• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 215
  • Last Modified:

Exchange certificate and webpage certificate conflict

Hello guys,
I have a correct certificate to my exchange server that works perfectly when connecting to /owa etc.
The problem is that when I try to use auto-discover in outlook, it tries domain.com first instead of mail.domain where the correct cert. is.
The domain.com uses another cert. to our secure webpage.
Is it possible to fix it, without adding the auto-discover entries in the other cert.
Thanks
0
macxpres
Asked:
macxpres
  • 4
  • 4
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
Internally it shouldn't be trying to connect to the root of the domain. It should go straight to the value configured within Exchange.

Externally it isn't possible to stop it trying to use the root of the domain, as that is a preconfigured value. Furthermore, mail.example.com isn't one of the names that it tries. Therefore you either need to ensure that you have autodiscover.example.com in the SSL certificate, or configure SRV records. http://semb.ee/srv
You will have to ensure that autodiscover.example.com doesn't resolve, so no wildcard entries in the DNS. It will still try and use it, but will time out.

Simon.
0
 
macxpresAuthor Commented:
I already have a srv-record that points to the mail server: mail.domain.com
0
 
Simon Butler (Sembee)ConsultantCommented:
Does Autodiscover resolve?

Simon.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
macxpresAuthor Commented:
Yes:
_autodiscover._tcp.domain.com resolves to mail.domain.com.
0
 
Simon Butler (Sembee)ConsultantCommented:
That wasn't what I meant.
Does autodiscover.example.com resolve anywhere?

Simon.
0
 
macxpresAuthor Commented:
Yes, it resolves to the exchange servers external IP.
0
 
Simon Butler (Sembee)ConsultantCommented:
That will be part of the problem.
If you are using SRV records and do not have autodiscover.example.com in the SSL certificate then you must ensure that autodiscover.example.com does not resolve anywhere. That will usually mean removing the entry from DNS and any wilkdcard in the DNS being removed as well.

Simon.
0
 
macxpresAuthor Commented:
Thanks for all your help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now