Hi everyone, I just wanted to ask some question regarding the exchange. I just started administering a network and found something strange. Well basically we have an exchange server 2003 hosted on windows 2003 that is also acting as a CA. Is this good practise to have a CA and exchange hosted on the same server? Also on the network there is a DC that is acting as a separate CA and both have totally different certificates. Is there a way to combine them on a single server? Thanks in advance.

On Wed, 20 Apr 2011 10:08:54 +0000, YPadmin wrote: >I just wanted to ask some question regarding the exchange. I just started administering a network and found something strange. > >Well basically we have an exchange server 2003 hosted on windows 2003 that is also acting as a CA. Is this good practise to have a CA and exchange hosted on the same server? If you onlyhave one server then it's what you have to do. But putting a CA on a shared machine isn't the best idea. Running it in a VM would be acceptable. >Also on the network there is a DC that is acting as a separate CA and both have totally different certificates. Is there a way to combine them on a single server? Not that I know of. You can reissue certificates from one of them and remove it. You should be asking this question in the O/S forums, though. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Personally, I wouldn't put a CA on either an Exchange Server or a DC. It complicates (amongst other things) recovery, maintenance and upgrades. As Rich suggests, consider virtualising machines to assist with role separation.Tony

Thank you both for the replies. I will ask in the O\S forums as suggested. However I have a questions regarding Exchange and the CA on it. I have noticed that in the CA on it, it has a certificate for one of the DC's but not the other. When we turn of this particular DC we loose connection to the exchange even though the other DC is still online. Is this because it doesn't have the certificate of the other DC? Thanks in advance.

On Thu, 21 Apr 2011 07:43:41 +0000, YPadmin wrote: > > >Thank you both for the replies. > >I will ask in the O\S forums as suggested. However I have a questions regarding Exchange and the CA on it. I have noticed that in the CA on it, it has a certificate for one of the DC's but not the other. When we turn of this particular DC we loose connection to the exchange even though the other DC is still online. Is this because it doesn't have the certificate of the other DC? What does "lose the connection" mean? If you have two DCs and you shut down the one that Exchange is using, it takes a while for Exchange to discover the problem and switch to the other DC. If you restart the system attendant service it should perform a topology discovery and switch to the active DC. It's quite possible that your Exchange server doesn't have the CA's root certificate in its local certificate store as a "trusted root certificate". That's easy enough to remedy, though. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP