Technically you need to have the names on the cert to make things work correctly. You can kind of make it work with a wild card but it is not very pretty, and not recommended..
-----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, August 05, 2011 7:52 AM To: MS-Exchange Admin Issues Subject: Re: transition from exchange 2003 to 2010 So, why go with a SAN cert instead of a wildcard cert? Is it just price, or is there a technical advantage? On Fri, Aug 5, 2011 at 07:45, Paul Hutchings <paul.hutchi...@mira.co.uk> wrote: > > Just done this, fun aint it J We got a single SAN/UCC cert for domain.com, > mail.domain.com, legacy.domain.com and autodiscover.domain.com. > > > > We put it on the CAS and the 2003 FE, not the 2003 BE (and of course our > reverse proxy for SSL inspection). > > > > This is what I have in my notes for KB937031: > > > > Steps to enable Integrated Windows Authentication after you install > hotfix 937031 on the Exchange 2003 back-end server > > To work around this problem, turn on Integrated Windows Authentication. To do > this, follow these steps: > > Start Exchange System Manager. > > Expand Administrative Groups, expand Administrative_Group_Name, and then > expand Servers. > > Expand Your_Server_Name, expand Protocols, and then expand HTTP. > > Expand Exchange Virtual Server, right-click Microsoft-Server-ActiveSync, and > then click Properties. > > Click the Access tab, and then click Authentication. > > Click to select the Integrated Windows Authentication check box. > > Click OK two times. To verify that this successfully replicated to the > metabase on the Exchange server, follow these steps: > > Open the Internet Information Services (IIS) Manager under Administrative > Tools. > > Expand the Computer, expand Web Sites, and then expand Default Web Site. > > Right-click Microsoft-Server-ActiveSync, and then click Properties. > > Click the Directory Security tab, and then select the Edit button under > Authentication and access control. > > Verify that the Integrated Windows Authentication check box is selected. > > > > Note If this check box is selected, you have successfully replicated the > change that was made in the Exchange System Manager to the metabase on the > Exchange server. > > Click Cancel two times, and then exit Internet Information Services (IIS) > Manager. You can now test synching with your mobile device. > > From: Jason Benway [mailto:benw...@jsjcorp.com] > > Sent: 05 August 2011 15:35 > To: MS-Exchange Admin Issues > Subject: transition from exchange 2003 to 2010 > > > > I’ve been doing A LOT of reading. One thing I haven’t been able to find is > where the new cert needs to be installed. > > > > I’m assuming its on the CAS, exchange 2003 FE and exchange 2003 mbx servers? > > > > Should I also put the internal names on the SAN cert? or just the external > DNS names? > > > > What about the hotfix kb937031 does that go on all exchange 2003 servers? Or > just the FE? > > > > Thanks,jb > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > > ________________________________ > MIRA Ltd > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered > in England and Wales No. 402570 VAT Registration GB 100 1464 84 The > contents of this e-mail are confidential and are solely for the use of the > intended recipient. If you receive this e-mail in error, please delete it > and notify us either by e-mail, telephone or fax. You should not copy, > forward or otherwise disclose the content of the e-mail as this is prohibited. > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist