We help IT Professionals succeed at work.

Autodiscover - Multiple Accepted Email Address Policies

I have an Exchange 2010 SP1 Rollup5 setup.  It hosts 3 domains and has an SSL cert for those 3 domains.

I want to add 3 more companies, but I don't want to have to buy another SSL.  How can I get autodiscover and OFF to work without creating/paying for a new SSL everytime I add a company.

I tried creating a new site called AutodiscoverRedirection with a new virutal directory and have the http redirect set to http://mail.mydomain.com

But it didn't work. Here is the tech doc I am using:    http://technet.microsoft.com/en-us/library/ff923256.aspx



Comment
Watch Question

Network Administrator, Network Consultant
Top Expert 2011
Commented:
if you want to save money for certificate names , you should use external autodiscover
https://mail.domain.com/autodiscover/autodiscover.xml
instead of using
autodiscover.domain.com
so this possible but you need to modify client access server autodiscover URL

set-clientAccessServer -identity "server" -AutoDiscoverServiceInternalUri https://server.domain.local/autodiscover/autodiscover.xml

Set-AutodiscoverVirtualDirectory -InternalUrl https://server.domain.local/autodiscover/autodiscover.xml -ExternalUrl https://mail.domain.com/autodiscover/autodiscover.xml



and then you need to go to IIS -> application pool -> point to AutdiscoverApplicationPool -> right click then recycle
note that autodiscover directory should not be redirect to any ..
also one more important thing you must go to your domain administration(domain.com) to the website of the company that hosted domain go to domain management -> DNS , and check if there is SRV record , if there is SRV autodiscover.domain.com then delete it.
if you have 3 companies and 3 different domains i think you can use same certificate for all sites.
after finish you may need to use

www.testexchangeconnectivity.com
to test your domain ..
good luck

Maen Abu-Tabanjeh

Author

Commented:
Is there a way I can check what my settings are now before I go through these steps?
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
go to every exchange server run these commands and post here :

Get-OutlookAnywhere |fl
Get-ClientAccessServer |fl
Get-OutlookProvider |fl
Get-AutodiscoverVirtualDirectory |fl

i will follow up with you ... i will stay with you .. am here to help people :)
Alan HardistyCo-Owner
Top Expert 2011
Commented:
Forget the above - simply setup an SRV record for the other domains and point the record to a name included in your SSL certificate.

That way you can host multiple domains with a 5 domain name SSL cert.

http://support.microsoft.com/kb/940881

Author

Commented:

[PS] C:\Windows\system32>Get-OutlookAnywhere |fl

RunspaceId                      : 7c1d058f-37b2-47e8-9c6b-4b56446892f7
ServerName                      : KC-SV200
SSLOffloading                   : False
ExternalHostname                : mail.korcloud.net
ClientAuthenticationMethod      : Basic
IISAuthenticationMethods        : {Basic}

Get-ClientAccessServer |fl
XropUrl                         :
MetabasePath                    : IIS://KC-SV200.korcloud.local/W3SVC/1/ROOT/Rpc
Path                            : C:\Windows\System32\RpcProxy
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : KC-SV200
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
Name                            : Rpc (Default Web Site)
DistinguishedName               : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=KC-SV200,CN=Servers,CN=Exchange Adm
                                  inistrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=KorCloud,CN=Microsoft
                                   Exchange,CN=Services,CN=Configuration,DC=korcloud,DC=local
Identity                        : KC-SV200\Rpc (Default Web Site)
Guid                            : 8cd86aec-003b-401f-b1b1-8a39c299481c
ObjectCategory                  : korcloud.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged                     : 10/1/2011 4:26:45 PM
WhenCreated                     : 10/1/2011 4:26:30 PM
WhenChangedUTC                  : 10/1/2011 8:26:45 PM
WhenCreatedUTC                  : 10/1/2011 8:26:30 PM
OrganizationId                  :
OriginatingServer               : KC-DC2.client.korcloud.local
IsValid                         : True

