Two sites, Two Exchange servers, same domain

Similar Messages

• If I have two Root CA in the same Domain, Do I have to configure two seperate locations for the CRLs

  Hello All
  Can someone please help me with the following question :)
  I asked the question, can you have two Enterprise Root CA in the same AD domain. This question was kindly answered by Paul
  here  the answer was Yes.
  As far as I believe the two important aspects from a client point of view (e.g. IE on Windows 7 PC for example) are
  1: Public key of the CA (e.g. the CA cert published in AD and therefore downloaded to the X509 store on your PC)
  2:  CRL (published via LDAP (in Configuration partition of AD), HTTP/S or File Share)
  I believe as long as you have access to the above two you can turn the CA off if you want.
  I believe the location of the CRL is detailed in the CDP which is detailed on the Certs issued but a given CA, so the client can look in the Cert and see what it states about the CDP and thereby get the list of revoked certs.
  If all of the above is correct?
  when I add a second Root CA to the same Domain, do I need to use a CA setup file (e.g. the text file, I believe with a .inf extension) to tell the CA setup routine to place its CDP at a location other than the  default location in case it overwrites
  the existing CRL at the default location. Basically I do not want to overwrite (delete) the current CRL when installing another Root CA or does the fully qualified X500 name of the CDP include the CA Name (and therefore be unique) and it will not over write
  the original?
  Thanks All
  AAnotherUser__
  AAnotherUser__

  > I believe as long as you have access to the above two you can turn the CA off if you want.
  Enterprise CAs are not intended to be offline. Therefore, you should not turn off them. If these root CAs issue certificates only to subordinate CAs, then you should consider to implement offline Standalone (not Enterprise) Root CAs.
  > I believe the location of the CRL is detailed in the CDP which is detailed on the Certs issued but a given CA, so the client can look in the Cert and see what it states about the CDP and thereby get the list of revoked certs.
  this is correct.
  > to place its CDP at a location other than the  default location in case it overwrites the existing CRL at the default location
  no, CDP locations should be defined in the post-installation script.
  > does the fully qualified X500 name of the CDP include the CA Name (and therefore be unique) and it will not over write the original
  yes, LDAP URL includes CA server's NetBIOS name to differentiate between CAs.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Is it possible to have two SCCM instances for the same domain

  Hello - I'm the IT Project Manager for an organization that has a single domain-production.
  In here, we have an instance of SCCM 2012 setup. This instance is used to build packages, images, testing, validations, modifications etc. as well as for production roll outs. The primary issues we have with this is there is no separation between test and
  prod, also, there are several packages, task sequences etc causing confusion in determining which is a test package and which is prod.
  Setting up a test domain does not seem to be a viable option for us, at least for now.
  So, my question is, can we have another instance of SCCM in the same domain that we can restrict only for the sake of testing & validations and then use the original one to deploy the tested (gold) packets.
  Just a thought!! Does it make sense? Any challenges that we could face?
  Thanks in advance 
  Jagan Pantina
  JP

  Hi,
  Yes you can no problem, you should avoid having Boundary / Boundary Groups used for Site Assignment that overlap and make sure that PXE request to the test/dev environment is restricted to one test subnet to avoid co-existance issues.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Two sites, two Macs?

  I know you can't edit the same site on two different Macs without a lot of fuss, but is it possible to have two sites on two different Macs both uploading to the same .Mac account? Or will they delete each other when uploading?

  I know you can't edit the same site on two different
  Macs without a lot of fuss, but is it possible to
  have two sites on two different Macs both uploading
  to the same .Mac account? Or will they delete each
  other when uploading?
  Yes. They will not delete each other as long as they have different site names. However, the last one uploaded will normally get the short url -- web.mac.com/username. The other one will require web.mac.com/username/iWeb/sitename

• Multiple ADFS farm or two IDP in same domain

  Greetings,
   I have requirement, please give me idea whether two ADFS farm is possible in the same domain. .
  Eg: one ADFS1 farm pointing to Webserver1 and another ADFS farm pointing to Webserver2.
  ADFS1 should act as point to contact for ADFS2.
  When traffic come and hit ADFS1, for webserver2. ADFS1 should give to ADFS2 for other process.
  Two IDP is possible in single Domain:
  ADFS2.0 for Web1 and Ping federate for web2.
  All traffic should pass through ADFS and then to ping federate to access web2 application.

