We currently have a few CAS/Hub servers behind a hardware balancer. We were told by Microsoft and Digicert that we may not need them listed as SANs in our UCC cert since we do not publicize their hostname to users.
However, when we tried to apply the UCC certificate to our CAS servers without them listed individually as a SAN we received errors like this from Outlook:
Does anyone know what configuration or setup causes the CAS server hostnames to be exposed?
PS: I know that we shouldn't be using fake TLDs. We are working to fix that soon.
Update (5/6/14)
I ran through a plethora of configuration:
Get-WebServicesVirtualDirectory | Fl Identity,InternalUrl,BasicAuthenticationExternalUrl
Get-OabVirtualDirectory | Fl Identity,InternalURL,ExternalURL
Get-ActiveSyncVirtualDirectory | Fl Identity,InternalUrl,ExternalUrl
Get-OutlookAnywhere | Fl Server,ExternalHostname
Get-ClientAccessServer | Fl Server,AutoDiscoverServiceInternalURI
The only one that referenced our fake TLD internal hostname was the last one. Isn't this just for auto discovery though? Why would internal clients reference it on every launch?