Link to home
Start Free TrialLog in
Avatar of arghosrho
arghosrho

asked on

Exchange 2010 certificate warning.

Dear Experts.
i have a situation here with an existing exchange 2010 organization.
the system exists of 1 DAG consisting of two servers and 1 CAS server and 1 Edge Server.
all was working fine until we wanted to add HA to the CAS by creating a second CAS.

after creating that second CAS both servers were added to the load balancer and for external mail, all is well without an issue.

the problem happens with the internal mail users. when they get the warning that the name on the security certificate mismatches with the name of the website and it only happens to some users that connect to the new CAS server.

both servers use the same signed certificate for IIS, SMTP , IMAP, POP. but no warning ever come from the old CAS. its only from the new one.

what am i missing here?
Avatar of M A
M A
Flag of United States of America image

Hi arghosrho,
Do you have a CAS Array configured? If you have to configure a CAS Array with these 2 CAS servers. Create an A record points to VIP of load balancer.
https://practical365.com/exchange-server/exchange-server-2010-cas-array/
Please check this article to configure URLs to clear the certificate error. Please configure the same URLs on both servers.
https://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html
Make sure to assign the VIP an A Record that matches the CN or any DNS names listed on the certificate. Then make sure the AD SCP and all Exchange Virtual Directories are configured to use that URL . There should be an option in EMC on the right hand pane when you go to Server Configuration > Client Access that says "Configure External URL" or something similar. Click on that to open a wizard that will help change the URLs for all Directories External settings. You'll also want to make sure the Internal URLs are set right as well. This must be done on both servers in the DAG.
ASKER CERTIFIED SOLUTION
Avatar of Kumar K
Kumar K
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@Kumar
It recommended to have CAS array even if you have only one CAS server. I though of adding this point to the thread as a best practice.
https://blogs.technet.microsoft.com/exchange/2012/03/23/demystifying-the-cas-array-object-part-1/
And thanks for the commands posted though I have clearly mentioned in my article(above).
Avatar of arghosrho
arghosrho

ASKER

solved the issue. thanks KUMAR. u saved the day