Exchange 2010 Single Cert conflicts with host and autodiscover

We have two 2010 servers.  EXCHANGE.domain.com is the internal CAS/DB server; ExchangeFE.domain.com is a CAS server that faces the internet.  EXCHANGE has a self-signed cert as EXCHANGE.domain.com; EXCHANGEFE has regular SSL cert named OWA.domain.com.  

When Outlook profiles are configured, they typically show connection to EXCHANGE and use the self-signed cert with no issue.  

The last few days, there have been instances where users open Outlook and are prompted with a EXCHANGEFE --AND-- AUTODISCOVER cert mis-match because that server only has OWA.domain.com cert installed.

How can I force all internal users to only go to EXCHANGE CAS server so that the ExchangeFE does not show EXCHANGEFE and AUTODISCOVER cert errors?

Autodiscover is not available via internet.  We have it internal, but I am OK with turning it OFF and requiring manual Outlook profile configuration.
tcloudAsked:
Who is Participating?
 
pritamshConnect With a Mentor Commented:
Use Same Cert Across organisation.Follow below mentioned article;

http://technet.microsoft.com/en-us/library/bb201695.aspx
0
 
pritamshCommented:
You can user same cert for OWA as well as for Autodiscover but make sure you have same subject name for both for eg; OWA URL : https://abc.xyz.com/owa and AutoDiscover URl : https://abc.xyz.com/autodiscover/autodiscover.xml

If you are using Third party certificate then it will work from internet as well.
0
 
tcloudAuthor Commented:
So I need to set the AutoDiscover URI manually, if so ,where?

How do I keep clients from going to EXCHANGEFE.domain.com?  They should go to EXCHANGE or use the OWA cert on the ExchangeFE server.
0
 
tcloudAuthor Commented:
You were absolutely right, one of my servers still had the https://exchangefe.domain.com/owa listed when it should have been the https://owa.domain.com/owa for which I have a cert.  THANKS!
0
All Courses

From novice to tech pro — start learning today.