?
Solved

Security Alert autodiscover.domain.org when outlook 2007 client connect to exchange server 2003

Posted on 2010-08-15
4
Medium Priority
?
1,711 Views
Last Modified: 2012-05-10
Dear sir,

We are still using exchange 2003 mail server in our organization, and no planning to upgrade to exchange 2007 or 2010 in the future.  We have been used outlook 2003 to communicate with exchange 2003 for a long while.  it is very easy to configure as long as active directory been created a valid user name and mail box.  We had used AT&T internet service and DNS hosting in the past, everything is working good.  Recently we switch to Verizon internet service, but they do not have a service to host client DNS, so we have to use our domain registration agent, network solution, as our new DNS hosting, our corporate email and website are working fine.  But recently we upgrade our user outlook 2003 to outlook 2007. and then we have a big problem to connect our exchange server 2003, I understand outlook 2007 is using autodiscover to seach email connection.  We can not connect our staffs email with outlook 2007 now. see attachment.  Is this cause by our DNS hosting, network solution? or something we can easily fix in our end.  Thank you so much,Paul from project hospitality.
DOC081310.pdf
0
Comment
Question by:paul_lin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 2

Accepted Solution

by:
Ellush earned 2000 total points
ID: 33440903
What is you Outlook 2007 SP ?As as I remember SP2 fixes problems with autodiscover.If not, check out the following article http://www.windowsitpro.com/article/tips/how-can-i-force-my-microsoft-outlook-2007-client-to-a-particular-autodiscovery-server-.aspx
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 33441832

This is being caused by the fact you appear to have a wildcard (*) record in your public DNS for *.projecthospitality.com.

Outlook/Exchange 2007 introduce the new Autodiscover service which automatically configures Outlook clients and allows them to locate Exchange resources on the network. Exchange 2003 does not have an autodiscover function, but Outlook 2007/2010 will still go looking for it. By default, it searches a couple of URLs including https://autodiscover.domain.com; if that URL resolves to an SSL site somewhere but the SSL certificate on that site is for another domain, Outlook will throw the standard security error you're seeing.

If you have a record called "autodiscover" in public DNS, remove it. You don't need it with Exchange 2003. If you don't have that record, but have a wildcard (*) record, consider removing it - as that record will resolve any URL, including autodiscover.domain.com. If you can't remove the wildcard record, create a record called "autodiscover" and point it to a totally invalid IP address - 127.0.0.2 would do. Just remember to change the IP if you ever upgrade to Exchange 2007/2010.

I'm going to ask a Mod to remove your email address and telephone number for privacy reasons.

-Matt
0
 

Author Closing Comment

by:paul_lin
ID: 33454597
Thak you for your help, office SP2 resolves our problem.
Thanks
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Here's a look at newsworthy articles and community happenings during the last month.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month11 days, 18 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question