Exchange 2010 SP2. 2 A/P DAG members. Only 2 mailboxes on the server for now.
I ran into an issue yesterday when I setup my webservices URL to my CASArray name. Since the CASArray name was not present on my SAN Certificate the 2 Outlook users started getting the certificate error: "the name of the security ceritificate is invalid or does not match the name of the site" .
To resolve this issue I removed the CASArray name and added a name "webmail.domain.com" as the casarray name which is present on my SAN Certificate and it is also the name of the NLB. This resolved the issue.
Concern now I have is that my CASArray name is also resolvable from the internet and I know this is not good practise and may slow down Outlook or Outlook Anywhere access. Currently I only have 2 mailboxes. We don't use Outlook anywhere and don't plan to use it.
Should I use a different name for CASArray name or I will be ok? I can use Autodiscover.domain.com as my CASArray name since it is also on the SAN Certificate.
I also read that the CASArray name should not be present on the SAN certificate ...but I am finding this information to be untrue.
The CAS Array Name (I am referring to the Fqdn attribute when you run Get-ClientAccessArray) is only used for MAPI/RPC. This does not use SSL and does not require a certificate.
Your web services URL should match your OWA URL, it should not match your CAS Array Name.
Michael D'Angelo (former)MVP-MIIS, Pace University Senior Systems Administrator (Windows)(MS)NMDANGE PhoeniX WorX Systems Administrator. If you play Total Annihilation, please join us. http://www.phoenixworx.org
Any luck? Otherwise, I can confirm that you do not need the name of the CAS Array on the cert for the reason Michael already gave. This has been discussed more than once in the Exchange Technet forums and while anyone can make a mistake, that would be a lot fo Exchange MVPs (like Simon Butler) who are wrong on this.
I had my CASArray named CASArray.mydomain.com and the Outlook Users started getting this dialog box "the name of the security ceritificate is invalid or does not match the name of the site". - This name is not on the SAN Certificate.
Then I removed the CASArray and changed my CASArray name to Autodiscover.mydomain.com ..... since this name is on my SAN Certificate the users are fine now. No Certificate errors.