Windows SBS 2011 / Exchange 2010, change listening port of OWA and keep autodiscover working

I have a situation where i can't get my autodiscover to work for some reason.
I have a Windows Small Business Server 2011 Standard wich contains Exchange 2010 offcourse.

I need to adjust the listening port of my OWA, because the default HTTPS port is used for a primary application.

So i found wizards and read alot about it and i have managed to change the port to 3500.

When i go to the url: https://remote.companyname.com:3500/owa everything looks great and my multidomain certificate is working and it looks great.

But for some reason when i start Outlook, Outlook pops up a message about my certificate and the first 2 checkmarks are ok, but the 3rd isn't.

When i view the certificate the name corresponding in that certificate is one i can't find in my Exchange Management Console at the certificate overview and i think this one is from the company where the first SSL certificate is from, wich i used last year.

When i do a connection test in with my outlook i receive an error 0x80004005.

Anyone who has the time and would like do the effort to help me with the last piece to get this up and running?
RemcoViCEOAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
By definition, autodiscover works by using defaults so the "auto" part can kick in. By changing your setup to a manual port, you inherently broke autodiscover.

The proper solution to your issue is to run a second application server (ALWAYS recommended) and if external access is required, have two public IPs and publish the app using a reverse proxy. This keeps your configuration clean, secure, industry standard, resolves port conflicts, and if you virtualze. Actually gives you better server utilization resulting in lower overall costs in energy and performance.

-Cliff
0
RemcoViCEOAuthor Commented:
True, but in this case i have no choice. The application stealing my HTTPS is their core application and they want to use OWA for synching with their mobile 2.

Getting an internet connection with multiple IP adresses is not possible on that location, so i have no choice.

So any idea how to get this up and running?

Other solution is Port Redirection in my router, but i don't think OWA accept it when i redirect an external port 3500 to an internal 443 port and everything will still keep working.
0
Cliff GaliherCommented:
It simply cannot be done. They want two contradictory goals. They might as well asks you to make their servers run MS-DOS since there are fewer viruses for that OS, but they want all their 64-bit windows 2008 R2 programs to keep working in that DOS environment.

Sometimes the hardest job of an IT pro is telling the boss/client that they have to make a choice. If you cannot build the environment they want or they are unwilling to orovide the resources for it, then they have to choose which features and functions get dropped. That is the position you now find yourself in.

-Cliff
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

RemcoViCEOAuthor Commented:
I think i need to make a new question or maybe you could help me.
The only solution i have is changing the external port of my Citrix Fundamentals environment.

Is this possible?

Because then i could use this internet connection for the replies above and then i can change the port 3500 back to 443.
0
Cliff GaliherCommented:
Last I checked  that also cannot be done. The problem lies in that many mobile apps do not allow you to define the port on the client side. Apple's implementation of ActiveSync, for example, just uses 443.

Similarly  the Citrix receiver apps on Android and Apple devices make similar assumptions.

this is a trend in mobile device computing. They are making these devices to be "consumer" friendly so geek options and lots of configuration choices that can break a setup have been stripped away.

For setups such as yours, they expect you to use multiple public IPs. I'd honestly shop around. I was able to upgrade my residential ISP account to a business account last month, kept all my speeds the same, went from one dynamic IP to 5 static IPs, and costs me $5 more per month.

As IPv6 picks up steam and broadband access becomes more prevalent, even in more rural areas of developed countries, pricing for multiple IPs has plummeted in the last year. I'd strongly encourage you to revisit that option.

-Cliff
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RemcoViCEOAuthor Commented:
I though i had replied this message, but appearantly not.

Thanks for you advice and the customer is waiting for a fiber connection wich will come standard with multiple IP adresses.

Again thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.