Using Publ;ic SSL Cert on CAS servers

Hello all,

We've got 2x exchange 2007 front end servers configured to use CAS and HT 
roles setup in an NLB cluster.

To secure PDA's and OWA we've purchased from Entrust 2x Public Certificates 
to install on both servers.
We've installed one of the certs on one node to test but when connecting to 
the node to use OWA we have the same error regarding having a certificate 
error.  Is there anything else required to make this work?  Our SAN names on 
the certs have only FQDN names of the servers and NLB cluster, do we need a 
single label name on the cert for this to work?.

Any help much appreciated. 


0
Andrew
11/13/2009 2:02:40 PM
exchange.admin 57650 articles. 2 followers. Follow

2 Replies
911 Views

Similar Articles

[PageSpeed] 58

Does the certificate's name or one of its subject alternative names (SANs) 
match the server name in the URL you're using?  Does your client trust the 
issuing authority?  If you enter just the server name, not the fqdn, then 
that has to be a SAN as well.
-- 
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
..

"Andrew Story" <andrewDOTstoryATjameswalkerDOTbiz> wrote in message 
news:ugA83nGZKHA.4992@TK2MSFTNGP02.phx.gbl...
> Hello all,
>
> We've got 2x exchange 2007 front end servers configured to use CAS and HT 
> roles setup in an NLB cluster.
>
> To secure PDA's and OWA we've purchased from Entrust 2x Public 
> Certificates to install on both servers.
> We've installed one of the certs on one node to test but when connecting 
> to the node to use OWA we have the same error regarding having a 
> certificate error.  Is there anything else required to make this work? 
> Our SAN names on the certs have only FQDN names of the servers and NLB 
> cluster, do we need a single label name on the cert for this to work?.
>
> Any help much appreciated.
> 

0
Ed
11/14/2009 7:10:11 AM
On Fri, 13 Nov 2009 14:02:40 -0000, "Andrew Story"
<andrewDOTstoryATjameswalkerDOTbiz> wrote:

>Hello all,
>
>We've got 2x exchange 2007 front end servers configured to use CAS and HT 
>roles setup in an NLB cluster.
>
>To secure PDA's and OWA we've purchased from Entrust 2x Public Certificates 
>to install on both servers.
>We've installed one of the certs on one node to test but when connecting to 
>the node to use OWA we have the same error regarding having a certificate 
>error.  Is there anything else required to make this work?  Our SAN names on 
>the certs have only FQDN names of the servers and NLB cluster, do we need a 
>single label name on the cert for this to work?.

Was your certificate issued by a secondary (intermediate) CA? Do you
have the intermediate CA in your certificate store on the CAS?

Do the devices connect directly to the CAS or do they connect to some
other device (ISA, load balancer, etc.) that may be terminating the
SSL connection?

Try this URL and see if it points to any problems:
http://www.digicert.com/help/
---
Rich Matheisen
MCSE+I, Exchange MVP
0
Rich
11/14/2009 4:34:30 PM
Reply:

Similar Artilces:

Server froze at night
Hi: For the first time ever my server froze. The screen was showing the crtl-alt-del login screen, but the keyboard was useless and the maouse was the same. Communications from the internet were dead and trying to contact the server from the LAN was the same. My WM phone could not connect to exchange. I had to press the power button to turn off the server and power it on again. This happened at night. I've been checking the logs and nothing shows, the backup that was running at the time was not completed (is there a log?) Do you have any pointers to where to look? Regards ...

Using Mercury Processing?
If anyone out there is using Mercury Processing, I would like to know a few things: 1) When processing the transaction does the reciept printer have to be set to always print? (Personally I never give a reciept unless customer requests it, in which case the printer is set to never print reciept). 2) Must you print the entire reciept or can you just print the total amount, and not a description of each item? 3) I would be using a cable connection, which is basically the internet, but not through a DSL line dedicated to each station, the connection is made through a router, and basical...

