• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

OWA Cert Error with Server Farm Public and private certs

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> OWA Cert Error with Server Farm Public and private certs Page: [1]
Login
Message << Older Topic   Newer Topic >>
OWA Cert Error with Server Farm Public and private certs - 30.Jan.2008 1:42:17 PM   
ashwainwright

 

Posts: 4
Joined: 31.Jan.2007
Status: offline
I've come across a problem. I have set up Exchange 2007 with 2 CAS servers and ISA 2006 OWA web publishing rule with a Server Farm for the 2 CAS servers.
Internally I setup a CA and generated certifcates for both cas servers. This is the format for CAS1, and duplicated for CAS2 with the CAS2 as the FQDN and Netbios name.
Subject Name- exchange.myorg.com
SAN -exchange.myorg.com
myorg.com
autodiscover.myorg.com
CAS1.internaldomain.com
CAS1
internaldomain.com

I generated a request for an Entrust UC cert on CAS1 and succesfully placed this on the ISA 2006 standard server. the cert is as follows.

Subject Name - exchange.myorg.com
SAN -exchange.myorg.com
myorg.com
autodiscover.myorg.com

I am using split DNS so users access exchange.myorg.com internally and externally. Internally users access the ISA's internal interface and externally the public interface.
They are prompted by the ISA form and prompted for credentials. These are accepted and they receive the following error
Error Code: 500 Internal Server Error. The network logon failed. (1790)
The user then  refreshes (F5) their browser and they are successfully presented with OWA.
A work around to this problem is to install the entrust certificate in the cert store for the CAS servers, however this then causes internal cert errors as Outlook 2007 users pick up the Entrust UC Cert which does not include the the machine FQDN or NetBIOS name.
Does anyon have any ideas for a work around?
Thanks
Ash
Post #: 1
RE: OWA Cert Error with Server Farm Public and private ... - 30.Jan.2008 2:00:55 PM   
ashwainwright

 

Posts: 4
Joined: 31.Jan.2007
Status: offline
I just worked out the answer.

I regenerated the internal certs on the CAS servers so that the subject names matched the machine names.

subject name cas1.internaldomain.com
SAN cas1.internaldomain.com
cas1
exchange.myorg.com
internaldomain.com
myorg.com
autodiscover.myorg.com
autodiscover.internaldomain.com

I probably over did it with SAN names, but setting the suject name to the machine name worked.

Hope this helps someone else.

Ash

(in reply to ashwainwright)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> OWA Cert Error with Server Farm Public and private certs Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts