Consolidating Subjective Alternate Names for Services on Client Access Server - Exchange 2007 Sp3
When I built my Exchange 2007 environment a few years ago, I purchased a SAN certificate to SSL enable services for ActiveSync, OWA, Outlookanywhere and Offline Address Book. Autodiscover service of course has its own name as well which is necessary. My research before my implementation showed this would be a good practice to give each service its own subjective alternate name or FQDN enabled with SSL. So for example, I have the folowing: webmail1.domain.com = Outlookanywhere list.domain.com = Offline Address Book owa1.domain.com = Outlook Web Access outlooksync.domain.com = Activesync I would like to consolidate these names to one name, and have chosen webmail1.domain.com as the name I would like to use. All these names are accessible internally and externally with port 443 punched through firewall. One thing I nocticed is that if I type in, for example, the url for webmail1.domain.com in the settings on a mobile phone(IPhone/Droid) I can access Exchange's Activesync service. If I type in webmail1.domain.com/owa, I can access Outlook Web Access, etc. Why is it the case that I can use multiple subjective alternate names for a particular service, when I only bound one name(using powershell) to each service during the installation of Exchange? In the Exchange Management Console you only see one specific name tied to a service, but I can stilll access that service with multiple names above.
June 15th, 2012 7:17pm

I assume you have one IP setup in IIS, using a SAN cert, and each of the DNS entries are pointing to the same IP. If so, IIS will serve up all websites at that IP independent of the FQDN typed in if using HTTPS. So if you have a.company.com and b.company.com that both point to 1.1.1.1 and the user types in https://a.company.com or https://b.company.com they will get the same website. IIS will only let one website be bound to 443 (default SSL port) when using a standard or UC\SAN certificate. You CAN setup a wildcard certificate and then use host headers and SSL together. So IIS is serve up the same website no matter what FQDN or URL you put in if configured with one IP and a SAN cert. This doesn't hurt anything and is normal.If this post helps to resolve your issue, please click the "Propose as Answer" If you find it helpful , mark it as helpful by clicking on "Vote as Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster. If you need an expert migration consultant to assist your organization feel free to contact me directly. Jason Sherry | Blog | Hire Me | Twitter: @JasonSherry Microsoft Infrastructure Architect, MCSE: M, MCTIP, Microsoft Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
June 16th, 2012 5:52pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics