Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 205
  • Last Modified:

Exchange certificate and webpage certificate conflict

Hello guys,
I have a correct certificate to my exchange server that works perfectly when connecting to /owa etc.
The problem is that when I try to use auto-discover in outlook, it tries domain.com first instead of mail.domain where the correct cert. is.
The domain.com uses another cert. to our secure webpage.
Is it possible to fix it, without adding the auto-discover entries in the other cert.
Thanks
0
macxpres
Asked:
macxpres
  • 4
  • 4
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
Internally it shouldn't be trying to connect to the root of the domain. It should go straight to the value configured within Exchange.

Externally it isn't possible to stop it trying to use the root of the domain, as that is a preconfigured value. Furthermore, mail.example.com isn't one of the names that it tries. Therefore you either need to ensure that you have autodiscover.example.com in the SSL certificate, or configure SRV records. http://semb.ee/srv
You will have to ensure that autodiscover.example.com doesn't resolve, so no wildcard entries in the DNS. It will still try and use it, but will time out.

Simon.
0
 
macxpresAuthor Commented:
I already have a srv-record that points to the mail server: mail.domain.com
0
 
Simon Butler (Sembee)ConsultantCommented:
Does Autodiscover resolve?

Simon.
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
macxpresAuthor Commented:
Yes:
_autodiscover._tcp.domain.com resolves to mail.domain.com.
0
 
Simon Butler (Sembee)ConsultantCommented:
That wasn't what I meant.
Does autodiscover.example.com resolve anywhere?

Simon.
0
 
macxpresAuthor Commented:
Yes, it resolves to the exchange servers external IP.
0
 
Simon Butler (Sembee)ConsultantCommented:
That will be part of the problem.
If you are using SRV records and do not have autodiscover.example.com in the SSL certificate then you must ensure that autodiscover.example.com does not resolve anywhere. That will usually mean removing the entry from DNS and any wilkdcard in the DNS being removed as well.

Simon.
0
 
macxpresAuthor Commented:
Thanks for all your help
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now