Shulou(Shulou.com)06/02 Report--

In Exchange Server 2010, if you want to achieve high availability for the CAS role, you need to configure Network Load Balacing, which is a very easy step, but after we have created the NLB for CAS, there are two important steps to do.

First: create a CAS Array using the New-ClientAccessArray command, as shown in the figure:

Second: after we have created the CAS Array, you also need to apply for a multi-domain name certificate for all CAS nodes in the NLB. The certificate application process can be carried out through the EMC Certificate Application Wizard and the req file will be generated. However, after applying for the multi-domain name certificate, you will find that the certificate cannot be used normally. The client may have problems when accessing OWA, EAS or Outlook Anywhere. Accessing OWA prompts for a certificate error, as shown in the figure:

At this point, we can see in EMC that the CAS Array certificate just applied for cannot be trusted by the root certificate authority, as shown in the figure:

This problem is caused by the default ADCS that cannot support multiple domain name certificates. Therefore, we need to use the Certutil-setreg policy\ EditFlags-EDITF_ATTRIBUTESUBJECTALTNAME2 command to make ADCS support the multi-domain name certificate, as shown in the figure:

Then we need to apply for a certificate through the Certsrv site on the CAS node server of NLB. Here, we need to copy the contents of the Req file generated when we created the multi-domain name certificate to it, and select Web Server as the certificate template, as shown below:

Then Sumbit the request and download the certificate chain based on the Base64 encoded entry, as shown in the figure:

Then we need to import the certificate chain into the CAS node in the first NLB through the Import-ExchangeCertificate command and enable the certificate chain through the Enable-ExchangeCertificate command. After execution, you will see that the CAS Array certificate can be trusted by the root certificate authority, as shown in the figure:

Finally, we need to export the certificate containing the private key from the CAS node, and then import it to other CAS nodes in the NLB. Finally, there will be no problem when the client accesses OWA or other Exchange services again, as shown in the figure:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.