Exchange 2013, Lync 2013, PKI,

http://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx?PageIndex=2&wa=wsignin1.0&CommentPosted=true

Hi,

I would like to implement this 2-tier PKI, but for Windows Server 2012 R2 & Windows 8.1 ENT.
I tried to do the win2013 pki but it failed to validate Exchange 2013 certificate, and a lot more problems, but this article seem very stable and working.

Just a few questions:

this is just for test, my setup will be:

External Domain: test2013.cu.cc   (free cu.cc domain)
                             name servers: NS1.he.net to NS5.he.net

External Domain: test2013.com (secondary domain, not really needed, from godaddy.com)
                             A   72.252.214.6
                             MX 5 mail2.test2013.com
                   mail2  A  72.252.214.7
                   7        PTR mail2
                   6        PTR test2013.com

External DNS: dns.he.net (free from he.com. Control all dns stuff for test2013.cu.cc)
          test2013.cu.cc  A  72.252.214.6
                          MX 5 mail.test2013.cu.cc
                          TXT "v=sfp1 mx ipv4:72.252.214.7 mx:test2013.cu.cc mx:test2013.com -all"
                          SPF "v=sfp1 mx ipv4:72.252.214.7 mx:test2013.cu.cc mx:test2013.com -all"
          mail            A 72.252.214.7
        # 72.252.214 rdns (reverse dns use standard octet)
         6                 PTR  test2013.cu.cc
         7                 PTR  mail.test2013.cu.cc

Internal Domain: test2013.lan
                            A   192.168.0.3
                            NS 192.168.0.3
                            MX  5 mail.test2013.lan
               mail   A     192.168.0.5
               DC1     A   192.168.0.3
               APP1  A   192.168.0.4
               firewall  A  192.168.0.1
               lync1    A   192.168.0.6
              lync2    A    192.168.0.7

Software used:
Windows Server 2012 R2
Exchange 2013
Lync 2013

VM1 = firewall (clears 5.2)   nic1=72.252.214.6 nic2=72.252.214.7 nic3=192.168.0.1
VM2 = DC1 (AD/DOMAIN/DNS/DHCP) nic1=192.168.0.3
VM3 = CA (offline CA) nic1=192.168.0.2 (not connected)
VM4 = APP1 (Issuing CA) nic1=192.168.0.4
VM5 = mail (Exchange 2013 CU3) nic1=192.168.0.5
VM6 = lync1 (Lync 2013 front server) nic1=192.168.0.6
VM7 = lync2 (Lync 2013 edge server) nic1=192.168.0.7 nic2=72.252.214.8

How do I setup this infrastructure with all info information provided.
How to make Exchange 2013 and Lync 2013 live as one on this network.
How to pass mxtoolbox.com  spf-test, smtp-test, reverse-dns-test  and spam-test.
How to make Exchange 2013 send all emails immediately, and not put it in draft when you click send.
How to make exchange 2013 & Lync 2013 certificate from the PKI setup VALID.
How to make external user access there mailbox using outlook 2013.
How to make external user access there lync account using lync client & outlook 2013.

How to fix "Move to DRAF, when click on send" ?