Exchange 2007 UCC/SAN Certificate - [WP]

Exchange 2007 UCC/SAN Certificate - [WP]

Post by V0lMRFBBQ0 » Thu, 28 Aug 2008 03:04:00


I will have 2 CAS and Hubs on the same boxs NLB with a BE 2 Node SCC.

I am not able to find much about adding the URL for Nodes ...

Will these be my URLS while requesting a UCC/SAN cert:

webmail.ourdomain.com
autodiscovery.ourdomain.com
CAS-HUB01.ourdomain.com
CAS-HUB02.ourdomain.com

How do I enter my clustered mailbox node names here???? Do I add both nodes
FQDN name here or just the clusters virtual name.ourdomain.com? Currently we
running OL2002 ...we will upgrade to OL2007.

I will be requesting my UCC/SAN certificate once I deploy my first CAS .....

Advise Please.

Thank you.
 
 
 

Exchange 2007 UCC/SAN Certificate - [WP]

Post by V0lMRFBBQ0 » Thu, 28 Aug 2008 03:16:06


or may be I dont need to worry about my Cluster Nodes name as all the mail
is delt by HUBs.

Advise Please.

TIA.

 
 
 

Exchange 2007 UCC/SAN Certificate - [WP]

Post by Elan Shudn » Thu, 28 Aug 2008 09:47:29

General recommendation from Microsoft is
CN=webmail.domain.com (or whatever name you want to use for
OWA/EAS/OA/Etc.)
SAN=webmail.domain.com
SAN=autodiscover.domain.com (not autodiscovery.domain.com)
SAN=NetBIOSofCAS
SAN=CASServer.domain.com

NetBIOS of the CAS in the certificate isn't all that necessary. Either
is CASServer.domain.com. I can only really see both useful if you want
to connect to OWA via that name. The only time I see
CASServer.domain.com useful is if UM is installed on that server and
you're integrating it with OCS. But if you're running NLB, you
shouldn't put your UM on those same servers.

Elan Shudnow
http://www.yqcomputer.com/
 
 
 

Exchange 2007 UCC/SAN Certificate - [WP]

Post by V0lMRFBBQ0 » Thu, 28 Aug 2008 21:25:01


Elan thank you for your response.

Autodiscovery was a typo thanks for pointing out though.

I have finalized these names will go in my SAN cert:

webmail.ourdomain.com
autodiscover.ourdomain.com
CAS-HUB01.ourdomain.com
CAS-HUB02.ourdomain.com
CMBXS01.ourdomain.com (This will be the virtual name of our Clustered MBX
Server)

Advise Please.
 
 
 

Exchange 2007 UCC/SAN Certificate - [WP]

Post by Elan Shudn » Fri, 29 Aug 2008 11:56:55

Looks good. But as I said, the names other than autodiscover and the
CMS name aren't really needed. But feel free to add them as you'd like
just as long as the 2 names are in there and servername.domain.com if
you're using UM and integrating it into OCS.

Elan Shudnow
http://www.yqcomputer.com/