none
creating virtual directories in exchange 2010 wailhaving CAS array

    Dotaz

  • i am upgrading exchange 2003 to 2010 and in the final stage

    my question is regarding this link

    http://support.micurosoft.com/kb/940726 

    in the commands mentioned to solve the cert issue,if i have CAS array should i but the cas array name, since i have it in my cert as a SAN

    i.e. my cas array name (abc-cas.intra.domain.com)

    Set-ClientAccessServer -Identity <var>CAS_Server_Name</var> -AutodiscoverServiceInternalUri https://<var>mail</var>.contoso.com/autodiscover/autodiscover.xml

    should i but mail.domain.com, which is also in my SAN or the cas array name

    same question regarding the below commands

    in the internal UR/Uri should i put the names of each CAS server ot just the cas array

    *      Get-AutodiscoverVirtualDirectory -Server ALJS022 | Set-AutodiscoverVirtualDirectory –InternalUrl "https://aljs-cas.intra.sasref.com.sa/Autodiscover/Autodiscover.xml"

     

    *      Get-ClientAccessServer -Identity ALJS022 | Set-ClientAccessServer –AutodiscoverServiceInternalUri "https://aljs-cas.intra.sasref.com.sa/Autodiscover/Autodiscover.xml"

     

    *      Get-WebservicesVirtualDirectory -Server ALJS022 | Set-WebservicesVirtualDirectory –InternalUrl "https://aljs-cas.intra.sasref.com.sa/Ews/Exchange.asmx"

     

    *      Get-OabVirtualDirectory -Server ALJS022 | Set-OabVirtualDirectory –InternalUrl "https://aljs-cas.intra.sasref.com.sa/Oab"

     

    *      Get-OwaVirtualDirectory -Server ALJS022 | Set-OwaVirtualDirectory –InternalUrl "https://aljs-cas.intra.sasref.com.sa/Owa"

     

    *      Get-EcpVirtualDirectory -Server ALJS022 | Set-EcpVirtualDirectory –InternalUrl "https://aljs-cas.intra.sasref.com.sa/Ecp"

     

    *      Get-ActiveSyncVirtualDirectory -Server ALJS022 | Set-ActiveSyncVirtualDirectory -InternalUrl "https://aljs-cas.intra.sasref.com.sa/Microsoft-Server-ActiveSync"

    9. června 2012 14:45

Odpovědi

  • You can either use Exchange Server Name or CAS Array Name but ultimately the entry should be present in the Certificate inorder to avoid the certificate prompt in the client. Hope this clarifies you.

    Regards

    Sathya

    • Označen jako odpověď MAHER0 11. června 2012 9:39
    9. června 2012 19:12

Všechny reakce

  • I'm not exactly understand the questions even after 2-3 readings. Anyway I think you are asking about the SAN certificate requirement

    The SAN Certificate should include the following urls only:

    1. owa url

    2. autodiscover url

    You don't need to put the CAS server names or cas array name in the certificate


    Regards from www.windowsadmin.info | www.blog.windowsadmin.info

    9. června 2012 15:53
    Moderátor
  • i think you are wrong  because the users will connect to outlook using the CAS array name and exchange 2010 by default requires certificates for outlook communication and i don not want t use the self-signed 

    my question is when i configure the internal links for my OWA, active sync, OAB,... should i use the server name in the link - default - or use the CAS array name in the link

    9. června 2012 16:11
  • The cas array name doesn't have any certificate as per my knowledge. Users can be connected through owa

    CAS array name is only required and not the CAS array server names


    Regards from www.windowsadmin.info | www.blog.windowsadmin.info

    9. června 2012 16:25
    Moderátor
  • You can either use Exchange Server Name or CAS Array Name but ultimately the entry should be present in the Certificate inorder to avoid the certificate prompt in the client. Hope this clarifies you.

    Regards

    Sathya

    • Označen jako odpověď MAHER0 11. června 2012 9:39
    9. června 2012 19:12
  • thank you

    i did configure it on the CAS array link name which i have already in my Certificate SAN

    now the strange thing that the outlook client is going to the old Cert configured for the old exchange env.

    i think that is because my mail link mail.abc.domain.com is pointing to the old FE server

    once i clear this as well, i wll be able to config that the cas-array name configuration worked

    10. června 2012 8:30
  • well thanks once more i have confirmed now, this is the answer i needed

    regards

    11. června 2012 9:39
  • Couple of items just to be crystal clear.

    Be VERY clear in your mind about the protocols and services that we are discussing.  Do not just say that all traffic goes to CasArray - you need to differentiate between HTTPS and RPC traffic. 

     

     

    We do not need the CASArray name to be on the certificate for the purposes of RPC Client access.  Outlook uses APIs contained in the underlying OS to do the encryption.  For HTTPS traffic a certificate is needed for the encryption.

     

     

    Now, if you use a single namespace for all services, i.e. mail.contoso.com is used for all URLs and the DNS name for CASArray, then that name will be on the certificate but it is not there for the purposes of the CasArray.  Remember CASArray is only for RPC Client access.

    As to what names need to be on the certificate that is determined by your design --

    Understanding Client Access Server Namespaces

    http://technet.microsoft.com/en-us/library/dd351198.aspx

     

     


    Cheers, Rhoderick NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    11. června 2012 19:57
  • In addition to Rhoderick's excellent post, please take a few minutes to read these blog entries as it will help clear up the confusion regarding CAS Array Object names and SSL certificates (and more).

    http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx

    http://blogs.technet.com/b/exchange/archive/2012/03/28/demystifying-the-cas-array-object-part-2.aspx


    Program Manager, Exchange Customer Advisory Team
    MCSA 2000/2003
    MCTS: Win Server 2008 AD, Configuration MCTS: Win Server 2008 Network Infrastructure, Configuration
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server

    NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    13. června 2012 4:49