Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
 All Forums
 Email, Databases, Sharepoint and more
 Exchange
 CASArray Name and Split-DNS

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
Note: please do not cross-post.
Cross-postings will be deleted and ignored.
Thanks for helping to keep this forum junk-free!
 Check here to subscribe to this topic.
   

T O P I C    R E V I E W
MadCow Posted - 07/10/2012 : 12:41:25 PM
Exchange 2010 SP2. 2 A/P DAG members. Only 2 mailboxes on the server for now.

I ran into an issue yesterday when I setup my webservices URL to my CASArray name. Since the CASArray name was not present on my SAN Certificate the 2 Outlook users started getting the certificate error: "the name of the security ceritificate is invalid or does not match the name of the site" .

To resolve this issue I removed the CASArray name and added a name "webmail.domain.com" as the casarray name which is present on my SAN Certificate and it is also the name of the NLB. This resolved the issue.

Concern now I have is that my CASArray name is also resolvable from the internet and I know this is not good practise and may slow down Outlook or Outlook Anywhere access. Currently I only have 2 mailboxes. We don't use Outlook anywhere and don't plan to use it.

Should I use a different name for CASArray name or I will be ok? I can use Autodiscover.domain.com as my CASArray name since it is also on the SAN Certificate.

I also read that the CASArray name should not be present on the SAN certificate ...but I am finding this information to be untrue.

Advise Please.

Thank you
4   L A T E S T    R E P L I E S    (Newest First)
MadCow Posted - 07/16/2012 : 08:34:25 AM

Thanks All.

I don't tend to disagree with you all.

I had my CASArray named CASArray.mydomain.com and the Outlook Users started getting this dialog box "the name of the security ceritificate is invalid or does not match the name of the site". - This name is not on the SAN Certificate.

Then I removed the CASArray and changed my CASArray name to Autodiscover.mydomain.com ..... since this name is on my SAN Certificate the users are fine now. No Certificate errors.
Jazzy Posted - 07/14/2012 : 03:08:22 AM
You'r both right, MAPI traffic is no SSL so doesn't need a cert.
aval Posted - 07/13/2012 : 7:19:02 PM
Any luck? Otherwise, I can confirm that you do not need the name of the CAS Array on the cert for the reason Michael already gave. This has been discussed more than once in the Exchange Technet forums and while anyone can make a mistake, that would be a lot fo Exchange MVPs (like Simon Butler) who are wrong on this.
NMDANGE Posted - 07/12/2012 : 11:24:08 AM
The CAS Array Name (I am referring to the Fqdn attribute when you run Get-ClientAccessArray) is only used for MAPI/RPC. This does not use SSL and does not require a certificate.

Your web services URL should match your OWA URL, it should not match your CAS Array Name.

Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.09 seconds. Snitz Forums 2000