  Forgive me - I still dont quite understand what's required..
  Because I have 2 physical sites with AD and Exchange, even though both sites are using the same domain and the same Exchange Mailbox Database, I still require 2 CAS arrays?
  Just to clarify, both DC's arent under separate sites within Active Directory Sites and Services - they are both members of the 'Default-First-Site-Name' site. Would this make any difference to the config I am aiming for?
  I can understand the concept of having 2 CAS arrays, one for physical site A and physical site B, so that their respective RDS servers outlook clients point to their own local exchange server - but if both exchange servers are replicating and using the one
  Mailbox Database, I'm not sure if that will cause any issues - Cant you only apply one CAS array per database?
  Also, if I am unable to use network load balancing because the software balancing service wont work with the cluster service, what IP(s) would I point the CAS array to - my guess is the local IP's of the exchange servers for its relevant site?

• Exchange servers in DMZ zone

  is it's right practice whether all exchange 2010 role servers in Dmz zone??
  or need to place only cas server in DMZ ZOne??

  Hello,
  It is required to place at least one writable Domain Controller with Global Catalog in every Ad site where Exchange servers are going to be deployed.
  Hope it helps,
  Adam
  www.codetwo.com
  If this post helps resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others
  find the answer faster.

• Two CAS Servers on the same domain but different AD Sites

  I have a customer that has 1 EXCH MB server & 1 EXCH server running the Hub Transport and Client Access roles. These two servers are in the same domain and reside in AD site A. Now he wants AD Site B (also in the same domain) to have 1 EXCH MB server
  & 1 EXCH server running the HUB/CAS role. The problem is the CAS role in site A is the only one that is public interfacing. The CAS server in site B has not certificates at all, and I want all the mail to re-route to the CAS server in Site A. Does anyone
  know how I can do that???

  The CAS in the internet facing site will proxy to the CAS in the non-internet facing site. And you do have a cert on that CAS in Site B. The default built-in one. However, if you have clients in Site B, you should replace that built-in cert with one that
  is trusted by clients such as Outlook and Lync etc...It doesnt have to be a 3rd party cert, it could be on that is trusted internally.
  http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
  Understanding Proxying and Redirection
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Exchange 2013 Site Resilience - Basic questions for setup in two seperate AD Sites, same domain

  I am just getting ramped up with Exchange 2013 and have a friend that I am assisting with planning an exchange 2013 deployment for.  I am not asking for step by step directions for setup, just asking for a basic overview so I can dig in to this and
  assist.
  Goal is to have an exchange server, one in NC and one in Switzerland in an active/passive mode for site resilience.  Both servers will be multi role servers. 
  This is a small organization, less than 50 users and on a budget for equipment.  HQ is in NC and the server will have all roles installed on a single server. Switzerland will have only one Exchange server for fail over.  There is only
  one domain total with two AD Sites. 
  My questions for clarity -
  1. Can I create a Site resilient deployment with two Exchange Multi Role servers in these locations?
  2. Currently, the organization does not have a Load Balancer.  Will this be required? 
  3. They do not have a third location for a Witness Server, what issues could potentially happen if the witness sits in one of the two sites?
  4. Any other basics for this design are much appreciated.  I am reading a lot, however a little confused as I read through the requirements.
  Thanks for your input and direction!
  Wall

  Hi
  Please find below answers to your questions.
  1. Can I create a Site resilient deployment with two Exchange Multi Role servers in these locations?
  Yes
  2. Currently, the organization does not have a Load Balancer.  Will this be required? 
  No you don't need to have a load balancer. As you are setting up the infrastructure in Active / Passive mode you don't need a dedicated LB for this.
  3. They do not have a third location for a Witness Server, what issues could potentially happen if the witness sits in one of the two sites?
  The issue with the witness server in primary or DR site is if your witness server is not responding your DAG won't work properly (failover). If you don't have a 3rd site then you can setup a witness server in your primary site and Alternate witness server
  to your DR site.
  4. Any other basics for this design are much appreciated.  I am reading a lot, however a little confused as I read through the requirements.
  I would recommend to use Exchange sizing calculator and technet is the best resource for you :)
  Kindly mark this as answer if it fulfill your requirements. :)
  Regards, Riaz Javed Butt Consultant Microsoft Professional Services MCITP, MCITP (Exchange), MCSE: Messaging, MCITP Office 365

• How can two independent DirectAccess servers be set up safely in the same domain?

