Autodiscover Service: DNS Entry?

Guys,
I am opening this question just to get a simplified steps which i need to work on.

Scenario:
I have 4 domains in the forest : NA-EUR-PAC-JPN
All except NA have got a SAN certificate for Exchange with the entry for : Autodiscover.Domain.com
In addition to that, each domain has their own webmail URL Like:

EUR: eurmail.doamin.com
PAC:pacmail.doamin.com
JPN:jpnmail.domain.com
NA: webmail.domain.com

however except eur, all domains are using webmail.domain.com for webmail

Having said that...
on the internal DNS server we have a entry for autodiscover in domain.com which is pointed to a CAS box in NA.domain.com , however we do not have any entry for autodiscover in the external DNS zone. Considering that we still have sometime to upgrade our certs to SAN in NA.
I believe creating an entry in the external DNS for autodiscover which inturn will point to : webmail.domain.com/autodiscover/autodiscover.xml , which is also set as internal URI for autodiscover for the domain, can resolve security cert warning issue.
.

I am not sure if i have put the description in correct or in more descriptive manner...
But i wanted to knwo what can i do to get rid of security cert errors.

Please do not provide me the ref. links.
I need suggestions on steps which i need to carry out in my environment.

I will try my best to explain the situation again if required....
amku03Asked:
Who is Participating?
 
endital1097Connect With a Mentor Commented:
you may want to read this
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3585-Exchange-Autodiscover-and-Web-Services-OOF-and-OAB.html

the portion you need to look at is the outlook selecting a service connection point and the -AutoDiscoverSiteScope setting
i think that will answer you autodiscover issue
0
 
michael_b_smithCommented:
Your suggestion sounds like the right idea; however, depending on your site configuration, you may suddenly find your users getting redirected to their local webmail servers (not necessarily a bad thing).

Have you run through www.testexchangeconnectivity.com and seen what it has to suggest?
0
 
amku03Author Commented:
endital, do you maintain any blog ??
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
endital1097Commented:
i just started and need to get it public
http://jimthemcp.blogspot.com
0
 
amku03Author Commented:
thanks for the ref. Will go through it and probably come back with some more questions for you or the forum....
0
 
endital1097Commented:
if your external dns server can handle srv records you have more options
http://support.microsoft.com/kb/940881
0
 
amku03Author Commented:
This is what I am looking to do ... SRV record in external DNS
This will be till the time we get a SAN cert.

Does this makes sense?
0
 
endital1097Commented:
exactly. create an srv that points to your webmail.domain.com A record
0
 
endital1097Commented:
internally you need to run
set-clientaccessserver CASname -AutodiscoverServiceInternalURI https://webmail.domain.com/Autodiscover/Autodiscover.xml

does not require the srv record internally
0
All Courses

From novice to tech pro — start learning today.