Sign in
 
HomeLibraryLearnDownloadsSupportForumsExchange Team News
Exchange Server TechCenter > Exchange Server Forums > Secure Messaging > Exchange 2007 and Certs
Ask a questionAsk a question
Search Forums:
 

AnswerExchange 2007 and Certs

  • Tuesday, January 06, 2009 6:49 PMTedF1 Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Forgive my ignorance, but we're finding the design of certificates confusing.  We are a single domain, single Exchange site, multiple active directory site environment.  We plan on placing a CAS server in each AD site per documentation.

    The question is, how to apply certs within this environment?  If we apply a cert to a given CAS server for autodiscover/OWA, do all clients in all sites refer to that server, and if so, doesn't this respresent a single point of failure should that server fail.

    Moreover, if clients are referred to the one server, why the necessity of having a CAS in each AD site? 

    Help is much appreciated,
    Ted
     

Answers

  • Wednesday, January 07, 2009 3:21 AMAllen SongMSFT, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    Hi,

    Whether there are the mailbox server in each AD site? If that is the fact, CAS server must be deployed. If you were to just have a Mailbox Server role in any given site without a Client Access Server no users would be able to connect to their mailboxes via Outlook Web Access, ActiveSync, Exchange Web Services, POP3 and IMAP4.

    In the Exchange 2007 environment, OWA should be referred to the one CAS since unified namespace can be useful which ascribes to CAS can act as a proxy for other Client Access Servers within the organization.

    For the autodiscover, the client will connect the autodiscover by sorting the SCP based on comparing the client's AD site to the keyword attribute of the SCP record.

    Thus, the certificate name must be matched with the FQDN of each CAS.

    To better understand each knowledge, please refer to the below article which can be helpful.

    Overview of Exchange Server 2007 CAS Proxying and Redirection
    http://msexchangeteam.com/archive/2007/09/04/446918.aspx

    Autodiscover Whitepaper:
    http://technet.microsoft.com/en-us/library/bb332063.aspx

    Thanks

    Allen
     

All Replies

  • Wednesday, January 07, 2009 3:21 AMAllen SongMSFT, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    Hi,

    Whether there are the mailbox server in each AD site? If that is the fact, CAS server must be deployed. If you were to just have a Mailbox Server role in any given site without a Client Access Server no users would be able to connect to their mailboxes via Outlook Web Access, ActiveSync, Exchange Web Services, POP3 and IMAP4.

    In the Exchange 2007 environment, OWA should be referred to the one CAS since unified namespace can be useful which ascribes to CAS can act as a proxy for other Client Access Servers within the organization.

    For the autodiscover, the client will connect the autodiscover by sorting the SCP based on comparing the client's AD site to the keyword attribute of the SCP record.

    Thus, the certificate name must be matched with the FQDN of each CAS.

    To better understand each knowledge, please refer to the below article which can be helpful.

    Overview of Exchange Server 2007 CAS Proxying and Redirection
    http://msexchangeteam.com/archive/2007/09/04/446918.aspx

    Autodiscover Whitepaper:
    http://technet.microsoft.com/en-us/library/bb332063.aspx

    Thanks

    Allen