Do I need an ssl cert for owa for second exchange box?
We have two exchange boxes, A and B. A is set as the master and B is set as the secondary. Outlook email is working fine for both servers. For all users that have their mailbox setup on server A, they are able to access their email just fine from owa both internally and externally. For users that have their mailbox residing on server B, they are not able to access owa from anywhere. When server b users go to https://serverA/exchange, they get page cannot be displayed. However, when they are internal and they access http://serverB/exchange (not https), then owa comes up just fine, but I want them to use ssl. I compared the two and noticed that there is no ssl cert configured for server B but there is one for server A.
1. For the secondary owa server, do I need to add an ssl cert?
2. If so, do I create a new one or do I export the one from server A and import it into server B?
Thanks!
1. For the secondary owa server, do I need to add an ssl cert?
2. If so, do I create a new one or do I export the one from server A and import it into server B?
Thanks!
Comments
-
royal
Member Posts: 3,352 ■■■■□□□□□□
You need a dedicated Front End to provide a single namespace that can route to multiple backends. As you do not have a Front End Server and only have two Back End Servers, you will need to have two separate namespaces (https://ServerA and https://ServerB) and users must know which server their mailbox resides on and use the correct OWA URL accordingly. And if you move a user's mailbox, they'll need to be notified that their OWA URL changed.
Obviously it's best to have a Front End Server in these situations.“For success, attitude is equally as important as ability.” - Harry F. Banks -
phoeneous
Member Posts: 2,333 ■■■■■■■□□□
You need a dedicated Front End to provide a single namespace that can route to multiple backends. As you do not have a Front End Server and only have two Back End Servers, you will need to have two separate namespaces (https://ServerA and https://ServerB) and users must know which server their mailbox resides on and use the correct OWA URL accordingly. And if you move a user's mailbox, they'll need to be notified that their OWA URL changed.
Obviously it's best to have a Front End Server in these situations.
I "need" a front-end or is that just a suggestion? -
royal
Member Posts: 3,352 ■■■■□□□□□□
If you want to have a single namespace such as https://mail.domain.com/exchange that can pull up a user's mailbox that lives on either Backend Server, then it is required. If you can live with an https://ServerA.domain.com/exchange for users that live on ServerA and an https://ServerB.domain.com/exchange for users that live on ServerB, then no, it is not required.“For success, attitude is equally as important as ability.” - Harry F. Banks
-
phoeneous
Member Posts: 2,333 ■■■■■■■□□□
If you want to have a single namespace such as https://mail.domain.com/exchange that can pull up a user's mailbox that lives on either Backend Server, then it is required. If you can live with an https://ServerA.domain.com/exchange for users that live on ServerA and an https://ServerB.domain.com/exchange for users that live on ServerB, then no, it is not required.
I can live with two seperate url's. The only problem is, I dont have public dns setup for the secondary box, just the first one. After I create a new record for it , do I create its own ssl cert or import the one from serverA? Thanks for your help btw! -
royal
Member Posts: 3,352 ■■■■□□□□□□
You need a cert that has the ServerB.domain.com name on it due to the way SSL works.“For success, attitude is equally as important as ability.” - Harry F. Banks
-
phoeneous
Member Posts: 2,333 ■■■■■■■□□□
You need a cert that has the ServerB.domain.com name on it due to the way SSL works.
Thank you for your help!
