[isapros] Re: ISA and SAN Certs
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Wed, 29 Aug 2007 13:32:43 -0500
This is a good step in understanding some of the issues, but I suspect
the major problems people are running into relates to publishing the
autodisocvery site. You'll notice that when you run the Exchange
Publishing Wizard in ISA 2006 that is includes an /autodiscover path,
which is completely useless, since the client is looking for
autodiscover.domain.com/autodiscover and not the Client Access Server
Public Name, which would be something like owa.domain.com.
OK, easy problem to solve, right? All we need to do is create a second
Web listener on a second IP address and configure it to listen for
public name autodiscover.company.com. HOWEVER, the Client Access
Server's common/subject name and first SAN is owa.company.com. The
second SAN is autodiscover.company.com.
So, if we put on the TO tab autodiscover.company.com, will ISA 2006 be
able to "consume" the second SAN to support to the Outlook 2007
autodiscovery service?
Thanks!
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Wednesday, August 29, 2007 1:10 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] ISA and SAN Certs
>
>
> Another isablog for your reading pleasure.
>
>
> http://blogs.technet.com/isablog/archive/2007/08/29/certificat
> es-with-mu
> ltiple-san-entries-may-break-isa-server-web-publishing.aspx
>
> All mail to and from this domain is GFI-scanned.
>
>
>
>
Other related posts:
