Autodiscover on a .local domain? (Exchange 2007) (.com vs. .local)

blueteam
blueteam used Ask the Experts™
on
Our domain on a Win 2008 server is domain.local...server name is server.domain.local

Does this mean that:

1) autodiscover.domain.local should be on the UCC certificate (as opposed to .com)?
2) Autodiscover should be looking for server.domain.local/autodiscover/autodiscover.xml (as opposed to .com)?

Right now, I have autodiscover.domain.com on the cert and in the configuration on the server - and Outlook 2007 cannot find the autodiscover file.  But if I browse to the .local version in IE, I get responses.

Is it possible to have autodiscover as a .local address - but still use other web services externally by mapping .com addresses to the .local services (i.e. OWA, Active-Sync)?

I also noticed that the autodiscover test in Outlook searches for a number of variations of the file name / domain name - is one preferred over the other or is it fine as long as it can find one of them? (i.e. "domain.com/autodiscover/autodiscover.xml" vs "autodiscover.domain.com/autodiscover/autodiscover.xml")
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Shreedhar EtteTechnical Manager
Top Expert 2010

Commented:
Post the output of the below command:
Get-ClientAccessServer | fl
Shreedhar EtteTechnical Manager
Top Expert 2010

Commented:
AkhaterSolutions Architect

Commented:
local computers when joined to the domain will use scp and not autodiscover dns record. So, unless u have a special case and ur internal computers are not joined to the domain, you dont need autodiscover.domain.local
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
shreedhar,

Name: Server
OutlookAnywhereEnabled: False
AutoDiscoverServiceCN: Server
AutoDiscoverServiceClassName: ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri: https://Server.domain.local/Autodiscover/Autodiscover.xml
AutoDiscoverGuid: ########-####-###..........
AutoDiscoverSiteScope: <Default-First-Site-Name>
IsValid: True
OriginatingServer: Server.domain.local
ExchangeVersion: 0.1
DistinguishedName: CN=Server, CN=Servers, CN........................
Identity: Server
..............
............


Akhater,

When I test Email AutoConfiguration from Outlook (domain PC):  

Attempting URL https://server.domain.local/Autodiscover/Autodiscover.xml found through SCP
Autodiscover to https://server.domain.local/Autodiscover/Autodiscover.xml starting
Autodiscover to https://server.domain.local/Autodiscover/Autodiscover.xml FAILED (0x80072F0C)
AkhaterSolutions Architect

Commented:
Well as you can see your test is usibg the scp (as i told you) and not the autodiscover record

Author

Commented:
It attempts a few different addresses afterward as well, but yea, SCP is first....but it looks like it still needs access to https://server.domain.local/Autodiscover/Autodiscover.xml", no?  Any idea why it fails to connect over SCP if these are all domain PCs?

AkhaterSolutions Architect

Commented:
What i mean is that the reason it is failing is not related to the autodiscover record.


Run test outlook autoconfiguration test again, select only autodiscover,  and go to the xml tab paste it here

Author

Commented:
It stays blank.
AkhaterSolutions Architect

Commented:
ah ok

open iis -> find the autodiscover virtual directory -> client certificate settings

can you share a screen shot

Author

Commented:
I'm in Server Manager > Roles > Web Server IIS > IIS Manager

Then under "Sites" > "Default Web Site" > "Autodiscover" directory


Where to from there?
AkhaterSolutions Architect

Commented:
something related to certificates most probably client certificate settings

Author

Commented:
When I highlight "AutoDiscover" in the directory tree, I see the following (attached):


WindowsServer.jpg
AkhaterSolutions Architect

Commented:
ssl settings

Author

Commented:
"Require SSL" checked
"Require 128-bit SSL" checked

"Client Certificates"
"Accept" selected
Solutions Architect
Commented:
that's what I thought, change the client settings to ignore and save then try again

Author

Commented:
Will this have any impact on other services I plan on implementing externally (i.e. ActiveSync, Outlook Web Access, etc.)?

I guess the thought process here is that I don't need users to identify themselves if they already have internal access?
AkhaterSolutions Architect

Commented:
no it will not affect anything

Author

Commented:
Great, that solved the SCP issue and everything is connecting - however, now I see two remaining issues - Offline Address Book will not sync and Out of Office is still unavailable.  For Outlook 2007 users, send/receive is hanging at 33%.

Do I need to change permissions on these folders as well?  I read through some things about opening up authentication and "ignoring" SSL for EWA and OAB (which I just set), but haven't resolved yet.

Author

Commented:

Author

Commented:
Having trouble finding the web.config file to modify permissions for the OAB - is it in the same GUI as the SSL settings?
AkhaterSolutions Architect

Commented:
Blueteam if the autodiscover issue was solved i will kindly ask you to close this thread and start another one.

I will gladly assist you again

Author

Commented:
Solved AutoDiscovery SCP connection, thanks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial