mapped to vlan2 with the same ip address as I am trying to create static route to my server? Or is this OK? Keep in mind these are imaginary ips.
    I was trying to use this command but it was not letting me:
    static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
    Here is the front end of my config
    ASA Version 7.2(4)
    hostname ciscoasa
    domain-name default.domain.invalid
    enable password DowJbZ7jrm5Nkm5B encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.6.254 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address 99.89.69.333 255.255.255.248
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1

    Since you are using the outside interface ip address in your static PAT, you should use the keyword "interface" as follows:
    static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255

  • Can I use two apple TVs in different locations in the same house?

    Can I use two apple TVs in different locations in the same house?

    Welcome to the Apple Community.
    You can use 2 or more Apple Tv's in different locations in the same house. You can even use them at the same time and watch the same content on each or choose different content.

  • Find My Phone - can I use same user + password for 2 phones?

    Just loaded the "Find My Phone" App on my new iPhone 4 and set it up. What a great tool for locating a lost iPhone. The only problem is that my wife and I have a joint mail and apple ID account.
    So, my question is can I use Same user name (mail account) and password for TWO iPhone 4's (mine and wifes)? I assume that would work since each phone has a different serial number, and it seems to be ok when connected to my computer to sync each phone separately.
    Any help would be appreciated, thanks.

    My phone was stolen a few days ago. It must be flat by now, I have had it locked by my service provider, Find my Phone still works but says it's in Sydney, I live in Melbourne. Is this accurate? How can it still find the phone if it's not on?

  • HT201250 Can I use Time Machine on two different Macs to back up to one external drive?

    Can I use Time Machine on two different Macs to back up to one external drive?
    I have one 1T Western Digital backup drive that works well with Time Machine and my MacBook Pro.  I now want to back up my wife's MacBook Air using Time Machine on her Mac and want to know if I can use the same WD external drive or if I need to get a 2nd back up drive?  If I can use one external drive for the two Macs do I need to do something special on the drive or will Time Machine do it automatically?

    Yes. You will need to configure Time Machine preferences on each computer to backup to the same drive. Note that you cannot connect the backup drive to both machines at the same time.

  • Can I use home sharing with two different Apple IDs?

    Can I use home sharing for two different Apple IDs?

    I have the same sort of problem I want to share two music liberys but my wife dos not like some of the music I do and I don't like some of her's but we like to share the music we both like.
    At the moment we have home shareing on but when my wife buy's music It downloads her's and my laptop and when I buy music it downloads to my laptop and my wife's.
    We want it so we can share music (home sharing) but only my music on my laptop and my wife's music on her laptop. 
    HOW?
    Sorry for the spelling I am dyslex.

  • Using same program-id in different RFC adapters

    Hi,
    I have the following question:
    Is it possible to use the same program-id in different RFC adapters for the same SAP backend?
    In gerneral, what are the naming-conventions or best practices for using program-ids for RFC adapters?
    Thanks for your answer!
    best regards,
    Hannes

    No,
    You should not use same program ID for different RFC adapters. It is recommended by SAP (check FAQ's on RFC).
    Although technically you can use but it gives you unpredictable behaviour based on connection pool.
    Regards,
    Satish

  • How to Use Same Asset Number with Different Sub-number

    Hi
    We want to sell some assets and buy them back on lease. We want to use same Asset number with different sub-number under the same company code. This new asset will be under different Depreciation Area (Statistical).
    We use external numbes for assets . And same asset number range is used by all compnay codes.
    Please suggest whether this is possible & how.
    With Regards,
    Nitin

    Hi,
    Go to field status for asset master data section and change the field status to optional for field Deactivation date, then follow the below steps.
    You can create an sub asset number to an asset, which is already deactivated by retirement as like normal sub asset creation with AS11.(While creating sub number, you need to remove cap date and deactivate dcate field manually from asset master)
    With this you can get new asset number as same as your old retired asset main number and but sub number will be different.
    To post to diff dep area, other than 01, then you first create an acq transaction type, which will post only to specific areas and then use the new asset number in ABSO to post acq with your custom TTY.
    I have tested and found working well in my system............Try now in your test client
    Thanks,
    Srinu

  • Integrating Exchange 2013 & Lync Server 2013: can't use a certificate with Seth-AuthConfig

    I'm trying to integrate Exchange and Lyn Server. One of the first steps is to bind a correct certificate to IIS on all of the CAS servers and set it as a main certificate in the global AuthConfig object. The certificate must be the same on all of the
    CAS servers because the autodiscover.domain.local DNS record points to all of them, and Lync Server uses this FQDN to access Exchange servers. The thumbprint of this certificate must be specified in Set-AuthConfig command run on an Exchange server.
    We have an internal enterprise CA. I generated a certificate on one of the CAS servers and bound it to all of the Exchange services. Then I exported it, imported it on the second CAS server and bound it to all of the services as well. Now Exchange correctly uses
    it for OWA, for example, and IE gives no security warnings when I connect to OWA.
    However, whenever I run Set-AuthConfig command on any server, it keeps telling me that
    The certificate with thumbprint XXXX was found but is not valid for use with Exchange Server (reason: PrivateKeyNotAccessible).
    The key IS accessible - I can export the certificate along with its private key. What's wrong?

    Here's the answer.
    It seems that the -Server switch in the Set-AuthConfig command is only used to specify where you want to look for the certificate with the given thumbprint. However, it's impossible to predict which Exchange server will actually perform the operation
    (the Server switch doesn't influence it a bit). It could be ANY server, even a mailbox one with no CAS role at all. And, of course, another Exchange server has no access to the certificate store of the CAS server where the certificate is actually stored. It
    was exactly the case in my environment.
    So in order to enable this certificate you must import it on ALL of your Exchange servers. You need't (and even shouldn't) enable it for any services on your mailbox servers if you don't want to, just import it.

  • How can I use same account in 2 iphone with diff contact list?

    how can I use same account number but other all totally diff such as contact list, application, everything ..... I found that it's bad on IOS5.
    when I used IOS4 .. old verison, I can keep my phone in diff data. Afte upgrade IOS 5, it's bad. Even take photo, it can not focus zoom in and out.

    how can I use same account number but other all totally diff such as contact list, application, everything ..... I found that it's bad on IOS5.
    when I used IOS4 .. old verison, I can keep my phone in diff data. Afte upgrade IOS 5, it's bad. Even take photo, it can not focus zoom in and out.

Maybe you are looking for

  • Downloading Photos from a Camera

    Does anyone have any experience using the Photos app with the camera connector kit? I am interested to know what cameras can be used with the iPad. I shoot with Nikon cameras and, of course, they can download to a computer through a USB connection. H

  • Acrobat 9 Pro Cannot select image and overlapping text

    I want to copy a section of a newspaper page that includes both text and graphics and keep it looking the same. When I draw the select box around the section using the mouse the box just disappears when I let go of the mouse button. I already did the

  • Cannot delete .mac web gallery albums

    Strange thing has recently happened to me. I deleted two albums both from the album pane and under the web gallery pane in Iphoto but the albums have not been deleted from my .mac web gallery. Is there any way to sync iphoto and the web gallery so th

  • I paid for pages on my iPad, do I have to pay to download on my mac?

    I paid for pages on my iPad, do I have to pay to download on my mac?

  • Unable to Connect, ORA 12154, Setup routine for Microsoft ODBC errors

    Hi all, I have a Windows 7 Enterprise 64bit SP1 system and I wanted to be able to connect to an oracle database server. However, I am facing a problem with ODBC configuration. I have currently installed both below in ... product\11.2.0\client_1 folde