?
Solved

Out Of Office restriction for domain name

Posted on 2012-08-16
6
Medium Priority
?
444 Views
Last Modified: 2012-08-23
Hi,
Currently our exchange server has multiple domains to send from, external email users originally were all part of Domain1.com. This has a SAN cert setup for OWA/Mail/Autodiscover

When trying to setup an out of office for Domain2.com Users receive an error saying unable to connect to the server, using test auto configuration, the results showed that domain2.com was trying to access autodiscover.domain2.com, ideally I don’t want to have to buy another SAN certificate, is there a work around to point all of domain2 queries to domain1?

Thanks
0
Comment
Question by:Kenzii
  • 4
  • 2
6 Comments
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38303020
The only solution is in-place that you use self-signed certificates in your environment. Understand, this is the cheapest solution - but not for any device / computer that is non-domain joined, for example Iphone / IPAD / Home-connected-Laptops.

Read the articles for step by step solution

http://marckean.wordpress.com/2009/10/09/install-self-signed-exchange-2010-ssl-certificate/

http://www.tekcrack.com/creating-your-own-self-signed-sans-certificate-for-exchange-2010-and-iis-70-1of3.html

Regards,
Exchange_Geek
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38303023
Oh and yes, you'll need the following SRV record to point to your second domain.

_autodiscover._tcp.domain2.com to point to your second CAS Server.

Regards,
Exchange_Geek
0
 

Author Comment

by:Kenzii
ID: 38303897
We only have the one CAS server.

So, would buying a domain2.com SAN and applying it to the same CAS server work?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38304034
OL is rather unbiased towards how many CAS Servers you have, it is a very stubborn child when it has to work towards Autodiscover and certificates - it simply understands the @domain2.com and its associated SRV and cert.

If it cannot find _autodiscover._tcp.domain2.com published OR A record for autodiscover.domain2.com - it will start crying. if that wasn't all, it will start crying for the certificate not having any of the following
autodiscover.domain2.com, webmail.domain2.com, CAS Server, CAS Fqdn.

OL 2003 was way better - it never used to cry so much.

Regards,
Exchange_Geek
0
 

Author Comment

by:Kenzii
ID: 38304117
Ok, I'm confused.

So the only way I can work around this is to have 2 seperate CAS servers?

Seem's a bit of a expensive solution just to allow external users of domain2 to be able to set out of office.

I was hoping worse case. That we could just buy the SAN certificate and create the a record for autodiscover.
0
 
LVL 33

Accepted Solution

by:
Exchange_Geek earned 2000 total points
ID: 38304159
Now, I am confused, Did i even mention two CAS Servers?

All you need is to have set of SAN records in ONE cert AND DNS Records pointing to correct IP Address - that is it. Thats all that i mentioned. Here's the deal.

If you have two email domains - yahoo.com and microsoft.com - so here is what you need

On your cert have the SAN (self-signed Cert OR SAN Cert)
autodiscover.yahoo.com
autodiscover.microsoft.com
webmail.yahoo.com
webmail.microsoft.com
CAS Server FQDN
CAS Server NETBIOS

That's ll.

Now w.r.t DNS
have SRV for _autodisover._tcp.yahoo.com to point to webmail.yahoo.com which in turn points to your external firewall which in turn points to your CAS Server AND
have SRV for _autodiscover._tcp.microsoft.com to point to webmail.microsoft.com which in turn points to your external firewall which in turn points to your CAS Server.

Does this refer to a second CAS box?

Regards,
Exchange_Geek
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month17 days, 3 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question