• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 516
  • Last Modified:

Exchange 2007 hosted problem

Hello everyone..

I have an odd issue,  I host exchange services for a couple of small businesses.  Everything has been working fine - even the address book isolation has been working (an article I had followed previously found here on EE - a little complicated, but it works).  Anyhow, here's my problem.  First consider this:

** The microsoft exchange connectivity tester says my installation passes with no errors.

So, what's happened is this..  I host exchange for a domain.  We'll call it hosted.com.  My exchange server is setup with a certificate.  We'll call that URL mail.server.com.  I've setup the DNS so that a SRV record points the _autodiscover to mail.server.com.  It's been working fine, until the certificate for www.hosted.com expired.  Now outlook says that www.hosted.com is expired or invalid, even though the web URL that outlook uses to connect has nothing to do with www.hosted.com.  The SRV record points to mail.server.com, and it works.  They are just dismissing the cert warning now and still receiving email, but this is annoying.

Autodiscover tests and connectivity tests using MS's exchange connectivity tester PASS.  What's going on here?  Why is outlook checking the cert on www.hosted.com instead of just being happy with my perfectly good cert on mail.server.com?

Thanks, and prompt solutions are very much appreciated!

 - Tim
  • 3
1 Solution
TimFarrenAuthor Commented:
I seem to have solved my own problem, although I still don't understand what was making this particular issue tick.  To resolve the issue, I conctacted HostMonster who hosts our web content (not our exchange server solution, WEB only) and asked them to remove the certificate which had expired from www.theirsite.com.  After they did this, outlook quit complaining about it.  We didn't need a certificate on that site anyway.  On my end, my certificate is still good, and I'm hosting their exchange, AND the domain name referenced in the exchange setup is DIFFERENT than their email domain.  This scenario is what has me confused to begin with.  I have no idea why outlook 2007 was trying to test the validity of a certificate which isn't even referenced anywhere in the setup apart from the fact that it matches their email domain name.

To clarify.. their email domain is Joe@theirdomain.com
My exchange server, which has a valid cert, is mail.hostedexchange.com  (examples only)
theirdomain.com has an SRV record which points _autodiscover to mail.hostedexchange.com.

Autodiscover had been working perfectly, mail connects and works.. just.. why did it care about the certificate for their mail domain?  And further, once the certificate was removed - why didn't it care anymore?  I'd call this a bug.  Anyone?
since you are hosting the client is going to attempt to connect to autodiscover using the smtp domain name, say the address is alias@contoso.com
the client is going to attempt to connect to https://contoso.com/autodiscover/autodiscover.xml first
if that connection fails it will attempt https://autodiscover.contoso.com/autodiscover/autodiscover.xml
if that connection fails it will attempt an SRV lookup for autodiscover.contoso.com and use that result

one of those other attempts must have worked before the SRV lookup
TimFarrenAuthor Commented:
Found the answer myself.
TimFarrenAuthor Commented:

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now