Hi,
I’m hoping someone here can help me in regards to Exchange 2013, SSL certificates, IIS ARR and Remote Desktop WEbAccess/GW. Half of the issue is that i’m not an Exchange/IIS/windows admin so a lot of the concepts are relatively new to me. I do apologies if these questions are noobish, but after a solid hours searching around i’m no closer to a working solution.
The idea is that as we only have 1 public IP to have all HTTPS (443) traffic direct to the IIS server and based on the sub domain and it will redirect to the appropriate server. Ie. webmail.domain.com/owa to exchange, webRD.domain.com to RD Webaccess/GW server.
I have tried to configure this as a POC and it is partially working however i’m having two main issues. One with certificates for the services and second been WebAccess/ GW traffic routing.
Certificates: Focusing on OWA, the same thing happens to RD. When i access the webmail.domain.com/owa from a client on the external interface of IIS, IIS does its thing and redirects me to the exchange owa web interface. However the issue is that it presents me with the SSL cert of host.domain.com instead of the webmail.domain.com. So the questions is how do i create a cert the covers the external dns name without giving me an cert mismatch when it redirects to the local exchange server? Ideally i need two certs one created by me for POC testing and later on one by a trusted CA.
Also the second issue on certs is that it appears i’m only able to bind 1 cert to the entire IIS server. I have the relevant certs from the exchange server and TS server added to the cert repository under the IIS server settings. However under “site binding” for the “default Web Site” i can only have 1 cert bound to 443. The issue i see her is that since the server will be redirecting multiple sites i need it to host certs for multiple external site names. (webmail, webapps, webRDP, xxxx.domain.com)
WebAccess: The issue is after you log into the web portal from external client via external nic on IIS where it does its redirect, if you try to start the application it does not open with cannot connect to server. The issue appears to created because the client does not have direct access to the TS WebAccess server and the server does not have outbound access. I’ve searched around and could not find if the WebAccess server initiates the connection outbound once the client starts the app. I would of through that the connection would continue to get routed via the IIS Redirect. The issue is mediated when i add a direct link between the client and the TS server when the initial connection is from the client to the IIS external, however this is not a solution. Based on netstat there is an active connection between the client and TS webApp directly without IIS.
Any help with this major headache would be highly appreciated.
Thank you.
Layout of the setup http://i58.tinypic.com/2exai48.jpg