Get-OutlookProvider |fl

RunspaceId           : 7c1d058f-37b2-47e8-9c6b-4b56446892f7
CertPrincipalName    :
Server               :
TTL                  : 1
OutlookProviderFlags : None
AdminDisplayName     :
ExchangeVersion      : 0.1 (8.0.535.0)
Name                 : EXCH
DistinguishedName    : CN=EXCH,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=KorCloud,CN=Microsoft Exchange,CN=Service
                       s,CN=Configuration,DC=korcloud,DC=local
Identity             : EXCH
Guid                 : b87bb15b-2392-4c69-87d9-1589e34048be
ObjectCategory       : korcloud.local/Configuration/Schema/ms-Exch-Auto-Discover-Config
ObjectClass          : {top, msExchAutoDiscoverConfig}
WhenChanged          : 9/20/2011 10:36:09 AM
WhenCreated          : 9/20/2011 10:35:56 AM
WhenChangedUTC       : 9/20/2011 2:36:09 PM
WhenCreatedUTC       : 9/20/2011 2:35:56 PM
OrganizationId       :
OriginatingServer    : KC-DC2.client.korcloud.local
IsValid              : True

RunspaceId           : 7c1d058f-37b2-47e8-9c6b-4b56446892f7
CertPrincipalName    :
Server               :
TTL                  : 1
OutlookProviderFlags : None
AdminDisplayName     :
ExchangeVersion      : 0.1 (8.0.535.0)
Name                 : EXPR
DistinguishedName    : CN=EXPR,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=KorCloud,CN=Microsoft Exchange,CN=Service
                       s,CN=Configuration,DC=korcloud,DC=local
Identity             : EXPR
Guid                 : 3df6524a-0c1c-4b97-b3af-a59504a9e43b
ObjectCategory       : korcloud.local/Configuration/Schema/ms-Exch-Auto-Discover-Config
ObjectClass          : {top, msExchAutoDiscoverConfig}
WhenChanged          : 9/20/2011 10:36:09 AM
WhenCreated          : 9/20/2011 10:35:56 AM
WhenChangedUTC       : 9/20/2011 2:36:09 PM
WhenCreatedUTC       : 9/20/2011 2:35:56 PM
OrganizationId       :
OriginatingServer    : KC-DC2.client.korcloud.local
IsValid              : True

RunspaceId           : 7c1d058f-37b2-47e8-9c6b-4b56446892f7
CertPrincipalName    :
Server               :
TTL                  : 1
OutlookProviderFlags : None
AdminDisplayName     :
ExchangeVersion      : 0.1 (8.0.535.0)
Name                 : WEB
DistinguishedName    : CN=WEB,CN=Outlook,CN=AutoDiscover,CN=Client Access,CN=KorCloud,CN=Microsoft Exchange,CN=Services
                       ,CN=Configuration,DC=korcloud,DC=local
Identity             : WEB
Guid                 : 9822b39d-8852-4bac-ac98-549b55425434
ObjectCategory       : korcloud.local/Configuration/Schema/ms-Exch-Auto-Discover-Config
ObjectClass          : {top, msExchAutoDiscoverConfig}
WhenChanged          : 9/20/2011 10:36:09 AM
WhenCreated          : 9/20/2011 10:35:56 AM
WhenChangedUTC       : 9/20/2011 2:36:09 PM
WhenCreatedUTC       : 9/20/2011 2:35:56 PM
OrganizationId       :
OriginatingServer    : KC-DC2.client.korcloud.local
IsValid              : True

Get-AutodiscoverVirtualDirectory |fl
[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory |fl


RunspaceId                      : 7c1d058f-37b2-47e8-9c6b-4b56446892f7
Name                            : Autodiscover (Default Web Site)
InternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods   : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdSpNegoAuthentication      : False
WSSecurityAuthentication        : True
LiveIdBasicAuthentication       : False
BasicAuthentication             : True
DigestAuthentication            : False
WindowsAuthentication           : True
MetabasePath                    : IIS://KC-SV200.korcloud.local/W3SVC/1/ROOT/Autodiscover
Path                            : C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags         : {}
ExtendedProtectionSPNList       : {}
Server                          : KC-SV200
InternalUrl                     :
ExternalUrl                     :
AdminDisplayName                :
ExchangeVersion                 : 0.10 (14.0.100.0)
DistinguishedName               : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=KC-SV200,CN=Servers,CN=Exc
                                  hange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=KorCloud,CN=
                                  Microsoft Exchange,CN=Services,CN=Configuration,DC=korcloud,DC=local
Identity                        : KC-SV200\Autodiscover (Default Web Site)
Guid                            : b9752d33-5334-4471-9536-d09f003b4ed6
ObjectCategory                  : korcloud.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                     : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                     : 9/20/2011 10:36:09 AM
WhenCreated                     : 9/20/2011 10:35:54 AM
WhenChangedUTC                  : 9/20/2011 2:36:09 PM
WhenCreatedUTC                  : 9/20/2011 2:35:54 PM
OrganizationId                  :
OriginatingServer               : KC-DC2.client.korcloud.local
IsValid                         : True
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011
Commented:
ok , simply you need to set the virtual directory autodiscovery :

