Link to home
Start Free TrialLog in
Avatar of yctech
yctech

asked on

Issue Connecting to Exchange 2010 From A Specific Internet Connection

My Boss is able to take his laptop to any internet connection and Outlook will successfully connect to our Exchange 2010 server - that is except for the connection at his house.  For what it's worth his ISP is Bresnan.  When he attempts to connect, a certificate error pops up (attached to this thread).  The certificate error that pops up is issued to bresnan.net, Outlook should be pulling a certificate issued to our domain that we purchased from GoDaddy.

I have spent several hours on support calls with Microsoft, and they say it's an issue with Bresnan.  I tried to get support from Bresnan, but they were even less help.
ssl-cert-error.jpg
Avatar of Member_2_4940386
Member_2_4940386
Flag of United States of America image
Looks like the ISP is trying to proxy the SSL traffic through their server or something.  Try calling the support line and asking for a supervisor or network engineer.
Avatar of steinmto
steinmto
Flag of United States of America image
Have you tried OWA if you are running it?  Just to see if the SSL cert is correct with OWA.
Avatar of yctech
yctech

ASKER

OWA works with no SSL cert error
Avatar of steinmto
steinmto
Flag of United States of America image
Do you have a vpn you could try out to see if he has the same issue at home after connecting to it?  That should wipe out bresnan.net from being the issue.
Avatar of kdgoodknecht
kdgoodknecht
I'll bet if you look in his DNS search list on his home network it has bresnan.net.
What this does is appends bresnan.net to all DNS queries sent to the DNS server, then in what I consider a dumb airheaded move by any DNS admin, they added a wildcard CNAME record to the bresnan.net domain so when Outlook attempts to autoconfigure it hits the wildcard record and resolve like this: autoconfigure.Their_real_domain.com.bresnan.net
See this:
QUESTION SECTION:
autoconfigure.Their_real_domain.com.bresnan.net.         IN      A      

ANSWER SECTION:
autoconfigure.Their_real_domain.com.bresnan.net. 10800   IN      CNAME   bresnan.net.
bresnan.net.            2311    IN      A       64.78.178.63
Avatar of steinmto
steinmto
Flag of United States of America image
kdgoodknecht Good Catch not a good idea by bresnan.net.
Avatar of yctech
yctech

ASKER

If I remember correctly, when doing an "ipconfig" it does show bresnan.net

Any way to work around this issue?
ASKER CERTIFIED SOLUTION
Avatar of kdgoodknecht
kdgoodknecht
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of yctech
yctech

ASKER

Ok... got this problem resolved (or rather a workaround)

When I did an nslookup to our mail server - this was the output:
C:\Documents and Settings\hwilliamson>nslookup mail.ourmailserver.com
Server:  blnmt001dns.ext.bresnan.net
Address:  69.145.248.4

*** blnmt001dns.ext.bresnan.net can't find mail.ourmailserver.com: Non-existe
nt domain

Open in new window


I then configured DNS setting for DHCP to assign Google's DNS servers (8.8.8.8 and 8.8.4.4)

C:\Documents and Settings\hwilliamson>nslookup mail.ourmailserver.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    mail.ourmailserver.com
Address:  65.xx.xxx.xxx

Open in new window


Now it's resolving correctly but I still can't connect to our Exchange server with Outlook.

When doing an ipconfig I still show bresnan.net as the "connection-specific DNS suffix"
 User generated image
In the Advanced TCP/IP settings for his NIC I made the following change:
 
 User generated image
Now an ipconfig shows "yca.local" as the connection-specific DNS suffix and I am now able to connect to our Exchange server...
Avatar of kdgoodknecht
kdgoodknecht
Thanks for coming back and showing your solution, this will help other people that come across this problem with wildcard records mixed with the DNS suffix search list.