Exchange 2010
We have 3 client access servers in Site1 (internet facing) and 3 client access servers in Site2 (non-internet facing). Recently we found that any user in Site1 could not view the free/busy information of any user in Site2. After looking at the URLs, I found the EWS URLs on all CA servers in Site 2 were set to https://mail.mydomain.com/EWS/Exchange.asmx - I changed the URL to https://FQDN.mydomain.local/EWS/EXchange. Once I made the change, free/busy information was viewable. Issue Resolved.
Since I've made this change, users in Site2 are receiving the dreaded certificate mismatch warning message; "The name on the security certificate is invalid or does not match the name of the site." This warning message references our SSL
certificate - our SSL certificate does not contain a SAN for the FQDN of any client access server.
Our SSL cert on all CA servers have the following services enabled:
IMAP, POP, IIS
Our self-signed Exchange certificates on all CA servers do not have any services enabled.
Because Site2 is non-internet facing, should the service settings be different than what's in Site1? What's the most effective work around or even better, what's the definitive resolution?