Autodiscover - Exchange 2010 Cert

In this Exchange 2010, when I view cert, on the General tab, in front of Issued To, I see only one name -- internal FQDN of server.

How may I view other names, if any, for which this cert may be valid?

Is autodiscover.domainname.com a requirement for Exchange 2010? We sure are having Connectivity Issues with Outlook 2010. Thanks.
LVL 3
AkulshAsked:
Who is Participating?
 
chakkoCommented:
Click the Details tab and then you will see more information.  It could be under Subject, or Subject Alternative Names area probably.
The autodiscover name should be there.  I think you can setup a DNS SRV record too if you don't have the autodiscover name.
0
 
kpa2011Commented:
you can use powershell to get the certificate details:

'Get-ExchangeCertificate' command to view all certificates in local store of the server.

Then copy the thumbprint of each of above listed certificate to get the detailed properties of each certificate where information regarding subject name, date, status, issuing authority, expire date and status and service attached are listed.

Get-ExchangeCertificate <thumbprint of the certificate> | fl

For you to use autodiscover, you need to have ceritificate issued to that service (autodiscover.domain.com) in SAN
0
 
AkulshAuthor Commented:
You both helped me make progress:
-- In GUI, in Details, under SUBJECT ALTERNATE NAME, I could see all names.
-- in PowerShell, with Get-ExchangeCertificate command, I could see names under CertificateDomains.

Thank you both.

Now, about the 2nd half of my question, which was:
Is cert for autodiscover.domainname.com a requirement for Exchange 2010 to work properly with Outlook 2010? Thanks.

0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
chakkoCommented:
yes.  you should have that name

If the autodiscover name is not in your SSL then you can use a DNS SRV record.

Take a look at this

http://support.microsoft.com/kb/940881

0
 
AkulshAuthor Commented:
Thanks.

I read that article. It keeps saying - The autodiscover record must be created in the contoso.com external DNS zone.

Not sure what "external' means here. This company does have different SMTP domain name (after @ in email address) than AD domain name. Does 'external" mean SMTP domain name that needs to be modifed in internal AD DNS servers, OR does 'external' mean SMTP domain name that needs to be modified only on external (public) non-AD DNS servers?

BTW, the internal users of Outlook 2010 are having problems. Thanks.
0
 
chakkoCommented:
If your outlook is outside of your Office (like a user at home) then it would access Public DNS servers, so you would need to create the DNS record on the Public DNS server for your domain.

Inside your office you should be accessing the Internal LAN DNS server so you should try to create the record on your Internal DNS server.

Of course, your public DNS and private LAN DNS servers could  be the same server, but it probably is not.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.