Hosted Exchange and Autodiscover

Morning,
Currently our Autodiscover is set up as per Method 1 in the MS Autodiscover Whitepaper at:

http://technet.microsoft.com/en-us/library/bb332063%28EXCHG.80%29.aspx#Scenario1HowTo

We currently have 10 domain names that Exchange is working with.  Any user of the primary domain (the domain where OWA services can be found) have no problem connecting.  Using any other domain causes failures to connect and or certificate errors

Can anyone give me the best way to configure autodiscover so that any user can connect regardless of the email address they are assigned.  Please include exactly how to set up the DNS records for the domains as I feel this may be my problem.
LVL 1
chrisbrnsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hilal1924Commented:
AutoDiscover and DNS are very closely related. My Suggestion would be to buy a SAN (Subject Alternate Certificate) with a wild card certificate which will accept all your domain names. In addition to that you will need to add all domain names for which you are accepting mail to the public DNS so that they can are discoverable (mostly achieved via CNAME records). Also In your autoDiscover settings make sure that it is configured propely n the server. Do a Test via Outlook and see what is the error message that you are getting.
The email address plays a very importat role in AutoDiscovery, The domain suffix is used to check the dns server responsible for handling AutoDiscover queries.

Best Regards,
Hilal
0
chrisbrnsAuthor Commented:
We currently do have a SAN certificate with all of the recommended domain as per the white paper.  testing from an account who using the main domain works flawlessly.

We're only having an issue with any user who users one of the other 9 domains.  we followed the method 1 in the white paper exactly to the letter.

I created a cname record pointing to the external address of the Exchange server.

The error they receive is that the certificate is untrusted due to a name mismatch.  This is understandable because it's trying to connect to autodiscover.hosteddomain.com where the SAN certificate is issued to (among other names) autodiscover.maindomain.com

I learned some new terms to toss into my Google searches and it seems one idea is to create a second website in IIS with a blank autodscover.xml file and have it redirect to the main site.  In the hosted domains DNS i'd create a cnam for autodiscover.hosteddomain.com to point to (can be named anything) auto-redirect.maindomain.com.  the new site in IIS would listen for this host header and then perform the redirect.  It seems this would work
0
chrisbrnsAuthor Commented:
Also should the DNS in the hosted domain carry any SRV records or is that unneeded?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Hilal1924Commented:
srv record is not needed since your domain zone will have it configured when the zone was getting set up. All you need is proper A,PTR and cname records. Creating additional CAS websites is not recommended. only try to limit it to a valid external url (domain name). create cname records for the rest.
Cheers,
Hilal
0
chrisbrnsAuthor Commented:
After some searches based on your advice I was able to find a solution that works best for us.  I followed the guide at

http://blogs.technet.com/jmayans/archive/2006/09/07/454716.aspx

The basic process is to create a separate Site in IIS with a blank autodiscover/autodiscover.xml file and have that redirects to your real autodiscover.xml

You'll need a separate WAN IP, and the DNS in the other domain will have to have a CNAME record for autodiscover.customerdomain.com that points back to your new website
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hilal1924Commented:
Great, I am glad to be of Help :)

Cheers,
Hilal
0
Hilal1924Commented:
Hi Chris,
I don't want to influence you in any way but I hunk you should ratethis questionand award points for the same. there is never a perfect solution.

cheers,
Hilal
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.