Sorry, should clarify that too, we do use split DNS – internal clients point to internal DNS with internal IP’s, external to external DNS server with public IPs.
From: [email protected] [mailto:[email protected]] On Behalf Of Steve Ens Sent: Friday, September 04, 2015 8:40 AM To: [email protected] Subject: Re: [Exchange] RE: Exchange 2010 and Cert's I used split brain DNS and that took care of certificate issues. On Fri, Sep 4, 2015 at 8:16 AM Doug Barrett <[email protected]<mailto:[email protected]>> wrote: Oops - clarification on the internal IP’s From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Doug Barrett Sent: Friday, September 04, 2015 8:05 AM To: [email protected]<mailto:[email protected]> Subject: [Exchange] RE: Exchange 2010 and Cert's Internal Outlook clients only. Clients are Outlook 2010, don’t have 2013 rolled out yet. OWA and mobile devices work fine. Internal DNS: .local domain: A webmail.domain.local (internal CAS IP) A <CASserver>.domain.local (internal CAS IP) A <DBserver>.domain.local (internal DB IP) SRV _autodiscover._tcp.domain.local (internal CAS IP, 443) .com domain: A webmail.domain.com<http://webmail.domain.com> (internal CAS IP) A autodiscover.domain.com<http://autodiscover.domain.com> (internal CAS IP) A <CASserver>.domain.com<http://domain.com> (internal CAS IP) SRV _autodiscover._tcp.domain.local (internal CAS IP, 443) From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Joseph L. Casale Sent: Thursday, September 03, 2015 7:54 PM To: '[email protected]<mailto:[email protected]>' Subject: [Exchange] RE: Exchange 2010 and Cert's Internal or external clients, or both? You also don’t mention how your dns is now setup. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Doug Barrett Sent: Thursday, September 3, 2015 2:26 PM To: [email protected]<mailto:[email protected]> Subject: [Exchange] Exchange 2010 and Cert's Environment is Exchange 2010 SP3 UR10, single CAS and single DB server (2 physical servers), 2008 R2. We’ve been fighting for a few weeks now trying to get away from our previous internal & external named SAN cert to the new standard external only, but have hit a road block. We’ve changed or verified all 6 (or is it 7, can’t remember) of the suggested settings (AutodiscoverServiceInternalUri, OABVirtualDirectory, WebServicesVirtualDirectory, etc.) – all now show the external .com domain listed. However, when switching to the new cert, users get the pop-up “name on the cert is invalid or does not match..”. [cid:[email protected]] My question, when this was set up, a CAS array was never configured and the RpcClientAccessServer setting on the database is set to the internal .local name. A) Should we configure an array as is recommended by MS B) Should the RpcClientAccessServer be the .com domain in the cert, and C) Would A, B, or both plus an Outlook profile repair/recreate solve this issue? Looking for any ideas.
