• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 476
  • Last Modified:

exchange 2010 autodiscover

So I recently bought a SSL cert to host my webmail.  After I installed the cert I started getting an error that says "the name on the security cert is invald or does not match the name of the site when I open outlook.  I called network solutions and they recomended that I purchase.  A Second Cert for autodiscover."mydomain".com  

How do I setup autodiscover to work correctly? and how do i configure exchange to use both certs?  autodiscover."mydomain".com" and webmail."mydomain".com.  Also do I have to set an external mx record for autodiscover?
0
reschete
Asked:
reschete
  • 2
  • 2
1 Solution
 
PadamdeepCommented:
If your users are not going to connect from Internet then you don't have buy any additional Certificate. Simply change the SCP to start with whatever Subject Name you have on certifcate and create an Internal DNS record.


But if your users are going to connect from Internet then you need to purchase certificate with additional name space.


Everytime you purchase a certificate, you need to be aware of all the Names spaces that you are going to use. As far as Exchange Server is concerned, following needs to be considered.

1. OWA Url
2. Active Url
3. OAB url
4. EWS Url

All the above URL can share the same name space. But if you decide to use different URLs then you need to include those.

Only thing which is going to be different is autodiscover. Because Outlook is hard coded to query certain queries for Autodiscover.

https://Autodiscover.Domain.com/autodiscover/autodiscover.xml is widely used. "Domain" in "Austodiscover.domain.com" is the SMTP address domain of user

I hope it helps.

~ Singh
0
 
rescheteAuthor Commented:
I have 2 certs purchased already.  One is being used by webmail.domain.com and the other I will need to configure.  When I go into the consol it looks like it gives me the address as

lamail3.domain.com not autodiscover.domain.com  I think i'm just confused at which name i should put for the cert
0
 
rescheteAuthor Commented:
or should i set my cert's name to be lamail3.domain.com/autodiscover/autodiscover.xml?
0
 
PadamdeepCommented:
You mean on certificate you see lamail3.domain.com? If that's the case then it's not going to work.

If SMTP address of your users is "lamail3.com" then you need to have a certificate with "autodiscover.lamail3.com".

Any reason for purchasing 2 different certificate and not a single SAN certificate with multiple domain names?

You can link one certificate at a time with IIS so that's the reason SAN certs are required.

You may be able to use 2 different certificate for IIS by creating another Website in IIS but I have never tried it.


~ Singh
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now