SBS2008 - autodiscover.abc.co.uk - invalid certificate

unrealone1
unrealone1 used Ask the Experts™
on
Finished installing sbs2008 standard server. domain: ABC

Ran setup your internet address: abc.co.uk
Ran add a trust certificate: which found remote.abc.co.uk

Join win XP SP3 PC to its domain. Web browser > http://connect

Login as user, open up Outlook 2007. It finds exchange, but then requests that I login to remote.abc.co.uk - I click cancel and it brings up a popup autodiscover.abc.co.uk with a invalid certificate with 3 x's saying the certificate is invalid. I click view certificate and it says
Issued to: plesk
issued by: plesk
 date: 2006-2007

Tried \\abcserver\public\downloads and installing that certificate automatically, which is
issued to: abc-abcserver-ca

When I reboot and open up outlook again - it still finds the plesk one?

Any thoughts?

I havent installed any 3rd party certificates

Any thoughts
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
Was this SBS server installed into an existing domain? Plesk certificates are certainly not part of a standard SBS install, so that certificate came from *somewhere.*

Author

Commented:
Example of certificate. when I go to \\abcserver\public\downloads
EXAMPLE1.JPG

Author

Commented:
@cqaliher.
SBS Server was installed yesterday, no upgrade - fresh install.

The plesk possibly coming from the client PC I am using?

How can I get it to use the certificate from the server and replace the plesk?
EXAMPLE2.JPG
Distinguished Expert 2018

Commented:
No, tat certificate is coming from *a* server. May not be your SBS server. If you have a wildcard DNS record on your public hosted DNS service, remove it. Wildcard A records wreak havoc with Outlook/Exchange Autodiscover services.

Author

Commented:
What about this?
http://www.smallbizserver.net/Forums/tabid/53/aff/104/afv/topic/aft/110529/mid/366/dnnprintmode/true/Default.aspx?skinsrc=%5BG%5DSkins%2F_default%2FNo+Skin&containersrc=%5BG%5DContainers%2F_default%2FNo+Container

At the bottom it states:

" I had a *.mydomain.com record in DNS that forwarded all queries for non existent domains to the IP of the main website. That means that whenever Outlook would query for autodiscover.mydomain.com or any of it's other default queries, it would be sent to the IP of the main website. Once there, the default behavior of my shared hosting account is to present the SSL certificate for the domain's control panel, Plesk, whenever a certificate is requested. I removed the * record and waited for DNS to propogate and flushed my local cache and it appears that everything is working now!
Distinguished Expert 2018

Commented:
that "*.mydomain.com" record IS a wildcard DNS record as I had previously mentioned. As I said, wildcard DNS records should not be used when Outlook/Exchange Autodiscover is in play.

Author

Commented:
@No, tat certificate is coming from *a* server. May not be your SBS server. If you have a wildcard DNS record on your public hosted DNS service, remove it. Wildcard A records wreak havoc with Outlook/Exchange Autodiscover services.

How can I go about removing this?
Awarded 2009
Top Expert 2010

Commented:
I would suggest this is something to do with your ISP and maybe they are using some plesk control panel for example.

>>"I had a *.mydomain.com record in DNS that forwarded all queries for non existent domains to the IP of the main website"
Why are you doing this?

My recommendation would be to run the internet address wizard fromt he SBS Console.
Select "i already have a domain name" and then click next
then select "I want to manage the domain name myself"

then complete the wizard.

Is your internal domain name the same as your external website domain name?

Author

Commented:
Yes the hosting company that host my domain have plesk control panel, what steps should I take?
Awarded 2009
Top Expert 2010

Commented:
Is your internal domain name the same as your external website domain name?

How is your internal DNS configured?

Can you open the DNS console, what forward lookup zones do you have configured?

Author

Commented:
Hi demazter

Internal domain: abc
External:   abc.co.uk

I have made no changes to DNS, all is the same as a default install. What changes do I need to make?
Awarded 2009
Top Expert 2010

Commented:
is the internal abc.local?

You shouldn't need to make any changes to a default install if it's been configured correctly.

Author

Commented:
yes, abc.local

Then I ran internet connection management and used abc.co.uk

The only place where plesk certificates reside, is on the hosting company of abc.co.uk.
Outlook autodiscovery looks for remote.abc.co.uk
Awarded 2009
Top Expert 2010

Commented:
so from a client if you run the following from a command prompt what do you get:

ping autodiscover.abc.co.uk

Author

Commented:
If I ping autodiscover.abc.co.uk I get a responce from my web hosting companys dns IP.

If I ping remote.abc.co.uk I get a response from my server IP.
Distinguished Expert 2018
Commented:
Outlook has a few "hardcoded" DNS records that it uses for autodiscover. That wildcard DNS record is capturing those lookups and causing the problems you are seeing. You *MUST* remove that wildcard DNS record from your hosted DNS service (NOT SBS.)

Author

Commented:
Hi Cqaliher,

I have moved my hosting of abc.co.uk to a local domain host, which are available soon as I need them, will let you know what happens.

Hopefully it will resolve any wildcards.

Author

Commented:
Moved the hosting of the domain, I think it was the SP3 update that did it. Thanks for your hlpe and advise.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial