###BeginCaseStudy###
Testlet 1
Topic 2, Contoso Ltd
Overview
General Overview
Contoso, Ltd., is a scientific research and supply company that has offices along the east coast of
North America. The company recently completed an upgrade to Exchange Server 2013.
Physical Locations
The company has three sales offices and a research office. The sales offices are located in
Atlanta, New York, and Montreal. The research office is located in Miami.
Existing Environment
Existing Environment
Active Directory Environment
The network contains one Active Directory forest named contoso.com. The Miami office has its own domain
named research.contoso.com.
Each office is configured as an Active Directory site. Each site contains two domain controllers that run
Windows Server 2008 R2 x64. All of the FSMO roles for contoso.com are owned by a domain controller in the
New York site. All of the FSMO roles for the research.contoso.com domain are owned by a domain controller in
the Miami site.
One domain controller in each site is configured as a global catalog server. All of the domain controllers are
configured as DNS servers.
The functional level of the forest and domains is Windows Server 2008 R2.
Network Infrastructure
All client computers are configured to connect to the DNS servers in their respective office only.
Contoso.com has a standalone certification authority (CA) on a server that runs Windows Server 2008 R2.
All offices connect to the New York office by using a high-speed WAN link.
Email Infrastructure
The Exchange Server 2013 organization contains four servers in the New York office. The servers are
configured as shown in the following table.
All external access for the contoso.com organization is provided through an Internet link at the New York office.
Load balancing is provided by using DNS round robin. All inbound and outbound email for the domain is routed
through a mail appliance in the New York office.The Exchange Server 2013 organization contains four servers in the Atlanta office. The servers are configured
as shown in the following table.
The file share witness for NY-DAG is on a file server in the Atlanta office.
The Exchange Server 2013 organization contains two servers in the Montreal office and two servers in the
Miami office. The servers are configured as shown the following table.
All external access to the organization of the research.contoso.com domain is provided through the Internet link
at the Miami office. Load balancing is provided by using DNS round robin. All inbound and outbound email for
the domain goes through an email appliance in the Miami office.
All Exchange Server 2013 servers run Windows Server 2012 Standard.
All users have Windows Phone devices that connect to the Exchange organization by using Exchange
ActiveSync.
User Issues
You discover the following user issues:
Some users report that, intermittently, they fail to connect to their email from their Windows Phone device.
Some users from the New York office report that some searches from Outlook Web App return incomplete
results.
Some of the users in each office report that they fail to access their mailbox during the maintenance period
of the Active Directory domain controllers.
You verify that all of the remote users can connect to the network successfully by using a VPN connection, and
can then launch Outlook successfully.
Partnerships
Contoso recently entered into a partnership with a company named A. Datum Corporation. A Datum has a main office and four branch offices. The main office is located in Toronto.
A Datum has a messaging infrastructure configured as shown in the following table.
Requirements
Planned Changes
Contoso plans to deploy a hardware load balancer in the New York office. The load balancer must bridge all
SSL connections to the Exchange servers.
You plan to deploy two new Exchange Server 2013 servers in a virtual server environment in the Miami office.
The servers will host a few mailboxes as part of an evaluation of resource utilization for virtualized Exchange
servers.
You also plan to deploy a high availability solution for Mailbox servers in the
You plan to replace the email appliance in New York because of recent power outages.
Business Requirements
Contoso identifies the following business requirements:
Minimize the hardware costs required for a load balancing solution.
Minimize the software costs required for a load balancing solution.
Minimize user interruptions if a service fails on a Mailbox server.
Minimize user interruptions if a service fails on a Client Access server.
###EndCaseStudy###
HOTSPOT
You discover that one of the Client Access servers in the New York office does not trust the standalone CA.
You need to ensure that all of the users who have Windows Phone devices can connect successfully to their
mailbox.
In which node should you install the root CA certificate?
To answer, select the appropriate node in the answer area.
Hot Area:
Answer: 
Explanation:
Root certificate
If you’re using a self-signed certificate or a certificate authority (CA)-issued certificate that is not preinstalled in
the Trusted Root Certification Authorities store of your devices, you’ll have to manually install it before your
device can work with a Secure Sockets Layer (SSL)-enabled server.
Trusted Root Certification Authorities
Because the certificate is self signed, Internet explorer will automatically install it in the Trusted root Certificate
Authority list.
If you use a certification authority (CA) to issue smart card login or domain controller certificates, you must add
the root certificate to the Trusted Root Certification Authorities group policy in Active Directory
If you’re using a self-signed certificate or a certificate authority (CA)-issued certificate that is not preinstalled in
the Trusted Root Certification Authorities store of your devices, you’ll have to manually install it before your
device can work with a Secure Sockets Layer (SSL)-enabled server.
http://resources.arcgis.com/en/help/windows-mobile/app/index.html#//007v00000029000000
Install a certificate on a Windows or a Windows Mobile device
Install a certificate on a Windows device
Steps:
Browse to the location where you have exported the certificate to, then double-click the certificate file.
The Certificate window appears, click Install Certificate.
The Certificate Import Wizard window appears, click Next, on the next page choose the Place all certificate in
the following store option, and click Browse.
The Select Certificate Store window appears, select Trusted Root Certificate Authorities, and click OK.
Click Next and Finish in the next two screens to close the wizard and complete the process.Click Yes on the security warning to install the certificate.
Click OK to dismiss the Certificate window.
One problem with self-signed and PKI-based certificates is that, because the certificate is not automatically
trusted by the client computer or mobile device, you must make sure that you import the certificate into the
trusted root certificate store on client computers and devices.
Digital Certificates and SSL: Exchange 2013 Help
Installing a root certificate