Set-AutodiscoverVirtualDirectory -identity "Autodiscover (default Web site)" -InternalUrl https://KC-SV200.korcloud.local/autodiscover/autodiscover.xml -ExternalUrl https://mail.korcloud.net/autodiscover/autodiscover.xml

set-ClientAccessServer -Identity "KC-SV200" -AutoDiscoverServiceInternalUri https://KC-SV200.korcloud.local/autodiscover/autodiscover.xml

go to IIS , the application pool -> right click on MSExchangeAutodiscoverAppPool -> recycle
then restart IIS ..

test your email here :

www.testexchangeconnectivity.com
choose RPC over HTTP and post result here .. don't this website is trusted its for microsoft.

good luck
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
and check that autodiscover directory is not redirected to any address , just untick the redirection
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
hey alan the man said that he did not buy certificate for autodiscover ,he did that for 3 domains with no autodiscover
Alan HardistyCo-Owner
Top Expert 2011

Commented:
I have a 5 Domain Name SSL cert from a trusted source and have about 65 Domain Names happily using AutoDiscover from that one certificate using SRV records.

Cert cost me $180 for 3 years and everyone is happy.

Author

Commented:
In my SSL I do have autodiscover included.

DNS Name: mail.korcloud.net
DNS Name: www.mail.korcloud.net
DNS Name: kc-sv200.korcloud.local
DNS Name: autodiscover.kotoritechnologies.com
DNS Name: autodiscover.maybankandbeckham.com
DNS Name: autodiscover.asassystitch.com

If I do the commands below, will the users on the exchange server experience downtime or does this need to be done after hours.  I know resetting IIS will cause a glitch.

ok , simply you need to set the virtual directory autodiscovery :

Set-AutodiscoverVirtualDirectory -identity "Autodiscover (default Web site)" -InternalUrl https://KC-SV200.korcloud.local/autodiscover/autodiscover.xml -ExternalUrl https://mail.korcloud.net/autodiscover/autodiscover.xml

set-ClientAccessServer -Identity "KC-SV200" -AutoDiscoverServiceInternalUri https://KC-SV200.korcloud.local/autodiscover/autodiscover.xml

go to IIS , the application pool -> right click on MSExchangeAutodiscoverAppPool -> recycle
then restart IIS ..

test your email here :

www.testexchangeconnectivity.com
choose RPC over HTTP and post result here .. don't this website is trusted its for microsoft.
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
keep the internalURL as it is but change external one :

-ExternalUrl https://autodisover.korcloud.net/autodiscover/autodiscover.xml

did you check your domain if its have SRV record on DNS? i mean your external Domain korcloud.net
you need to login to godady because its your domain host and go to domain management the go to DNS check if you have SRV record , if its not , add SRV type _tcp name autodiscover.korcloud.net

Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
oops , wait a second , you don't have autodiscover.korcloud.net , so you must change the plan , something wrong with certificate you have only "www.mail.korcloud.net" , and mailkorclould.net , you must modify the certificate , you must have the domain korcloud.net on your alternative names.
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
here is the problem , you have mail.korcloud.net , but you don't have the root "korcloud.net"  , or autodiscover.korcloud.net
Alan HardistyCo-Owner
Top Expert 2011

Commented:
korcloud.net isn't necessary.

If you want other domains to resolve Autodiscover correctly, create an SRV record for each of those domains Externally and point them to something like mail.korcloud.net then Autodiscover will work without having to change / buy a new SSL certificate.
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
thank you for advice alan , so is there anything he need to do on configuration of IIS and autodiscover directory?
Alan HardistyCo-Owner
Top Expert 2011

Commented:
When I install a cert - I follow the wizard to request it, request the cert, approve the cert, download it, import it, enable it and walk away.  No tweaking of Exchange is needed to get it to work.

If things have been changed, or the wizard has not been followed, then that might cause issues and tweaking might be necessary.

Also - if the wrong information was used when running the wizard, then Exchange won't be 100% happy.