yctech
asked on
Issue Connecting to Exchange 2010 From A Specific Internet Connection
My Boss is able to take his laptop to any internet connection and Outlook will successfully connect to our Exchange 2010 server - that is except for the connection at his house. For what it's worth his ISP is Bresnan. When he attempts to connect, a certificate error pops up (attached to this thread). The certificate error that pops up is issued to bresnan.net, Outlook should be pulling a certificate issued to our domain that we purchased from GoDaddy.
I have spent several hours on support calls with Microsoft, and they say it's an issue with Bresnan. I tried to get support from Bresnan, but they were even less help.
ssl-cert-error.jpg
I have spent several hours on support calls with Microsoft, and they say it's an issue with Bresnan. I tried to get support from Bresnan, but they were even less help.
ssl-cert-error.jpg
Looks like the ISP is trying to proxy the SSL traffic through their server or something. Try calling the support line and asking for a supervisor or network engineer.
Have you tried OWA if you are running it? Just to see if the SSL cert is correct with OWA.
ASKER
OWA works with no SSL cert error
Do you have a vpn you could try out to see if he has the same issue at home after connecting to it? That should wipe out bresnan.net from being the issue.
I'll bet if you look in his DNS search list on his home network it has bresnan.net.
What this does is appends bresnan.net to all DNS queries sent to the DNS server, then in what I consider a dumb airheaded move by any DNS admin, they added a wildcard CNAME record to the bresnan.net domain so when Outlook attempts to autoconfigure it hits the wildcard record and resolve like this: autoconfigure.Their_real_d omain.com. bresnan.ne t
See this:
QUESTION SECTION:
autoconfigure.Their_real_d omain.com. bresnan.ne t. IN A
ANSWER SECTION:
autoconfigure.Their_real_d omain.com. bresnan.ne t. 10800 IN CNAME bresnan.net.
bresnan.net. 2311 IN A 64.78.178.63
What this does is appends bresnan.net to all DNS queries sent to the DNS server, then in what I consider a dumb airheaded move by any DNS admin, they added a wildcard CNAME record to the bresnan.net domain so when Outlook attempts to autoconfigure it hits the wildcard record and resolve like this: autoconfigure.Their_real_d
See this:
QUESTION SECTION:
autoconfigure.Their_real_d
ANSWER SECTION:
autoconfigure.Their_real_d
bresnan.net. 2311 IN A 64.78.178.63
kdgoodknecht Good Catch not a good idea by bresnan.net.
ASKER
If I remember correctly, when doing an "ipconfig" it does show bresnan.net
Any way to work around this issue?
Any way to work around this issue?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok... got this problem resolved (or rather a workaround)
When I did an nslookup to our mail server - this was the output:
I then configured DNS setting for DHCP to assign Google's DNS servers (8.8.8.8 and 8.8.4.4)
Now it's resolving correctly but I still can't connect to our Exchange server with Outlook.
When doing an ipconfig I still show bresnan.net as the "connection-specific DNS suffix"
In the Advanced TCP/IP settings for his NIC I made the following change:
Now an ipconfig shows "yca.local" as the connection-specific DNS suffix and I am now able to connect to our Exchange server...
When I did an nslookup to our mail server - this was the output:
C:\Documents and Settings\hwilliamson>nslookup mail.ourmailserver.com
Server: blnmt001dns.ext.bresnan.net
Address: 69.145.248.4
*** blnmt001dns.ext.bresnan.net can't find mail.ourmailserver.com: Non-existe
nt domain
I then configured DNS setting for DHCP to assign Google's DNS servers (8.8.8.8 and 8.8.4.4)
C:\Documents and Settings\hwilliamson>nslookup mail.ourmailserver.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: mail.ourmailserver.com
Address: 65.xx.xxx.xxx
Now it's resolving correctly but I still can't connect to our Exchange server with Outlook.
When doing an ipconfig I still show bresnan.net as the "connection-specific DNS suffix"
In the Advanced TCP/IP settings for his NIC I made the following change:
Now an ipconfig shows "yca.local" as the connection-specific DNS suffix and I am now able to connect to our Exchange server...
Thanks for coming back and showing your solution, this will help other people that come across this problem with wildcard records mixed with the DNS suffix search list.