I have an issue with autodiscover and multiple email domains.

We use Outlook2007 on non-domain connected clients and support multiple email domains , domain1.com and domain2.com. Domain2 is a Secondary external domain in our Exchange environment and the domain for our primary SMTP email address. We need to get our CAS servers to accept autodiscover.domain2.com  connections from our clients. Their email addresses are john.doe@domain2.com,, etc... While their domain accounts are in domain1.com. The autodiscover website is not requiring SSL but we still get the certificate error when starting outlook, and are unable to download the OAB. Any help is appreciated, thanks.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ReeftankAuthor Commented:
Thanks for the quick response. i will check them out...
Jessie Gill, CISSPTechnical ArchitectCommented:
Does your SAN cert have all your domains in it. ie Autodiscover.domain1.com and Autodiscover.domain2.com
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

ReeftankAuthor Commented:
it doesn't but I removed the ssl as a test with the same results
ReeftankAuthor Commented:
This is still outstanding, anyone have any suggestions?
ReeftankAuthor Commented:
This is still an open issue
Glen KnightCommented:
For autodiscover to work for more than 1 primary domain then 1 of 2 things need to happen.

You either need to have autodiscover.domainname.com for every domain where domainname.com is the part after the @ in the primary email address


you need a external DNS provider that supports SRV records so that you can create an autodiscover SRV record for each domain that points to an A records that does exist in the SAN/UCC certificate.

There is no other way around this.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
if you want them to sign in with user@domain2.com, you just have to add in your DOMAIN1, a specific UPN as @domain2.com
You can do that uner "Domain and Trusts", in the options.

After that, edit each user account ain your domain1, that need to use @domain2 as auth. address, and select the new UPN for them.

The comments for autodiscover and the rest still are valid...
IMO,  the best option would be
Scenario 4: Using the Autodiscover Service with Redirection

 With this option, you install a single-name certificate on the Default Web Site and create another Web site that contains no certificate. Domain-connected clients continue to locate the Autodiscover service by using the SCP object and will not receive any security warnings as long as the URL for connecting to the Autodiscover service which is stored in the SCP object has been changed to refer to the FQDN of the certificate installed on the Default Web Site
Glen KnightCommented:
For that option to work you would need a second public IP address, it will also not stop the warning message the users will receive.
ReeftankAuthor Commented:
The issue is that domain1 and domain2 have the same set as reply address of domain1.com
When the outlook client tries to connect to autodiscover from each domain it connects to autodiscover.domain1.com
Glen KnightCommented:
Why do they have the same reply address? Surely domain2.com would have a reply address of domain2.com?
ReeftankAuthor Commented:
The company has multiple domains, domain1,2,3,4,5 etc.... The set as reply address is the same name for the entire Org. All of the compan's bu's have the same set as reply domain name. This decission was made by management not by IT
Glen KnightCommented:
so everyone has the same domain name set as their PRIMARY (the one in bold) for their mailboxes?
ReeftankAuthor Commented:
yes, the entire company has the set as reply address of domain1.com even though their domain may be domain2,3,4,5 etc... .com so there can only be one external DNS entry for autodiscover.domain1.com and it would point to that domain not the others.
Glen KnightCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.