A couple of years ago we set up an Exchange 2010 environment with 2 client access servers in a cas array. Everything has been ok until our self signed SAN certificate expired. Microsoft assisted us with the CAS array setup so I followed the same instruction the tech used first time around (see below):
-Checked Certificate on both the CAS servers named CAS01 & CAS02, found different self signed certificate installed.
-So to create new certificate, we Installed Certificate services on DC01 Domain Controller.
-Ran below command in Exchange management shell to create certificate request file
Set-Content -path ".\exchange_domain_org_uk.txt" -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=GB, s=London, l=London, o=Company, ou=IT, cn=exchange.domain.org.uk" -DomainName CAS01, CAS01.domain.org.uk, CAS02, CAS02.domain.org.uk, CASARRAY, CASARRAY.domain.ORG.UK, Autodiscover.domain.org.uk, Autodiscover.domain2.org.uk, exchange.domain.org.uk -PrivateKeyExportable $True)
-Created new private UCC certificate as per below,
Issued to: exchange.domain.org.uk
Issued by: domain.org.uk
After doing this we still had issues where the Outlook clients were using the expired certificate so they were getting warning popups when they started Outlook so I removed the old certs.
Now when you start Outlook it won't open at all and says Exchange is unavailable. I've done a workaround where I amended the DNS record for CASARRAY from its cluster IP to the IP of one of the individual cas servers and users are at least able to connect but I seriously need help in figuring out what went wrong with the CAS array?
Any help would be much appreciated? Thanks.