Exchange 2010 CAS Role.
Hi, We have a working Exchange 2010 Server with CAS, Mailbox and Hub Transport Roles installed. Now we are looking at buying a second Server to move the CAS Role on to for security reasons. Ideally we are going to now setup Outlook Anywhere and ActiveSync. Is there any advice or best practice information on this? Is this easy to do? Does it mess up our current configuration. Currently we have a single certificate (not a SAN certificate) for securing OWA, what happens with this when we move the Role? Would buying a SAN certificate be a better option now that we are using multiple connection software. Any advice would be appreciated.
March 14th, 2011 11:13am

Hi, You can move it to other H/W, the things which you need to take care are, settings of VD,records for your OWA need to point to new server and certificate. if you are planning on using the same URL to access OWA, you can export your current cert from your existing CAS and import it into the new server. If you are planning to keep three URL for OWA,Active Sync, and Ooutlook Anywhere then buy new SAN certificate for these three URL and use it with new server. You can get some idea into below KB's How to Move an Exchange 2007 Client Access Server to New Hardware Keeping the Same Server Name: http://technet.microsoft.com/en-us/library/bb430751(EXCHG.80).aspx Anil
Free Windows Admin Tool Kit Click here and download it now
March 14th, 2011 12:54pm

Wow, this is more or less exactly what I am looking for. Is it best to uninstall the CAS Role from the existing Server first or install on the new one then remove the old one? Is it a straight forward uninstall? The new Server will have a different name, what happens then? Appreciate your help cheers Anil:)
March 14th, 2011 4:10pm

For removing CAS role you just launch setup from add/remove program and do it. As you are changing CAS server name, you can do it. you need to change your DNS records for new server and certificate you have used for this. Treat it you are going to install new server and remove old one. The thing you have to take care is certificate which you can export from old server and import to new CAS. http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspx Anil
Free Windows Admin Tool Kit Click here and download it now
March 14th, 2011 11:39pm

1. When it says are we going to keep the same Server name; what exactly does it mean? Physical Server, IIS Server? I cant find any documentation about what happens if I use a different Server name? 2. When I generate the new certifcate request where do I do it from? The existing Server or the newly installed CAS Server?
March 15th, 2011 7:32am

Hi dreynolds20, It means the CAS server name. If you want to use a different server name, you need to change your DNS records for new server and certificate should include the new hostname for CAS server. If you want to generate the new certificate request, you can do it on the newly installed CAS server. Thanks, Evan Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
March 16th, 2011 2:22am

Hi, You can configure one more CAS server and configure load balancing.SAN certificate is neccessary for exchange if you are go with autodiscover,EWS,OWA. You can buy a SAN certificate from Verisign or Thawte otherwise you can internally create SAN certificate please check the below link for internal SAN certificate creation. http://mshiyas.wordpress.com/2010/06/09/in-exchange-2010-now-have-san-certificate-creation-facility-for-autodiscoverews-and-owa/
March 16th, 2011 2:46am

Hi Evan, Cheers for your posting. Im getting a little confused, I have an existing Exchange 2010 Server and am going to build a new Server to hold the CAS Role. This new Server will have a different name. Server-mail01 - existing Exchange 2010 Server Server-cas01 - new CAS Role Server I am using a standard (non SAN) certificate for OWA only at the moment but will switch to a SAN certifciate when I move the CAS Role, all good so far. What would the correct process be for moving the CAS Role to a different Server (with a different name) and installing a SAN certificate. Step 1 - Build new Server, updates and required setup Step 2 - Remove existing CAS Role from Server-mail01 Step 3 - Add CAS Role to the new Server (or can two coexist at the same time) Step 4 - Generate new Exchange certificate on Server-mail01 that includes both Servers Step 5 - Wait for new certificate and add to original Exchange Server, then use powershell cmdlets to configure autodiscovery client Is this correct? 1. If this is right what happens to the OWA that I currently have setup - do I have to export the current certificate and import onto the new CAS Server? 2. Will this change the Server name when it exports and imports? 3. I dont understand what the effects will be on my existing mail flow if I move the Server bearing in mind I will have to wait days for a new certificate to turn up. Your help on this is greatly appreciated as the pressure is on and I cant afford downtime when this migration takes place.
Free Windows Admin Tool Kit Click here and download it now
March 17th, 2011 12:16pm

First you need to know what names you use to connect users to Outlook Web App, Outlook Anywhere nad/or Active Sync. Normally this isn't the CAS Servers FQDN but rather a easy to remember DNS name, like perhaps outlook.domain.com or something along those lines. If the certificate you are referring to is the self-signed certificate from the Exchange setup, then you have nothing to consider but if you use a post-installation requested certificate with perhaps outlook.domain.com as Subject Name, then you'll need to export it and reuse in the new CAS. Exporting/Importing certificates have no impact on the server name at all. You need to install the new CAS before uninstalling the old as not to break client access to mailbox data. Also please remember to update the CAS pointer on your mailbox databases with Set-MailboxDatabase <Mailbox Database Name> -RpcClientAccessServer <ClientAccessServer or ClientAccessServerArrayID> - Set-MailboxDatabase. Mail flow isn't affected since mail flow is controlled by Hub Transport role and you aren't messing with that. Jesper Bernle | Blog: http://xchangeserver.wordpress.com
March 18th, 2011 8:18am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics