Solved

Exchange 2010 SAN certifice

Posted on 2011-02-24
18
240 Views
Last Modified: 2012-05-11
I'm getting my SAN certificate soon and I need to confirm that I'm doing it right

MY Ineternet Name: ACME.COM

My AD: N.ACME.COM

My Exchange 2010 Server: Mail.IN.ACME.COM

MY CAS Is internat Faceing: OWA.ACME.ORG

We will be doing DAG but in the future. We will be adding another CAS server under the ACME.COM Domain. I do not know what the name of that server will be at this time.

I understand that I need the following info on the SAN:

owa.domain.com
autodiscover.domain.com
CAS server FQDN
CAS server name

In my case I assume that the info on my SAN should look like this then:

OWA.ACME.COM
autodiscover.ACME.COM
MAIL.IN.ACME.COM
MAIL

Is the above correct? What about the Cas servers that I will use in the future what can I do about that?



0
Comment
Question by:iamuser
  • 10
  • 6
  • 2
18 Comments
 
LVL 74

Accepted Solution

by:
Glen Knight earned 334 total points
Comment Utility
OK, what you need is:

OWA.ACME.COM (the OWA URL)
autodiscover.ACME.COM (Tha acme.com here must be what is used after the @ in the primary email address)
MAIL.IN.ACME.COM (the internal fully qualified domain name of your server)
MAIL (some recomend this, I have never added it to mine and have never experienced a problem)
0
 

Author Comment

by:iamuser
Comment Utility
So when we add more Cas servers in the future will we have to update the SAN or get another SAN?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
yes, some SSL providers will allow you to re-key your certificate, others you may have to buy a new one.
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 166 total points
Comment Utility
you do not need the name of your internal CAS servers what you should do is create a CAS array and add the name of the  cas array to the SAN certificate. all new servers you add in this site will be in the same cas array and you will not need to rekey your certificate nor add anything to it.

if you are having another site then it is another issue
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
I wouldn't suggest you create a CAS array with only a single CAS server.

You can easily rekey your certificate later.  This is of course assuming you are talking about CAS Arrays
0
 
LVL 49

Expert Comment

by:Akhater
Comment Utility
I'd have to disagree, creating a cas array even with a single server is the way to go since creating it later will not make outlook clients that are already configured to change from the cas server name to the cas array name and all these clienets will not benefit from the cas array

0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
Where does the author of this question mention CAS Arrays?
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
It's also very easy to update the CAS Array setting for the users with EMS.

I'd be suprised if a single server CAS Array is a supported configuration.
0
 
LVL 49

Expert Comment

by:Akhater
Comment Utility
the author doesn't ask about CAS arrays I am just explaining that by creating one the problem is solved and a singel CAS array config is of course supported I've done it countless times.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
because it works, doesn't mean it's supported.  Supported means if something doesn't work and you need to phone PSS then they will help you.
0
 

Author Comment

by:iamuser
Comment Utility
What the heck is the Cas array? I have no idea what that is can someone explain?

We are planning to do a DAG in the new future but we don't know how many Cas servers are going to be added. This is definite

0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 334 total points
Comment Utility
A CASArray is 2 or more CAS Servers configured with a load Callander to provide high availability.

It's very different from a DAG.

I would ignore it completely until such a time comesxwhen you have more than one CAS server.
0
 
LVL 49

Expert Comment

by:Akhater
Comment Utility
When you are working with Exchange 2010 and you are buidling a redundant environment a CAS array will be the cluster of your CAS servers. they will all have the same virtual name and you do a NLB (Network Load Balancing") between them to give you High Availability on the CAS side


Now, as I have explained before, the issue is that if you start your configuration with just one CAS server and you do not build a CAS array all your outlook clients will be configured to connect to the CAS server name. Then when you decide to add a second CAS server & create your CAS array Outlook configuration for clients that are already configured will NOT change automatically to the CAS array name. That means that your second CAS server will not be used by any existing client unless you change the config manually on all already existing outlook clients.

For that reason, leaving the certificate apart which comes in as a bonus, I recommend to always create a CAS array in the start, the first thing with your setup even if you have only one server. in that manner all outlook clients will connect to the CAS array name from the start and you can seamlessly add CAS servers as you go.


Hope it helps
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
>>Then when you decide to add a second CAS server & create your CAS array Outlook configuration for clients that are already configured will NOT change automatically to the CAS array name

Outlook will not change automatically BUT it's very easy to change it so it does by using the Exchange Managenent Shell.

As I already mentioned, I would be very surprised if a single server CAS array is actually a supported configuration.
0
 
LVL 49

Expert Comment

by:Akhater
Comment Utility
>>>Outlook will not change automatically BUT it's very easy to change it so it does by using the Exchange Managenent Shell. <<<


You will change it on Exchange it will NOT affect the outlook clients! and as I already said it is supported, call MS and ask

0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
We will have to agree to disagree, I can find no evidence to suggest it's not a supported configuration and you clearly have no evidence to suggest it is supported.

Just note, that to use DAG and CAS Array correctly you would need a minimum of 4 Exchange servers (2 mailbox & 2 CAS).  If you put the CAS on both mailbox servers you would need to use a hardware load balancer.
0
 
LVL 49

Expert Comment

by:Akhater
Comment Utility
We agree to disagree no problem on the first part


for a DAG and CAS array to work correctly you can do it with 2 servers if you want there is no relation at all between the CAS array and the NLB of the cas servers.
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
Sorry yes I should have been more specific.  I was referring to the actual cluster not the CAS Array.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now