Using a COM dll in VC++
I a work colleague wrote a dll in VB with COM stuff. I need to use this dll in VC++. How do you do that? My knowledge of dll especially COM dll is fairly limited. See if the following article offers you any help. Calling a VB ActiveX DLL from a MFC Client http://www.codeproject.com/dll/vbactivexwithvc.asp -- Cheers Check Abdoul [VC++ MVP] ----------------------------------- "nerram" <kevin.marren@hp.com> wrote in message news:ab54811.0311190052.7d425db@posting.google.com... > I a work colleague wrote a dll in VB with COM stuff. I need to use > this dl...

two problems using Outlook and Word
Does anyone know why it is that when I open an email in Outlook which comes in as an HTML doc, and try to respond to it, the format of the response converts it to plain text format in a hideous courier font? Which cannot be converted into HTML because the option is grayed out? Is this in some way related to the reason why I cannot now respond to emails without getting a warning that something is trying to access Microsoft Word and should I allow it and if so for how long? Whatever option I try, the result is the same, either Word opens as it should, as Word seems to open as this TXT version ...

What's the diff between MS Exchange Server and Internet E-mail?
I guess I know what Internet E-mail is: it logs onto your ISP's servers to send and receive, right? But what exactly is Exchange Server? -- -Dave It's a (local) mailserver mainly used in organizations which allows you to share Outlook items and lots more; http://www.microsoft.com/exchange -- Roady [MVP] www.sparnaaij.net Microsoft Office and Microsoft Office related News Also Outlook FAQ, How To's, Downloads and more... Tip of the month: -Tips for cleaning up your mailbox Subscribe to the newsletter to receive news and tips & tricks in your mailbox! www.sparnaaij.net ...

Server could not be found in Outlook #2
I can send / receive e-mails in Freeserve e-mail program, however cannot in Outlook and I'd rather use Outlook. Error message: The server could not be found error number 0x800ccc0d Any suggestions? ...

Vacation Used/Accrued/Balance Report
I am trying to build a report in either Crystal Reports or SQL Reporting Services that would give me an employee's beginning vacation balance, hours used, hours accrued and ending balance for a particular pay period. I have determined that I need SQL views to get the data to report correctly however; need some direction. If anyone have the views already created and would be willing to share, I would greatly appreciate it. Or even better the CR or SRS report :) Thanks in advance! You can email me at lbaker@jatnet.com The paycheck history tables will have all but the beginning balan...

using various data from a source outside of excel
I want to know how to convert data typed in word (in a sentence format)to seperate columns in excel. The "sentence" might contain a product, a price and a date. The next "sentence" appears on the next line and contains the same information (product, price and date), but does not line up in column format. Hi without more information about your exact data structure: difficult to say. But you may start with 'Data - text to columns' within Excel -- Regards Frank Kabel Frankfurt, Germany "Jennifer" <jenniferlmohammed@hotmail.com> schrieb im News...

Using Relative path for XML data file?
Is there a way to specify a relative path to an XML data file imported into Excel 2003? I am writing a web app that generates report data as XML for the user to download to their local machine. This data is to be consumed by an Excel reporting spreadsheet, which contains display-formatted tables and charts that are mapped to various data fields in an XML Map, which is in turn linked to the xml data file they will download. The idea is the user only needs to download the data for updates, not the whole spreadsheet. However, since I cannot predict the path where the user will store their...

Only Administrator can change password using OWA, user cannot.
Hi, I've just installed SBS2003 and followed this article http://support.microsoft.com/default.aspx?scid=kb;EN-US;301428 to enable password change in OWA. So far, only users with Administrative rights can change their password, normal user will get the "Error: General access denied error". Is this a permission issue? Also, at the end of the article, it refers to changing the local policy setting, how do you change to policy in SBS2003? This is the first time I play with a Windows2003 server, everything looks a bit different... Any suggestions are welcome Any Idea? k_sit@...

