• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1714
  • Last Modified:

Security Alert autodiscover.domain.org when outlook 2007 client connect to exchange server 2003

Dear sir,

We are still using exchange 2003 mail server in our organization, and no planning to upgrade to exchange 2007 or 2010 in the future.  We have been used outlook 2003 to communicate with exchange 2003 for a long while.  it is very easy to configure as long as active directory been created a valid user name and mail box.  We had used AT&T internet service and DNS hosting in the past, everything is working good.  Recently we switch to Verizon internet service, but they do not have a service to host client DNS, so we have to use our domain registration agent, network solution, as our new DNS hosting, our corporate email and website are working fine.  But recently we upgrade our user outlook 2003 to outlook 2007. and then we have a big problem to connect our exchange server 2003, I understand outlook 2007 is using autodiscover to seach email connection.  We can not connect our staffs email with outlook 2007 now. see attachment.  Is this cause by our DNS hosting, network solution? or something we can easily fix in our end.  Thank you so much,Paul from project hospitality.
DOC081310.pdf
0
paul_lin
Asked:
paul_lin
1 Solution
 
EllushCommented:
What is you Outlook 2007 SP ?As as I remember SP2 fixes problems with autodiscover.If not, check out the following article http://www.windowsitpro.com/article/tips/how-can-i-force-my-microsoft-outlook-2007-client-to-a-particular-autodiscovery-server-.aspx
0
 
tigermattCommented:

This is being caused by the fact you appear to have a wildcard (*) record in your public DNS for *.projecthospitality.com.

Outlook/Exchange 2007 introduce the new Autodiscover service which automatically configures Outlook clients and allows them to locate Exchange resources on the network. Exchange 2003 does not have an autodiscover function, but Outlook 2007/2010 will still go looking for it. By default, it searches a couple of URLs including https://autodiscover.domain.com; if that URL resolves to an SSL site somewhere but the SSL certificate on that site is for another domain, Outlook will throw the standard security error you're seeing.

If you have a record called "autodiscover" in public DNS, remove it. You don't need it with Exchange 2003. If you don't have that record, but have a wildcard (*) record, consider removing it - as that record will resolve any URL, including autodiscover.domain.com. If you can't remove the wildcard record, create a record called "autodiscover" and point it to a totally invalid IP address - 127.0.0.2 would do. Just remember to change the IP if you ever upgrade to Exchange 2007/2010.

I'm going to ask a Mod to remove your email address and telephone number for privacy reasons.

-Matt
0
 
paul_linAuthor Commented:
Thak you for your help, office SP2 resolves our problem.
Thanks
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now