We help IT Professionals succeed at work.

Out Of Office restriction for domain name

Kenzii
Kenzii asked
on
Hi,
Currently our exchange server has multiple domains to send from, external email users originally were all part of Domain1.com. This has a SAN cert setup for OWA/Mail/Autodiscover

When trying to setup an out of office for Domain2.com Users receive an error saying unable to connect to the server, using test auto configuration, the results showed that domain2.com was trying to access autodiscover.domain2.com, ideally I don’t want to have to buy another SAN certificate, is there a work around to point all of domain2 queries to domain1?

Thanks
Comment
Watch Question

The only solution is in-place that you use self-signed certificates in your environment. Understand, this is the cheapest solution - but not for any device / computer that is non-domain joined, for example Iphone / IPAD / Home-connected-Laptops.

Read the articles for step by step solution

http://marckean.wordpress.com/2009/10/09/install-self-signed-exchange-2010-ssl-certificate/

http://www.tekcrack.com/creating-your-own-self-signed-sans-certificate-for-exchange-2010-and-iis-70-1of3.html

Regards,
Exchange_Geek
Oh and yes, you'll need the following SRV record to point to your second domain.

_autodiscover._tcp.domain2.com to point to your second CAS Server.

Regards,
Exchange_Geek

Author

Commented:
We only have the one CAS server.

So, would buying a domain2.com SAN and applying it to the same CAS server work?
OL is rather unbiased towards how many CAS Servers you have, it is a very stubborn child when it has to work towards Autodiscover and certificates - it simply understands the @domain2.com and its associated SRV and cert.

If it cannot find _autodiscover._tcp.domain2.com published OR A record for autodiscover.domain2.com - it will start crying. if that wasn't all, it will start crying for the certificate not having any of the following
autodiscover.domain2.com, webmail.domain2.com, CAS Server, CAS Fqdn.

OL 2003 was way better - it never used to cry so much.

Regards,
Exchange_Geek

Author

Commented:
Ok, I'm confused.

So the only way I can work around this is to have 2 seperate CAS servers?

Seem's a bit of a expensive solution just to allow external users of domain2 to be able to set out of office.

I was hoping worse case. That we could just buy the SAN certificate and create the a record for autodiscover.
Now, I am confused, Did i even mention two CAS Servers?

All you need is to have set of SAN records in ONE cert AND DNS Records pointing to correct IP Address - that is it. Thats all that i mentioned. Here's the deal.

If you have two email domains - yahoo.com and microsoft.com - so here is what you need

On your cert have the SAN (self-signed Cert OR SAN Cert)
autodiscover.yahoo.com
autodiscover.microsoft.com
webmail.yahoo.com
webmail.microsoft.com
CAS Server FQDN
CAS Server NETBIOS

That's ll.

Now w.r.t DNS
have SRV for _autodisover._tcp.yahoo.com to point to webmail.yahoo.com which in turn points to your external firewall which in turn points to your CAS Server AND
have SRV for _autodiscover._tcp.microsoft.com to point to webmail.microsoft.com which in turn points to your external firewall which in turn points to your CAS Server.

Does this refer to a second CAS box?

Regards,
Exchange_Geek

Explore More ContentExplore courses, solutions, and other research materials related to this topic.