I used split brain DNS and that took care of certificate issues. On Fri, Sep 4, 2015 at 8:16 AM Doug Barrett <[email protected]> wrote:
> Oops - clarification on the internal IP’s > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Doug Barrett > *Sent:* Friday, September 04, 2015 8:05 AM > > > *To:* [email protected] > *Subject:* [Exchange] RE: Exchange 2010 and Cert's > > > > Internal Outlook clients only. Clients are Outlook 2010, don’t have 2013 > rolled out yet. OWA and mobile devices work fine. > > > > Internal DNS: > > > > .local domain: > > A webmail.domain.local (internal CAS IP) > > A <CASserver>.domain.local (internal CAS IP) > > A <DBserver>.domain.local (internal DB IP) > > SRV _autodiscover*.*_tcp.domain.local (internal CAS > IP, 443) > > > > .com domain: > > A webmail.domain.com (internal CAS IP) > > A autodiscover.domain.com (internal CAS IP) > > A <CASserver>.domain.com (internal CAS IP) > > SRV _autodiscover*.*_tcp.domain.local (internal CAS > IP, 443) > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Joseph L. Casale > *Sent:* Thursday, September 03, 2015 7:54 PM > *To:* '[email protected]' > *Subject:* [Exchange] RE: Exchange 2010 and Cert's > > > > Internal or external clients, or both? You also don’t mention how your dns > is now setup. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Doug Barrett > *Sent:* Thursday, September 3, 2015 2:26 PM > *To:* [email protected] > *Subject:* [Exchange] Exchange 2010 and Cert's > > > > Environment is Exchange 2010 SP3 UR10, single CAS and single DB server (2 > physical servers), 2008 R2. > > > > We’ve been fighting for a few weeks now trying to get away from our > previous internal & external named SAN cert to the new standard external > only, but have hit a road block. We’ve changed or verified all 6 (or is it > 7, can’t remember) of the suggested settings > (AutodiscoverServiceInternalUri, OABVirtualDirectory, > WebServicesVirtualDirectory, etc.) – all now show the external .com domain > listed. However, when switching to the new cert, users get the pop-up > “name on the cert is invalid or does not match..”. > > > > > > My question, when this was set up, a CAS array was never configured and > the RpcClientAccessServer setting on the database is set to the internal > .local name. > > > > A) Should we configure an array as is recommended by MS > > B) Should the RpcClientAccessServer be the .com domain in the cert, and > > C) Would A, B, or both plus an Outlook profile repair/recreate solve this > issue? > > > > Looking for any ideas. >
