We help IT Professionals succeed at work.

Outlook 2007 and Exchange 2007 AUtodiscovery - how do I turn this off?

chrisdodds
chrisdodds asked
on
I have configured Exchange 2007 on an SBS 2008 server.  Brand new, factory fresh image.  All of my network workstations are configured and connected to Exchange 2007 through Outlook 2007.  However, from time to time each user receives pop-up windows asking if it's okay to authenticate to http://remote.xxxxx.xxxx -- but I'm not sure why?  I don't know how to turn this off or stop it from happening?  Seems the digging I've done online has something to do with autodiscovery in Outlook 2007 and how it connects to Exchange 2007.  Any help out there?
Comment
Watch Question

Do not configure Exchange 2007 Server for Web Distribution for OAB and Do not configured Outlook client with the autodiscover feature, select
"Configure the account manually" while creating a profile in outlook
Syed Mutahir Alibinarybonsai

Commented:
It is asking because the name on the SSL Certificate doesn't matches that off remote.xxxxxx.xxxx

You can purchase a SSL certificate from Godaddy with proper subject alternative names (SAN Certificate), so that it has

#NETBIOS name of Exchange: EX-2k7 (example)
#Internal FQDN: EX-2k7.abc.local (example)
#External FQDN (Public name): webmail.abc.com (example) (use nslookup/ping to verify the external FQDN)
#Autodiscover name: autodiscover.abc.com (example)
#SubjectName: cn=webmail.abc.com (example)

Author

Commented:
"Do not configure Exchange 2007 Server for Web Distribution for OAB " --
How is this accomplished?
or...
"You can purchase a SSL certificate from Godaddy with proper subject alternative names (SAN Certificate), so that it has

#NETBIOS name of Exchange: EX-2k7 (example)
#Internal FQDN: EX-2k7.abc.local (example)
#External FQDN (Public name): webmail.abc.com (example) (use nslookup/ping to verify the external FQDN)
#Autodiscover name: autodiscover.abc.com (example)
#SubjectName: cn=webmail.abc.com (example) "
Can the folks at godaddy help me with this?  I've not ever had a client purchase a valid certificate...
 
Thanks guys...

Commented:
If you are not planning to buy a SSL cert. Then better thing is disable the ssl for outlook or us a self sign certificate if you want to use ssl :)
http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx
Syed Mutahir Alibinarybonsai

Commented:
http://help.godaddy.com/article/5281
Yes godaddy will guide you all the way through

all you have to be sure off is the names you want on the certificate

#NETBIOS name of Exchange: EX-2k7 (example)
#Internal FQDN: EX-2k7.abc.local (example)
#External FQDN (Public name): webmail.abc.com (example) (use nslookup/ping to verify the external FQDN)
#Autodiscover name: autodiscover.abc.com (example)
#SubjectName: cn=webmail.abc.com (example)
Syed Mutahir Alibinarybonsai

Commented:
http://help.godaddy.com/article/4877

Above is when you get the cert and it guides you on how to install it
Syed Mutahir Alibinarybonsai

Commented:
Just summing all up :

Request a SSL Cert from Godaddy
Import the certificate in your exchange (http://technet.microsoft.com/en-us/library/bb124424(EXCHG.80).aspx)

Next enable the certificate with Enable-ExchangeCertificate cmdlet. Enable atleast IIS and SMTP.
 
Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxx -Services POP,IMAP,SMTP,IIS

This blog also outlines the process :

http://exchangemaster.wordpress.com/2010/04/20/exchange-2007-certificates-and-new-go-daddy/

Hope this helps

Author

Commented:
Okay, one last question - my client is not so interested in using the SSL and purchasing a certificate.  How do I disable/turn it off in Exchange?
Hey friends, here's what I did to solve my problem:
This solved the problem for me:
IIS Mgr on SBS 2008 / - / SBS Web Applications /
- SSL Settings / Client certificates - Stop / Start web server after changing settings:
Autodiscover: Ignore
EWS: Ignore
OAB: Accept *)
owa: Accept *)
Rpc: Accept *)
RpcWithCert: Accept *)
*) All these have to be Accept to get rid of login box
************
This info was found here (most of the way down the page):
http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/383d130e-869f-4fce-9502-8b340904b0ba
To find this post, look for this username and date:
MrTKJones @ Sunday, May 09, 2010 5:02 AM
Thanks for your suggestions.
- Chris