Using formula "VALUE" with pasted text
I use Excel 2003, Norwegian version. I try to convert a big table pasted from a web site. Pasted text is numbers in the format "7 589". When I try to change a pasted text to a number using the formula "VERDI" (Value in English), I get an error. BUT - If I type in the number in the same format, it works. The same thing happens when I paste the formula =VERDI("kr 1 000") from the help system. Error. If I type in exactly the same formula, it works. Does anybody know why? Is there something I can do? Arnfinn Hi First way: use the formula in another column,...

Migrating DB Server
I am planning to migrate our DB server.. Current configuration is: Machine1: CRM Server [Windows 2000 Sp4] Machine2: DB Server [SqlServer 2000 Standard Edition sp3 on windows 2000 sp3] and DB Server is going to be migrated onto SqlServer Enterprise Edition on Windows 2003 Enterprise Server I will greatly appreciate if anyone of you can give me useful advice of how DB Server can be migrated keeping the same installation of CRM App. Would there be any configuration on CRM Server that needs to be changed to point to the new DB Server? If I just restore the schema on new DB Server, would th...

need hint on: moving CRM 1.2 app server to new hardware ("box")!
Hi all, we have CRM 1.2 and its databases on 2 different physical servers. We have to move the crm app server to a new hardware box. Does the following scenario work (just the rough points)? - remove "old" crm server from network (uninstall, whatever....) - install crm on new box, pointing to existing database (sql server remains the same) My question: Can I use a NEW NAME for the new crm box or MUST I use the SAME NAME for the new box than the old one had? This would resemble the "disaster recovery scenario" in the IG, except with installing CRM on a different app...

Where used lookup screen if you don't know what BOM it is on.
I have not been able to find a place where I can enter a part number and find out where it is used (except on a report). A lookup screen would be very helpful. -- Sheri Salomone THANKS! ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If you do not see the button, follow this link to open the suggestion in the Microsoft Web-based Newsreader and then click "I Agree" in the message pane. http://www.microsoft.com/Business...

finding all the Type=2 deliverables in the Server
Is there a quick way to get a listing of all of the type=2 deliverables in the Server? Yes, create a query in the Reporting db. Look at the built in Views ending with _Userview. They have all custom fields automatically appended to their end. -- Rod Gill Microsoft MVP for Project - http://www.project-systems.co.nz Author of the only book on Project VBA, see: http://www.projectvbabook.com "Chris_J_S" <ChrisJS@discussions.microsoft.com> wrote in message news:3531912E-1B61-4087-9CBE-AF7F00635BD1@microsoft.com... > Is there a quick way to get a li...

how to change Microsoft Exchange Server
How do I change the Microsoft Exchange Server that my outlook profile to connecting to? This is under Tools > Options > mail setup > email accounts > view or change existing email accounts. When I select Microsoft Exchange Server and click Change, the server field is not editable. The only way I can connect to the new exchange server is to create a new profile, but I don't want to do that because I have tons of customizations. Is there someway to change the server through .ini configuration files or registry? I am using Outlook 2003. Close outlook. go to control ...

How to use ENUM_SERVICE_STATUS_PROCESS in CMainFrame
Hello: I have a problem where something I want to use requires #include <windows.h> but #include "StdAfx.h" has already been defined; namely because this is an MFC application. Basically, I want my program to enumerate the services on the current machine and wait for a particular service or services to be started. If I only include StdAfx.h I get errors of ENUM_SERVICE_STATUS_PROCESS and others being undefined. If I include only Windows.h I have othe problems. If I include StdAfx.h and then Windows.h I still get undefined errors. Certainly there has to be a way ...

Outlook 2003 can't connect to Exchange Server, NetBEUI perhaps?
Hi, I bought Outlook 2003 to upgrade from Outlook 2000 and it can't see my exchange server. I've gone back to Outlook 2000 and everything works fine again. Somehow this isn't considered a setup issue by MS and costs $250 for someone to listen to, but I digress... The client is XPsp1, latest fixes. The server is NT4sp6a and latest fixes and the Exchange server is 5.5 with latest service packs and fixes. The one unusual thing is that I use NetBEUI exclusively on my internal network for security (don't trust a routable protocol). Does Outlook 2003 support NetBEUI? ...

