Solved

Microsoft Remote Connectivity Analyzer Pulling the wrong SSL certificate

Posted on 2013-06-24
11
721 Views
Last Modified: 2013-10-28
When I do Microsoft Remote Connectivity Analyzer Test, It appears the test is pulling a SSL certificate from our main company website and not getting the cert from our exchange server. When I launch EMC, go to Server configuration, under Exchange certificates, I see the correct certificate.

Thanks,
0
Comment
Question by:AJola
  • 2
  • 2
  • 2
  • +2
11 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 39271396
Is there some ISA or some Firewall still not updated with the new SSL cert ??

- Rancy
0
 

Author Comment

by:AJola
ID: 39271941
How do I check Randy?

What i am trying to resolve is "calender Sharing" for outside domain users. We have exchange 2010 and users are on outlook 2010.

Also attached is  auto discover test result just for more information
Autodiscover-Issue.jpg
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 39271972
If you have any Firewall or other app you should contact vendor to understand if it too works with Certs and how to update them

Also have you got the Autodiscover DNS record created

- Rancy
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:AJola
ID: 39275426
Hi Rancy Yes I have the autodiscover DNS record created.

Attached is a pic, when i do the test for Autodiscover internally inside the domain and it's successful.

My concern is when I do the autodiscover test it's pulling a SSL certificate from our main company website and not getting the cert from our exchange server.

Our main website is hosted somewhere else.

Please Help!
Autodiscover-succed.png
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39282308
Sounds like you have a wildcard external DNS record. That'll break autodiscover every time.  Fix hat and things should work. The remote connectivity analyzer tells younwhich DNS lookup returned the cert in its logs.
0
 
LVL 14

Expert Comment

by:Radweld
ID: 39282472
In you r example, the Autodiscover settings internally are being presented by a service connection point (SCP) this is an advertised service on a domain and not available externally. For that work the Autodiscover address must resolve to your exchange server, as the tests are retrieving a different severs details, this suggests Autodiscover isn't pointing to the correct server.
0
 
LVL 18

Accepted Solution

by:
irweazelwallis earned 500 total points
ID: 39283536
it certainly looks like creating an external autodiscover SRV record will do the trick as the testconnectivity will always look for that first. You might have to ask your ISP to set it up if you don't fully manage your own dns as most web consoles don't let you add SRV's


Service: _autodiscover
Protocol: _tcp
Port Number: 443
Host: mail.yourdomain.com
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39283548
Nope. The SRV record is the LAST method used, not the first. The SRV record is a completely legitimate approach, but if other DNS or SSL certificates are misconfigured, then the certificate prompt will still appear because the other methods will trigger it before thenSRV record is even queried.
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 39283592
yes you are right. there should be a plain A record for autodicover as well.
But it is only picking those up because there is some kind of wildcard DNS record, otherwise they would fail and the SRV record would kick in
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
Many people use more than one email account and so it becomes difficult for them to manage them when they use separate accounts,  so, in this article, I have shared an easy way to add Other Mail Accounts in your Google Inbox. It helps to combine all…
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question