I have two Exchange 2010 servers in a CAS array (single site) The FQDN for the CAS Array is cas.mydomain.com. Users get to OWA using mail.mydomain.com

I'm using a third party UCC cert and on that cert, I have autodiscover.mydomain.com, mail.mydomain.com, legacy.mydomain.com.  I do not have the CAS Array name on the certificate, nor do I have the server hostnames on the cert.

For DNS:
external DNS, mail.mydomain.com points to our public IP

Internal DNS, mail.mydomain.com points to the VIP of my hardware load balancer

For Set-ClientAccessServer, I have this

AutoDiscoverServiceInternalUri : https://mail.mydomain.com/autodiscover/autodiscover.xml

For OWA, ECP, ActiveSync, EWS and OAB....I have the internal URLs set to mail.mydomain.com

Is this incorrect? I did it this way since I do not have the cas array fqdn on my UCC cert.

Thanks,

When speaking of a CAS Array post EX2007, its can be somewhat confusing as there is the traditional definition of a CAS array that most of us would refer to, and then there is the CAS Array Object in AD that EX2010 refers to.

Speaking from the traditional sense that a CAS array is a pool of servers providing a single service, your configurations are correct using mail.mydomain.com as the target for external and internal client access connections via HTTPS (including RPC over HTTPS).

From the perspective of the Exchange 2010 CAS array providing MAPI connectivity for Outlook clients internally, there are some changes you should consider.  First, in previous versions of Exchange, MAPI RPC connections were made directly to the mailbox servers.  This is no longer the case as all client access connections go through the CAS.  So now we have to look at load balancing MAPI RPC traffic for internal Outlook client connections, which is where the CAS Array Object comes into play.  The key note to point out here is internal, as this is not used by any external clients (Outlook should be connecting via RPC over HTTPS).  Therefore, the CAS Array Object does not need to resolve in public DNS nor does it need to be part of your UCC cert.  Refer to the following two links for a better explanation of creating a CAS Array in EX2010 as well as some misconceptions regarding CAS Array Objects.

http://blogs.technet.com/b/ucedsg/archive/2009/12/06/how-to-setup-an-exchange-2010-cas-array-to-load-balance-mapi.aspx

http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx

If you don't feel like reading the articles, the shorter (and probably preferred) answer to your question is yes, your configurations are correct in that they should work as is.  But based on the link above regarding "Dymystifying the CAS Array Object", there may be some changes to make to adhere to best practices.

You no need to put casarray FQDN name in certificate.
Because you said that all Exchange web services access via https://mail.mydomain.com/"webservice path".


so it's mean your client will not access webservice via casarray name.
no need to put casarray name in SAN