[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 119
  • Last Modified:

Hosted Exchange Autodiscover

Hi All,

We have a hosted exchange environment setup for a few of our customers but we are having issues with the auto discover service.

We have setup a CNAME record that points autodiscover.domain1 to autodiscover.ourdomain. and everything works except when we go to add another mailbox to Outlook (eg a shared mailbox like Sales/Support etc). The error " The name cannot be resolved. The name cannot be matched to a name in the address list" comes up. Also when Outlook loads they get a security error "The name on the security certificate is invalid or does not match the name of the site". We have a wildcard certificate so we can have anything.ourdomain. When you look at the error it is looking for autodiscover.domain1 on the certificate and not the resolved address.

When we take the CNAME away it removes the certificate error but as well as the other error the Out of Office says exchange is unavailable and downloading offline address book fails.

Each customer has their own GAL and address book policy.

If you need any other details let me know!

Thanks in advance, I've always found great advice on these forums!
0
PenMatt
Asked:
PenMatt
  • 2
  • 2
1 Solution
 
didnthaveanameCommented:
In order to do this you will need to setup a redirect.
So like this:

autodiscover.domain1 points to autodiscoverredirect.yourdomain.com
autodiscoverredirect then goes to an IIS web site that redirects you to autodiscover.yourdomain.com

A cname will just resolve autodiscover.domain1 to the same IP as your record not rewrite the URL like a redirect.  Because it doesn't rewrite the URL the cert will apear invalid.


Edit:

Here is a MS kb on setting up a redirect in IIS
http://technet.microsoft.com/en-us/library/cc770409(v=ws.10).aspx
0
 
Jon BrelieSystem ArchitectCommented:
Much easier to do it with an SRV record on the domain that points directly to your auto-discover address.  Then make sure that you do NOT have "autodiscover.<emaildomain>.com" resolve to anything.
0
 
PenMattAuthor Commented:
Hi,

Thanks for your replies.

Will the SRV record work with Outlook Anywhere when they are outside the environment and not on VPN?

Regards,
0
 
didnthaveanameCommented:
Indeed it will.  As long as its in public DNS.

The reason we went with the method i posted above over SRV records is we found some smaller DNS providers did not support SRV records. (this was awhile ago now so it may no longer be an issue) Then we were forced to migrate our customers DNS to another provider just to get autodiscover to work.

Didnt happen that often but it was enough where we moved away from SRV records.
0
 
Jon BrelieSystem ArchitectCommented:
Absolutely true that some registrars won't support SRV records.  So far, migrating the domain to another registrar hasn't been too big a deal.  Usually those that don't support SRV will have wonky DNS controls as well.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now