creating virtual directories in exchange 2010 wailhaving CAS array
-
9. června 2012 14:45
i am upgrading exchange 2003 to 2010 and in the final stage
my question is regarding this link
http://support.micurosoft.com/kb/940726
in the commands mentioned to solve the cert issue,if i have CAS array should i but the cas array name, since i have it in my cert as a SAN
i.e. my cas array name (abc-cas.intra.domain.com)
Set-ClientAccessServer -Identity <var>CAS_Server_Name</var> -AutodiscoverServiceInternalUri https://<var>mail</var>.contoso.com/autodiscover/autodiscover.xml
should i but mail.domain.com, which is also in my SAN or the cas array name
same question regarding the below commands
in the internal UR/Uri should i put the names of each CAS server ot just the cas array
Get-AutodiscoverVirtualDirectory -Server ALJS022 | Set-AutodiscoverVirtualDirectory –InternalUrl "https://aljs-cas.intra.sasref.com.sa/Autodiscover/Autodiscover.xml"
Get-ClientAccessServer -Identity ALJS022 | Set-ClientAccessServer –AutodiscoverServiceInternalUri "https://aljs-cas.intra.sasref.com.sa/Autodiscover/Autodiscover.xml"
Get-WebservicesVirtualDirectory -Server ALJS022 | Set-WebservicesVirtualDirectory –InternalUrl "https://aljs-cas.intra.sasref.com.sa/Ews/Exchange.asmx"
Get-OabVirtualDirectory -Server ALJS022 | Set-OabVirtualDirectory –InternalUrl "https://aljs-cas.intra.sasref.com.sa/Oab"
Get-OwaVirtualDirectory -Server ALJS022 | Set-OwaVirtualDirectory –InternalUrl "https://aljs-cas.intra.sasref.com.sa/Owa"
Get-EcpVirtualDirectory -Server ALJS022 | Set-EcpVirtualDirectory –InternalUrl "https://aljs-cas.intra.sasref.com.sa/Ecp"
Get-ActiveSyncVirtualDirectory -Server ALJS022 | Set-ActiveSyncVirtualDirectory -InternalUrl "https://aljs-cas.intra.sasref.com.sa/Microsoft-Server-ActiveSync"
Všechny reakce
-
9. června 2012 15:53Moderátor
I'm not exactly understand the questions even after 2-3 readings. Anyway I think you are asking about the SAN certificate requirement
The SAN Certificate should include the following urls only:
1. owa url
2. autodiscover url
You don't need to put the CAS server names or cas array name in the certificate
Regards from www.windowsadmin.info | www.blog.windowsadmin.info
-
9. června 2012 16:11
i think you are wrong because the users will connect to outlook using the CAS array name and exchange 2010 by default requires certificates for outlook communication and i don not want t use the self-signed
my question is when i configure the internal links for my OWA, active sync, OAB,... should i use the server name in the link - default - or use the CAS array name in the link
-
9. června 2012 16:25Moderátor
The cas array name doesn't have any certificate as per my knowledge. Users can be connected through owa
CAS array name is only required and not the CAS array server names
Regards from www.windowsadmin.info | www.blog.windowsadmin.info
-
9. června 2012 19:12
You can either use Exchange Server Name or CAS Array Name but ultimately the entry should be present in the Certificate inorder to avoid the certificate prompt in the client. Hope this clarifies you.
Regards
Sathya
- Označen jako odpověď MAHER0 11. června 2012 9:39
-
10. června 2012 8:30
thank you
i did configure it on the CAS array link name which i have already in my Certificate SAN
now the strange thing that the outlook client is going to the old Cert configured for the old exchange env.
i think that is because my mail link mail.abc.domain.com is pointing to the old FE server
once i clear this as well, i wll be able to config that the cas-array name configuration worked
-
11. června 2012 9:39
well thanks once more i have confirmed now, this is the answer i needed
regards
-
11. června 2012 19:57
Couple of items just to be crystal clear.
Be VERY clear in your mind about the protocols and services that we are discussing. Do not just say that all traffic goes to CasArray - you need to differentiate between HTTPS and RPC traffic.
We do not need the CASArray name to be on the certificate for the purposes of RPC Client access. Outlook uses APIs contained in the underlying OS to do the encryption. For HTTPS traffic a certificate is needed for the encryption.
Now, if you use a single namespace for all services, i.e. mail.contoso.com is used for all URLs and the DNS name for CASArray, then that name will be on the certificate but it is not there for the purposes of the CasArray. Remember CASArray is only for RPC Client access.
As to what names need to be on the certificate that is determined by your design --
Understanding Client Access Server Namespaces
http://technet.microsoft.com/en-us/library/dd351198.aspx
Cheers, Rhoderick NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
-
13. června 2012 4:49
In addition to Rhoderick's excellent post, please take a few minutes to read these blog entries as it will help clear up the confusion regarding CAS Array Object names and SSL certificates (and more).
http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx
http://blogs.technet.com/b/exchange/archive/2012/03/28/demystifying-the-cas-array-object-part-2.aspx
Program Manager, Exchange Customer Advisory Team
MCSA 2000/2003
MCTS: Win Server 2008 AD, Configuration MCTS: Win Server 2008 Network Infrastructure, Configuration
MCITP: Enterprise Messaging Administrator 2010
Former Microsoft MVP, Exchange Server
NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
.png)
