[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 865
  • Last Modified:

Hosted Exchange and Autodiscover

Morning,
Currently our Autodiscover is set up as per Method 1 in the MS Autodiscover Whitepaper at:

http://technet.microsoft.com/en-us/library/bb332063%28EXCHG.80%29.aspx#Scenario1HowTo

We currently have 10 domain names that Exchange is working with.  Any user of the primary domain (the domain where OWA services can be found) have no problem connecting.  Using any other domain causes failures to connect and or certificate errors

Can anyone give me the best way to configure autodiscover so that any user can connect regardless of the email address they are assigned.  Please include exactly how to set up the DNS records for the domains as I feel this may be my problem.
0
chrisbrns
Asked:
chrisbrns
  • 4
  • 3
2 Solutions
 
Hilal1924Commented:
AutoDiscover and DNS are very closely related. My Suggestion would be to buy a SAN (Subject Alternate Certificate) with a wild card certificate which will accept all your domain names. In addition to that you will need to add all domain names for which you are accepting mail to the public DNS so that they can are discoverable (mostly achieved via CNAME records). Also In your autoDiscover settings make sure that it is configured propely n the server. Do a Test via Outlook and see what is the error message that you are getting.
The email address plays a very importat role in AutoDiscovery, The domain suffix is used to check the dns server responsible for handling AutoDiscover queries.

Best Regards,
Hilal
0
 
chrisbrnsAuthor Commented:
We currently do have a SAN certificate with all of the recommended domain as per the white paper.  testing from an account who using the main domain works flawlessly.

We're only having an issue with any user who users one of the other 9 domains.  we followed the method 1 in the white paper exactly to the letter.

I created a cname record pointing to the external address of the Exchange server.

The error they receive is that the certificate is untrusted due to a name mismatch.  This is understandable because it's trying to connect to autodiscover.hosteddomain.com where the SAN certificate is issued to (among other names) autodiscover.maindomain.com

I learned some new terms to toss into my Google searches and it seems one idea is to create a second website in IIS with a blank autodscover.xml file and have it redirect to the main site.  In the hosted domains DNS i'd create a cnam for autodiscover.hosteddomain.com to point to (can be named anything) auto-redirect.maindomain.com.  the new site in IIS would listen for this host header and then perform the redirect.  It seems this would work
0
 
chrisbrnsAuthor Commented:
Also should the DNS in the hosted domain carry any SRV records or is that unneeded?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Hilal1924Commented:
srv record is not needed since your domain zone will have it configured when the zone was getting set up. All you need is proper A,PTR and cname records. Creating additional CAS websites is not recommended. only try to limit it to a valid external url (domain name). create cname records for the rest.
Cheers,
Hilal
0
 
chrisbrnsAuthor Commented:
After some searches based on your advice I was able to find a solution that works best for us.  I followed the guide at

http://blogs.technet.com/jmayans/archive/2006/09/07/454716.aspx

The basic process is to create a separate Site in IIS with a blank autodiscover/autodiscover.xml file and have that redirects to your real autodiscover.xml

You'll need a separate WAN IP, and the DNS in the other domain will have to have a CNAME record for autodiscover.customerdomain.com that points back to your new website
0
 
Hilal1924Commented:
Great, I am glad to be of Help :)

Cheers,
Hilal
0
 
Hilal1924Commented:
Hi Chris,
I don't want to influence you in any way but I hunk you should ratethis questionand award points for the same. there is never a perfect solution.

cheers,
Hilal
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now