  I've got a single-tier certificate authority running on a 2008 r2 domain controller with an expiring root certificate. I have a new 2012 r2 domain controller with a new single-tier certificate authority. I also have a DirectAccess server running on 2012
  server (two NICs, NAT, IP-HTTPS only). I'd like to get a new DirectAccess server set up running server 2012 r2 using the new CA for the various DirectAccess server and client computer certs. I can get the new environment working and flip machines from
  the existing implementation to the new implementation.
  I was previously told by a tech working one of my Microsoft support tickets that two independent DirectAccess servers can't run in the same domain. However, I posted a related question
  https://social.technet.microsoft.com/Forums/projectserver/en-US/ab53a314-91ea-4d40-afd5-6b8f62698547/2012-directaccess-and-expiring-certificate-authority?forum=winserverNIS and got a response indicating that two independent DirectAccess servers can run
  in the same domain. If I can carefully get a second server operational within the same domain, I can build a reg file to deploy to all machines prior to the cutover that will simulate the gpupdate for broken machines in the field, getting them connected so
  the policy can be properly pulled from a DC. Would anyone else be willing to confirm or elaborate on operating two independent DirectAccess servers in the same domain? What are the gotchas?

  Hi,
  Yes you can have 2 Da deployments in one domain.
  I have done this a number of times for customer when upgrading from UAG DA to 2012.
  Make sure you use different Group policies for the DA servers and Clients. make sure you target the client with only one GPO at a time. Also use different AD groups.
  You then change the GPO assignment to the clients and they will flip when the client does a gp update. I have done this for a site that had over 5000 clients and we didn't have one call about it.
  You can use DirectAccess Offline Domain Join for any broken machines.
  https://technet.microsoft.com/en-gb/library/jj574150.aspx
  Regards, Rmknight

• Exchange High availability between two sites with two servers

  Hi Team,
  I have a requirement to deploy exchange server 2010 between two sites. but i have limited resources to full fill this. below the summary.
  2 servers in two sites
  different subnets will user for two sites
  Need to deploy DAG.
  please let me know the considerations for this deployment. 
  Thank you

  Hi - In this scenario, you would setup the following: Site 1: Exchange 2010 Multi-Role server File Share location to place File Share Witness for the DAG Site 2: Exchange 2010 Multi-Role server The above will give you 2 nodes in the primary location and
  one node in the secondary location so that resources will stay in Site one. You will also need to enable DAC (Datacenter Activation Coordination) on the DAG so that the Cluster group can be managed by Exchange. Last but not least, you will want to restrict
  automatic failover of resources to Site 2 by blocking that action on the Exchange server in Site 2 using 'Set-MailboxServer <servername> -DatabaseCopyAutoActivationPolicy Blocked' This will make you manually failover to site 2 and not end up with resources
  there after a sudden failure or issue that is not impacting the entire site.Jason Apt Microsoft Certified Master | Exchange 2010

• How can I use the same domain.sites2 on two macs?

  I know iWeb is no longer supported but I still find it ok to manage my web site.
  I would like to work on the site from two macs. I thought I could just use the same Domain.sites2 on both macs but: if I move Domain.sites2 to dropbox folder, when I launch iWeb it does not know about it and creates a new empty Domain.sites2 in the Library/iWeb folder
  I do not want to have to manually make a copy of Domain.sites2 to Dropbox and then to the other mac's Library every time I switch computer.

  You may want to use :
  http://wyodor.byethost8.com/iwebsites/iWebSites.html
  Select "Choose new folder" from the File menu to select the folder on Dropbox where your domain file is.
  If that does not work, use:
  http://wyodor.byethost8.com/iwebsites/iWebDrop.zip
  (Unzip the file and drop the domain file on top of it)
  After that, you can open iWeb with your currently used domain file.

• Is it possible that Exchange UM could be configure with two call managers over the same sip?

  Hi,
  I have Cisco call manager 8.2 integrated with Microsoft Exchange Server 2010 Unified Messaging.
  Call manager has primary and secondary server. I created a sip trunk and linked primary CUCM with Exchange. Users can leave and get voice mails.
  Problem: In case that primary server is down (WAN is down) the users registered on secondary server but they cannot contact to Exchange Unified Messaging.
  I added  new UM Dial Plan with the same pilot and associated it to the secondary CUCM server. UM answered but do not recognize the extension number "is not a valid mailbox extension".
  Is it possible that Exchange UM could be configure with two call managers over the same sip, the same pilot number, different associated UM servers and get access to the same voice mail boxes?
  If not:
  Does exist a way to configure Exchange UM that will work if one CUCM server is down?
  Thank you,
  Peter

  Hi,
  I have Cisco call manager 8.2 integrated with Microsoft Exchange Server 2010 Unified Messaging.
  Call manager has primary and secondary server. I created a sip trunk and linked primary CUCM with Exchange. Users can leave and get voice mails.
  Problem: In case that primary server is down (WAN is down) the users registered on secondary server but they cannot contact to Exchange Unified Messaging.
  I added  new UM Dial Plan with the same pilot and associated it to the secondary CUCM server. UM answered but do not recognize the extension number "is not a valid mailbox extension".
  Is it possible that Exchange UM could be configure with two call managers over the same sip, the same pilot number, different associated UM servers and get access to the same voice mail boxes?
  If not:
  Does exist a way to configure Exchange UM that will work if one CUCM server is down?
  Thank you,
  Peter

