This is a good step in understanding some of the issues, but I suspect the major problems people are running into relates to publishing the autodisocvery site. You'll notice that when you run the Exchange Publishing Wizard in ISA 2006 that is includes an /autodiscover path, which is completely useless, since the client is looking for autodiscover.domain.com/autodiscover and not the Client Access Server Public Name, which would be something like owa.domain.com. OK, easy problem to solve, right? All we need to do is create a second Web listener on a second IP address and configure it to listen for public name autodiscover.company.com. HOWEVER, the Client Access Server's common/subject name and first SAN is owa.company.com. The second SAN is autodiscover.company.com. So, if we put on the TO tab autodiscover.company.com, will ISA 2006 be able to "consume" the second SAN to support to the Outlook 2007 autodiscovery service? Thanks! Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Wednesday, August 29, 2007 1:10 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] ISA and SAN Certs > > > Another isablog for your reading pleasure. > > > http://blogs.technet.com/isablog/archive/2007/08/29/certificat > es-with-mu > ltiple-san-entries-may-break-isa-server-web-publishing.aspx > > All mail to and from this domain is GFI-scanned. > > > >