Exchange 2010 DAG with Outlook client cert warnings
Posted on 2014-08-20
I am creating an Exchange 2010 DAG.
At this point, I have just added the 2nd Exchange 2010 server into the organization with MB, HT, CAS roles.
EX10.mycompany.com - existing Exchange 2010 MB, HT, CAS
EXDAG.mycompany.com - newly added MB, HT, CAS
(note: internal domain is the same valid public domain as the public domain name - "mycompany.com" is just for the purposes of this post)
I have NOT created the DAG, or moved any active mailbox databases to the new server. The new server has a mailbox database (created during install). There is also a Receive connector between the 2 with Exchange Server authentication and permissions.
Outlook Clients are getting certificate warnings about the server name for EXDAG (the new server) when they open Outlook.
I assume this is related to Autodiscover, but I can't see how or why a client would even know EXDAG exists because it is not any of the key names.
I also assume I can export the cert from EX10 and import it to EXDAG, but the cert does *not* have a SAN for EXDAG.
Do I need to rekey the cert to include the internal FQDN of EXDAG?
ex10.mycompany.com -- internal computer fqdn
autodiscover.mycompany.com -- for autodiscover
mail.mycompany.com -- external URL for owa, etc.