• Can you have two Enterprise CA on the same AD Domain at the same time

  Hello
  Can someone please help me with the following question
  If I have a Windows 2003 R2 Enterprise Root CA on the AD Domain can I also Add a separate Windows 2012 R2 Enterprise Root CA to the same domain.
  We do not use Autoenrollment on the existing 2003 R2 CA.
  Network guys want to introduce a Cisco BYOD (Bring Your Own Devise) solution using Cisco ISE (Identity Services Engine) which uses SCEP/NDES and therefore need certificates from CA. The thing is the ISE recommend 2008 AD CS as a minimum
  Therefore I wonder if Installing a 2012 R2 Root CA that only provides certificates via the NDES/ISE solution would be a possibility. 
  I understand the Root CA Cert is held in a container under the 'Configuration' partition in Active Directory. Therefore can you have Two Root CA certs in the AD container at the same time for the same AD Domain/Forest?
  The idea would then be to migrate other services to the new CA and phase out the old 2003 R2 CA over time.
  Thanks All
  AAnotherUser__
  AAnotherUser__

  On Thu, 18 Sep 2014 09:18:43 +0000, AAnotherUser wrote:
  Therefore can you have Two Root CA certs in the AD container at the same time for the same AD Domain/Forest?
  Yes.
  Paul Adare - FIM CM MVP
  You are trapped in a maze of screens and ssh sessions all alike.
  It is dark, and you are likely to log off the wrong account. -- Nep

• "Setup encountered a problem while validating the state of Active Directory: Exchange organization-level objects have not been created, and setup cannot create them because the local computer is not in the same domain and site as the schema master. Run se

  Team,
  I am trying to Install Exchange on my Lab, getting below error
  message.
  The Schema Role is installed on Root Domain and trying to install
  exchange on Child domain.
  1 Root Domain - 1 Child domain. both are located on single site.
  “Setup encountered a problem while validating
  the state of Active Directory: Exchange organization-level objects have not been created, and setup cannot create them because the local computer is not in the same domain and site as the schema master. Run setup with the /prepareAD parameter and wait for
  replication to complete.”
  Followed below articles:
  http://support.risualblogs.com/blog/2012/02/21/exchange-2010-sp2-upgrade-issue-exchange-organization-level-objects-have-not-been-created-and-setup-cannot-create-them-because-the-local-computer-is-not-in-the-same-domain-and-site-as-the-sche/
  http://www.petenetlive.com/KB/Article/0000793.htm
  transferred the schema roles to different server on root domain, still no luck.
  can someone please help me.
  regards
  Srinivasa k
  Srinivasa K

  Hi Srinivasa,
  I guess, you didn't completed the initial setup schemaprep and adprep before starting the installation. You can do it as follows:
  1. Open command Prompt as administrator and browse to the root of installation cd and run Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
  After finishing this,
  2. Setup.exe /PrepareAD /OrganizationName:"<organization name>" /IAcceptExchangeServerLicenseTerms
  3. To prepare all domains within the forest run Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms. If you want to prepare a specific domain run Setup.exe /PrepareDomain:<FQDN of the domain you want to prepare> /IAcceptExchangeServerLicenseTerms
  4. Once you complete all of the 3 steps, install the pre-requisities for Exchange 2013
  5. Finally, run the setup program
  Hope this will help you
  Regards from Visit ExchangeOnline |
  Visit WindowsAdmin

• Simultaneous sync with two exchange servers - will it ever be possible?

  I fully understand that this is not possible at present (one has only to try to get a very clear pop-up message). I also understand that nobody can predict (or is willing to say) what is coming in future releases. My question is whether or not simultaneous syncing with two exchange servers is even theoretically possible. I don't undertstand exchange/ActiveSync well enough to even know if it's in the realm of possibility.
  If not, I'll try to find another way to do what I want (Gmail for calendar and contacts and work for mail, calendar and contacts) - I am open to suggestions. If it is, I'll have to figure out how important one (or the other) is to me for now and wait for the day when I can have my cake and eat it too.
  Thanks.

  I'm not sure if this is an ActiveSync limitation, but it might be since I don't believe accessing more than one Exchange account via ActiveSync with a Windows Mobile device is supported either, and ActiveSync and Windows Mobile are Microsoft products.