[Last Call] Learn how to a build a cloud-first strategyRegister Now


OWA receive warning error after add second CAS exchange Server

Posted on 2009-04-28
Medium Priority
Last Modified: 2012-05-06

We have 1 cas server with client access role and second server with the mailbox and hub role. After we added a second CAS server we received a warning certificate using OWA:
"Information in you exchange with this site cannot be viewed or chaged by other.However, there is a problem with the site's security certificate...."
The new FQDN for the new CAS server is not added in the current multiple certificates name.Do  I need just add the new alternative name to the certificate for the new CAS or there are additional steps that I need to check?

Thanks for your help

Question by:CGNET-TE
  • 3
  • 2

Expert Comment

ID: 24255635

If i am not wrong then the second CAS server also is installed with the Mailbox and HUB role where as the First CAS server is a dedicated CAS server and we have the certificate installed on the first cas server and mailboxes are on the second cas server. And the URL webmail.domain.com is pointed to the First CAS server.

If this is the case then you don't have to add the second CAS servers name in the certificate. You can run the following commands on the Exchange Management Shell of the First CAS Server and that should do the trick
Set-OwaVirtualDirectory -Identity "OWA (Default Web Site)" -InternalURL https://FirstCAS.domain.com/owa
Set-OwaVirtualDirectory -Identity "OWA (Default Web Site)" -ExternalURL https://webmail.domain.com/owa

On the Second CAS server enable Integrated Windows Authentication for OWA, Exchange and Public Virtual Directories.


Author Comment

ID: 24263878
Thanks for you reply Imran,

We installed a seconf CAS server but it only hold the CLient access role. The mailbox and hub role are located on other server. It mean now we have two CAS servers ( with Client access role) and other server with hub and mailbox role.
The certificates are pointed to the first cas server.Sonething like that:
DNS Name=xname1.com
DNS Name=www.xname1.com
DNS Name=xnamecas1
DNS Name=xnamecas1.organiz.com
DNS Name=autodiscover.xname1.com
DNS Name=outlook.xname1.com
 Only the first CAS name is listed


Expert Comment

ID: 24264229
I have a question is there a specific reason for deploying a Second server with only the CAS role in the Organization. Are these 2 severs in the same AD site. IF yes then I believe that the second CAS will be of no use. And also if the requests are hitting the First CAS that is xnameCAS1 that has all the roles installed and you want to do proxying between these 2 CAS servers then that would not work but redirection would still work.

I just want to know what is it that we are trying to achieve

Author Comment

ID: 24264359
Thanks for you reply. We are planiing to implement load balancing with the two cas server. Those two servers are located in the same AD site. The new second cas located in diferent site but in the same AD site. We want to avoid the current error warning received for OWA users  also the activesync user stopped to work after we enabled the second CAS server. The OWA error is asking for the second CAS name in the certificate.

 "Information in you exchange with this site cannot be viewed or chaged by other.However, there is a problem with the site's security certificate...."

Accepted Solution

ikshf143 earned 1500 total points
ID: 24264723
You must be trying to get to your mailbox using the Second CAS server name so it gives the certificate error. To resolve that you would have to include the second server name on the certificate.

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses
Course of the Month17 days, 18 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question