We currently are on FIM 2010 R2 SP1 and provisioning against Exchange 2010. When we set this up, we followed the steps to set up SPNs for our CAS array so we could point it at that CAS array name, and not a single server. Like here: http://setspn.blogspot.com/2010/08/exchange-2010-enable-kerberos-on-cas.html
We are not moving to Exchange 2013, and we have a name on our load balancer we would like to use sitting in front of all of our Exchange 2013 servers (ie: webmail.domain.com) RPS would be https://webmail.domian.com/powershell/
However, since webmail isn't any any of the servers default SPNs, you can't use Kerberos to connect to it unless you make a connection to the actually server: https://servername.domain.com/powershell/ (I have tested this using remote power shell from my client)
So my question is, do we need to follow the steps again for Exchange 2013 from the article above to point FIM at our load balancer? Or is this support built in now? I can't find ANY information from Microsoft on configuring FIM for Exchange 2013 provisioning!
- Edited by JasonCarter Wednesday, July 23, 2014 11:13 AM
Saw that post...not what I am looking for. I know how to configure it inside FIM, I was asking about all the work we had to do in 2010 to get it to work against our load balancer if we have to repeat for 2013. I would have to move our SPN to the 13 servers if so. I find it frustrating Microsoft has no documentation on this.
Yes, you would have to repeat all the steps on 2013. They use the same mechanism beneath, so you should configure Exchange 2013 in the same way as Exchange 2010 for FIM.
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.