How modify existing Exchange 2010 Client Access Array?


Imagine 3 exchanges servers with the DAG roles setup. The client access array has been setup but with the external FQDN instead of the internal which causes some troubles to setup a certificate for Outlook Anywhere.

Is it a way to modify the existing Client Access Array name for an internal FQDN (the DAG FQDN in fact) ? If yes, what are the consequences and risks?

Last info, servers are in production.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi David

It is very easy to change the cas array name or even to delete it and create a new one

however the cas array name is not related in anyway to the certificate and it doesn't have an internal and external fqdn so I am not sure i follow you

finally the risks are that you will have client disconnection at a point in time
I would look at the Set-ClientAccessArray command.. specifically internally you will want to set the AutoDiscoverInternalUri

This sets up a Service Connection Point in AD - which is the first point of contact for a domain-joined workstation internally.
David_PazosAuthor Commented:
Thanks for your answers.

Akhater, can you please give me more details on the commands? Regarding your question, here is the config. The CAS Array has the same name as the Outlook Anywhere. On the server, there is 2 SSL. One only internally that came with the server containing the server name only and I bought with the FQDN external name that matches with CAS Array and Outlook Anywhere.

Now the problem is, if I add to the FQDN external SSL the IIS connection, all the computers internally ask to validate the new certificate at each logon and that is messy.

If you think that there is other thing to be done, please feel free to let me know =)
Set-ClientAccessArray "name" -fqdn to change the fqdn

what i mean is that outlook connect to the cas array name using MAPI protocol and not https so it doesn't matter if your cas array name is in the certificate or not you should not get the certificate warning.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David_PazosAuthor Commented:
I see. I'll investigate then after changing this. I'll have a clear view.

Thanks for your help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.