Hi, Say I have 4 2007 CAS roles using a hardware load balancer, with a FQDN of "cas.domain.local" set up in DNS that points the load balanced IP. So I need cas.domain.local on the certificate but do I need each server's own FQDN and/or netbios? (i.e. cas-box1.domain.local, cas-box2.domain.local etc.) ? I'm thinking as long as I set up the internalURLs properly there'd be no way for Outlook to ever connect to a server's local name. Missing anything there? Do people normally use the same cert, exported to each machine or or get one for each machine with the 'shared' name(s) along with the local ones for the server? I don't have any external connectivity so I will likely leave out external names like autodiscover.domain.com and any kind of external CAS.

Hi, Say I have 4 2007 CAS roles using a hardware load balancer, with a FQDN of "cas.domain.local" set up in DNS that points the load balanced IP. So I need cas.domain.local on the certificate but do I need each server's own FQDN and/or netbios? (i.e. cas-box1.domain.local, cas-box2.domain.local etc.) ? I'm thinking as long as I set up the internalURLs properly there'd be no way for Outlook to ever connect to a server's local name. Missing anything there? I think you are right here, don't forget the autodiscover function and make sure it works well get-OwaVirtualDirectory | fl get-ecpVirtualDirectory | fl get-webservicesVirtualDirectory | fl get-OABVirtualDirectory | fl get-ActiveSyncVirtualDirectory | fl Do people normally use the same cert, exported to each machine or or get one for each machine with the 'shared' name(s) along with the local ones for the server? I don't have any external connectivity so I will likely leave out external names like autodiscover.domain.com and any kind of external CAS. I use the same cert on the servers, using the export/import Are you going to use own CA or 3rd part certificate? Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog

3rd party (yes, even though we have no external connectivity... we don't want to set up an Internal CA just for this.) I know about SAN/Unified Communication certs but I'm hoping I can get away with a single name cert given the scenario (I have the ability to get certs of this type for 'free/pre-paid' from our provider.)