amku03
asked on
Autodiscover Service: DNS Entry?
Guys,
I am opening this question just to get a simplified steps which i need to work on.
Scenario:
I have 4 domains in the forest : NA-EUR-PAC-JPN
All except NA have got a SAN certificate for Exchange with the entry for : Autodiscover.Domain.com
In addition to that, each domain has their own webmail URL Like:
EUR: eurmail.doamin.com
PAC:pacmail.doamin.com
JPN:jpnmail.domain.com
NA: webmail.domain.com
however except eur, all domains are using webmail.domain.com for webmail
Having said that...
on the internal DNS server we have a entry for autodiscover in domain.com which is pointed to a CAS box in NA.domain.com , however we do not have any entry for autodiscover in the external DNS zone. Considering that we still have sometime to upgrade our certs to SAN in NA.
I believe creating an entry in the external DNS for autodiscover which inturn will point to : webmail.domain.com/autodis cover/auto discover.x ml , which is also set as internal URI for autodiscover for the domain, can resolve security cert warning issue.
.
I am not sure if i have put the description in correct or in more descriptive manner...
But i wanted to knwo what can i do to get rid of security cert errors.
Please do not provide me the ref. links.
I need suggestions on steps which i need to carry out in my environment.
I will try my best to explain the situation again if required....
I am opening this question just to get a simplified steps which i need to work on.
Scenario:
I have 4 domains in the forest : NA-EUR-PAC-JPN
All except NA have got a SAN certificate for Exchange with the entry for : Autodiscover.Domain.com
In addition to that, each domain has their own webmail URL Like:
EUR: eurmail.doamin.com
PAC:pacmail.doamin.com
JPN:jpnmail.domain.com
NA: webmail.domain.com
however except eur, all domains are using webmail.domain.com for webmail
Having said that...
on the internal DNS server we have a entry for autodiscover in domain.com which is pointed to a CAS box in NA.domain.com , however we do not have any entry for autodiscover in the external DNS zone. Considering that we still have sometime to upgrade our certs to SAN in NA.
I believe creating an entry in the external DNS for autodiscover which inturn will point to : webmail.domain.com/autodis
.
I am not sure if i have put the description in correct or in more descriptive manner...
But i wanted to knwo what can i do to get rid of security cert errors.
Please do not provide me the ref. links.
I need suggestions on steps which i need to carry out in my environment.
I will try my best to explain the situation again if required....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
endital, do you maintain any blog ??
i just started and need to get it public
http://jimthemcp.blogspot.com
http://jimthemcp.blogspot.com
ASKER
thanks for the ref. Will go through it and probably come back with some more questions for you or the forum....
if your external dns server can handle srv records you have more options
http://support.microsoft.com/kb/940881
http://support.microsoft.com/kb/940881
ASKER
This is what I am looking to do ... SRV record in external DNS
This will be till the time we get a SAN cert.
Does this makes sense?
This will be till the time we get a SAN cert.
Does this makes sense?
exactly. create an srv that points to your webmail.domain.com A record
internally you need to run
set-clientaccessserver CASname -AutodiscoverServiceIntern alURI https://webmail.domain.com/Autodiscover/Autodiscover.xml
does not require the srv record internally
set-clientaccessserver CASname -AutodiscoverServiceIntern
does not require the srv record internally
Have you run through www.testexchangeconnectivity.com and seen what it has to suggest?