Using Trim in a Userform
I have a Userform that I fill out and have the information entered in a cell on a worksheet, I am trying to use Trim when entering it in the cell to remove any duplicate spaces. Can someone help me out and let me know why this isn't working and what I need to change to get it to work. Thank you for your help. ws.Cells(iRow, 2) = Trim(txtProblem.Value) The worksheet's TRIM function does not work the same as the built-in VB Trim function (which only removes spaces from the ends of the text). You can tap into the worksheet's TRIM function, to do what you want though...

using querystring to add param
I have another newbie xml/.net question. All apologies. I'm trying to get an aspx file to modify an XSLT file based on a querystring. ie. recipe.aspx?recipe=cheesecake will add this line to the XSLT file: <xsl:param name="recipe" select="cheesecake" /> I'm getting this error message pointing to 'xslArg.AddParam...' when I execute the .aspx file: Compiler Error Message: BC30188: Declaration expected. Now I don't know much about .NET and it seems like it's something with the .vb file but I don't know which end to troubleshoot. ..vb file...

Message attachments flagged by Server AV Scanner in E2K User to User Mail
Interesting one, any idea why this might happen? Workstation Setup: Windows XP Office XP (Outlook 2002) Exchange User to Exchange User messages, regardless of delivery method, and only when using Office XP (Outlook 2002) fail. The recipiant, instead of getting the message, gets this: WARNING!!! (from smtp.domain.com) The following message attachments were flagged by the antivirus scanner: Attachment [2] winmail.dat, scan failed: Scan engine error. Action taken: incomplete scan Any ideas? I've seen similiar questions raised, but none exactly like this and few answers. ...

Outlook 2000 problems after migrating Exchange server from 5.5 to 2000
We had Exchange server 5.5 running on Windows 2000. Every client has Outlook 2000 SR-1 as mail client. After migrating to Exchange server 2000, we are having problems on computers running Windows XP pro. But on computers running W2k it's everything fine. On Windows XP, Outlook 2000 will not send any email to any adress not in the personal adress book, and will not connect to the global adress book defined on the server. Trying to access the global address list will fire the message "Network problems are preventing connection to the microsoft Exchange server computer. Contact...

Can you run Outlook 03 with Exchange Server 2000?
We have Exchange Server 2000. Is it possible to use the Office 03 version which has Outlook 03 if the Exchange Server is 2000? Yea it will work fine. Are you having problems with it? >-----Original Message----- >We have Exchange Server 2000. Is it possible to use the >Office 03 version which has Outlook 03 if the Exchange >Server is 2000? >. > ...

Using Ranges
Hi, I did an insert --> name --> define: a range that would automatically update: RangeName = "Sheet2!$C$4:$Q$"&COUNT(Sheet2!$E$4000)+3 So I want to write a macro that uses the range. x = Range("RangeName").Value gives the following error: Method Range of Object Global Failed when i set a range in the worksheet using the upper left hand box the macro works. Do you know how to fix this problem. Thanks That won't work - it's just an invalid string value, not a range. You need to use a named range whose definition actually returns a range, alon...

Routing outgoing SMTP via ISPs SMTP server
I've had problems sending mail to Hotmail and Bigfoot email accounts. It appears that the reason for this is that we're on a dynamic IP, and although our SMTP server is nailed down, some mail providers simply bounce (or > /dev/null) email coming in from an SMTP server which is on a dynamic IP. Great. So, the situation is that we are only able to use Exchange within our (small-ish) organization if we either fork out a vast amount of cash for a static IP, or we can somehow route all outgoing mail via our ISPs SMTP server. I *could* add an additional account to each desktop machine...