AJola
asked on
Microsoft Remote Connectivity Analyzer Pulling the wrong SSL certificate
When I do Microsoft Remote Connectivity Analyzer Test, It appears the test is pulling a SSL certificate from our main company website and not getting the cert from our exchange server. When I launch EMC, go to Server configuration, under Exchange certificates, I see the correct certificate.
Thanks,
Thanks,
ASKER
How do I check Randy?
What i am trying to resolve is "calender Sharing" for outside domain users. We have exchange 2010 and users are on outlook 2010.
Also attached is auto discover test result just for more information
Autodiscover-Issue.jpg
What i am trying to resolve is "calender Sharing" for outside domain users. We have exchange 2010 and users are on outlook 2010.
Also attached is auto discover test result just for more information
Autodiscover-Issue.jpg
If you have any Firewall or other app you should contact vendor to understand if it too works with Certs and how to update them
Also have you got the Autodiscover DNS record created
- Rancy
Also have you got the Autodiscover DNS record created
- Rancy
ASKER
Hi Rancy Yes I have the autodiscover DNS record created.
Attached is a pic, when i do the test for Autodiscover internally inside the domain and it's successful.
My concern is when I do the autodiscover test it's pulling a SSL certificate from our main company website and not getting the cert from our exchange server.
Our main website is hosted somewhere else.
Please Help!
Autodiscover-succed.png
Attached is a pic, when i do the test for Autodiscover internally inside the domain and it's successful.
My concern is when I do the autodiscover test it's pulling a SSL certificate from our main company website and not getting the cert from our exchange server.
Our main website is hosted somewhere else.
Please Help!
Autodiscover-succed.png
Sounds like you have a wildcard external DNS record. That'll break autodiscover every time. Fix hat and things should work. The remote connectivity analyzer tells younwhich DNS lookup returned the cert in its logs.
In you r example, the Autodiscover settings internally are being presented by a service connection point (SCP) this is an advertised service on a domain and not available externally. For that work the Autodiscover address must resolve to your exchange server, as the tests are retrieving a different severs details, this suggests Autodiscover isn't pointing to the correct server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Nope. The SRV record is the LAST method used, not the first. The SRV record is a completely legitimate approach, but if other DNS or SSL certificates are misconfigured, then the certificate prompt will still appear because the other methods will trigger it before thenSRV record is even queried.
yes you are right. there should be a plain A record for autodicover as well.
But it is only picking those up because there is some kind of wildcard DNS record, otherwise they would fail and the SRV record would kick in
But it is only picking those up because there is some kind of wildcard DNS record, otherwise they would fail and the SRV record would kick in
- Rancy