cbitsupport
asked on
Client Access Array Problem / Outlook Certificate Error
I have a 3 site Exchange environment setup with a large DAG between them. In Site 2 there are 2 CAS servers, one for normal traffic, one for OWA. I have the normal one setup in a CAS Array, but because they are both in the same site so OWA server shows up in the CAS Array. I know everything I have read online says that Outlook only connects to the NLB server, which is the normal CAS server. But I am getting certificate errors from Outlook because it says the OWA server's cert doesn't match the server name. The OWA cert is for the external facing name. How can I either take this server out of the array so that Outlook will not connect to it internally, or re-configure the cert to have both names?? This is an Entrust cert, not a self-signed.
Thank you.
Thank you.
ASKER
My URLs are listed as follows for the OWA server:
Get-ClientAccessServer -Identity OWA01 -AutodiscoverServiceIntern
Get-WebServicesVirtualDire
https://owa01.domain.local/EWS/Exchange.asmx
Get-OABVirtualDirectory -Identity "OWA01\oab (Default Web Site)" -InternalUrI http://owa01.domain.local/OAB
The cert is issued to mail.externaldomain.com This is how they are currently set, how should they be set?? Thank you.
Get-ClientAccessServer -Identity OWA01 -AutodiscoverServiceIntern
Get-WebServicesVirtualDire
https://owa01.domain.local/EWS/Exchange.asmx
Get-OABVirtualDirectory -Identity "OWA01\oab (Default Web Site)" -InternalUrI http://owa01.domain.local/OAB
The cert is issued to mail.externaldomain.com This is how they are currently set, how should they be set?? Thank you.
ASKER
I should have mentioned in the last post that the error from Outlook says invalid cert on OWA01.domain.local
Got it
Check this http://blogs.technet.com/b/exchange/archive/2008/09/29/3406352.aspx the 2 senarios mentioned is inline with what u face..
if u have any query regarding the command refer this http://technet.microsoft.com/en-us/library/bb123683.aspx
Check this http://blogs.technet.com/b/exchange/archive/2008/09/29/3406352.aspx the 2 senarios mentioned is inline with what u face..
if u have any query regarding the command refer this http://technet.microsoft.com/en-us/library/bb123683.aspx
ASKER
I have read through that article a few times but I am not seeing exactly what I need to change, that is more about set-outlookprovider and Outlook Anywhere, which I am not using.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This issue was not resolved sucessfully.
u cant change CAS array so that one cas server gets removed from the CAS array
So u can either
u can try by changing the IP address so that NLB cant contact the one that is for OWA. so it is always forced to contact the one that is for outlook
or
change the URLS by following Microsoft KB 940726.