W2008.areyou.com forest and domainDNS:
mx record is created for areyou.com
mx record is created for itsme.com.
The Host (A) record is created in areyou.com zone.
For the local CA, it is important that the CA certificate is put into Trusted Root Certificate Authorites.http://edgecomputer.areyou.com/certsrv
Request a certificate --Advanced Request--
Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
Open the c:\itsme.req in notepad.exe and copy the certificate and past it in the box.
Additional Attributes must be set to EnhancedKeyUsage:Server Authentication
Switch to EdgeComputer.areyou.com
Certificate Authority--Pending Approval--Issue the Certificate
Switch back to Canada.itsme.com computer;
HTTP://edgecomputer.areyou.com/certsrv
View the status of a pending certificate request and download the certificate and save it as certnew.cer.
At Exchange Management Shell:
[PS] D:\>Import-ExchangeCertificate -Path C:\certnew.cer Enable-exchangeCertificate -Services smtp
===
Do the same procedure for W2008.areyou.com computer.
====
At Canada.itsme.com,
create a user: itsme\smart and add it to the Exchange Servers universal group.
Create a Send Connector with Internal Type, Address Space: Areyou.com, Smart Host:w2008.areyou.com, authentication as shown:
========At W2008.itsme.com,
create a user: areyou\smart and add it to the Exchange Servers universal group.
Create Send Connector with Internal type, Address Space:Itsme.com, Smart Host:canada.itsme.com, authentication as shown above.
===
When a mail user from areyou.com domain sends mail to itsme.com domain, the TLS will be used. How can you tell? Try to remove the Trusted Certificate Authority from the Local Computer Store; mail flow is broken. That means the mail will not flow to other side.
