Link to home
Create AccountLog in
Avatar of Michael Leonard
Michael LeonardFlag for United States of America

asked on

exchange 2010 autodiscover question

simple question.

our company: running exchange 2010, acquires a company

we create new accounts for the "" employees on our exchange system, and would like them to keep their primary e-mail namespace:

how can we configure our Exchange / external DNS to allow the user to configure their outlook profiles with and not get a certificate pop-up since our namespace is: [without adding their namespace to our certificate]

how does office365 do it?
you can sign up with and they allow you to auto configure your outlook profile as

really appreciate any advice.

Avatar of M A
Flag of United States of America image

Did you try to configure

and what error you get when configuring?
I belive install Exchange in Multi Tenant mode for office 360 in order to host multiple exchange organization.

Know more about it at
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Michael Leonard


Alan, i've removed the external autodiscover record, and just have the SRV record as per that article.
when i try to autoconfigure the outlook profile with the acquired users primary email of: i get a "windows Security" pop-up box that says: "connecting to"  .. and the profile creation never completes.

I am able to complete the profile when connected via VPN to our internal network. But when trying to configure via Outlook Anywhere, using that e-mail, all i get is the windows security pop-up saying connecting to and never goes away.

any idea how to overcome this? we have about 200 users that will need to auto-configure exterenally on monday morning.

Don't forget that DNS needs some time to settle after changes are made.

When you added the SRV record, did you have one field or two fields to fill in for the service/protocol?

If just the one, you need to add "_autodiscover._tcp" to the field.

Have you flushed your DNS cache on your computer / server to make sure you pickup the latest DNS info?

Alan, seems to be working, but we needed to have the clients use the source namespace to setup the OA profile.

q:  is there anything we need to add for the activesync devices? those are getting a server connection failure, then after about 5min the mail starts to download.

havent encountered this before, very strange.
Devices usually take about 24 hours to pick up DNS changes, so I'd personally wait and let it settle before trying again.

If Activesync works for one domain, then it should work for the other domain too.  Does it work for
hi Alan, i have contol over SOA for that public zone and have dropped the TTL right down so changes are almost instant. however still seeing that "windows security" box come up when trying to autodiscover for ""
You will get a popup window.  Just accept and choose stop prompting.

Office 365 use a CNAME record that points to and in your case, providing that name is in your SSL certificate.

Never tried this as an alternative, but might not get the prompt as I don't get one and I am on Office 365 now as a Partner!!
right.. but is not in our SAN cert. so we need to use just the external .SRV record per your original recommendation. [which works great btw]

never seen this "windows security" box before, its not a full credential box, but like a partial credential box that says "windows security"
turns out if we click the "x" to close that intial pop-up box, the full credentials box comes up and all is good.

now just trying to find out how to prevent that initial popup, since if you dont close it, it will sit there indefinitely
What authentication have you got configured for Outlook Anywhere?  Basic or NTLM?
Basic authentication
thx Alan. advice on the SRV record did the trick. that security pop-up was resolved once i uninstalled KB2553248 from the outlook 2010 client workstations.