Problem with Exchange 2007 & Autodiscover

Hello,

I renewed my SSL certificate for the webmail of Exchange 2007 Server which is correctly installed. OWA is working with the right certificate (webmail.xxxx.XX).
But when users start Outlook they got a error with autodiscover (autodiscover.xxxx.XX).
(autodiscover.xxxx.XX - Error : the name on the certificate is invalid or does not match with the name of the site).

Do I need to buy a second certificate ?  Or is it possible to change the name of the autodiscover with webmail.xxxx.XX ?
SA-ITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jaroslav MrazCTOCommented:
Hi,

yes you can have difrent out and dufrent internaly

http://www.msexchange.org/articles-tutorials/exchange-server-2007/management-administration/configuring-exchange-server-2007-web-services-urls.html


but as advanced

and I sugest to use the same EXTERNAL URL from inside and from outside becouse its easy when users are out of the netwrk you just need to reate local DNS records for your outside domain.
0
TMekeelCommented:
Is the cert you renewed UCC?  Does it have autodiscover.yourdomain.com on it?
Is the cert that you are getting the error on the old one (you applied the new one to SMTP, IIS, and whatever other services?)
0
SA-ITAuthor Commented:
The last certificate was an UCC but it was not more necessary to get it for multiple sub domain.  We only need it for OWA (webmail.xxxxx.XX)

When I execute the command :  Get-ClientAccessServer | Select Name, *Internal* | fl
I get the correct link : https://webmail.xxxx.XX/autodiscover/autodiscover.xml

But I still get in outlook "autodiscover.xxxx.XX"
How can I change the name of autodiscover ?

(I applied the new certificate to SMTP, IIS, IMAP,...)
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Mahesh SharmaCommented:
Create a Cname record for autodiscover.domain.com pointing to webmail.domain.com

Check this as well:
http://support.microsoft.com/kb/2783881
0
Jaroslav MrazCTOCommented:
For corect working you must have internal and external too.

You have certificate pointing to outside domain SOMETHING.COM no SOMETHING.local

so is best for you to change internal and external urls of all servisces to external URL webmail........  and create record in dns A  pointing to your WAN IP

becouse usualy there is no problem with autodiscover but problem is that exchange server is pointing to local domain and certificate conatins only external DNS names.

And of coure in certificate you must have whole domain names.
0
SA-ITAuthor Commented:
I changed the CNAME to point to webmail.xxxx.XX in stead of the old one but I still get an error in Outlook....

the url "webmail.xxxx.XX" is pointing to the IP of the local server for internal.  For external the url is redirecting to the WAN ip adress...  SO it's both working...
0
SA-ITAuthor Commented:
The problem with autodisover only appears on the domain at Outlook startup.
When users connect from Interned, there is no error...
0
Jaroslav MrazCTOCommented:
Yes and that is becouse you have certificate valid FDQN name on WAN.

webmail.domain.com and from outlook you try to conect webmail.domain.local but this name is not in your certificate so the error shows the problem.

If you change your internal URLs in exchange to webmail.domain.com everything will be ok from inside and outside.
0
SA-ITAuthor Commented:
No my certificate is valid for webmail.XXXX.xx which is used on local & Wan.
It'is the same subdomain...
0
Jaroslav MrazCTOCommented:
ok so same name

then use this 7 commands and check if every internal and external name is corect with certificate

http://exchangeshell.wordpress.com/2009/10/17/exchange-2007-internal-and-external-url-urls-autodiscover-availability-imap-pop3-oof-oab/
0
SA-ITAuthor Commented:
It seems to be OK....

Get-ClientAccessServer | fl Id*,
*uri*


Identity                       : "ExchangeServer"
AutoDiscoverServiceInternalUri : https://webmail.XXX.xx/autodiscover/autodiscover.xml
0
SA-ITAuthor Commented:
It seems to be ok => I want to say the result of the command seems to be OK :)
0
Jaroslav MrazCTOCommented:
Of course :D Iam just thinking you can use https://testconnectivity.microsoft.com to test maybe more details.

Its microsoft debug tool. You can make chname on Webhosting DNS but you tel that from outside is no problem.

Hmm when you open outlook - accounts  do you have the corect webmail.xxxx.xx there as exchange server?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SA-ITAuthor Commented:
The url still appers when I use the debug tool : https://autodiscover.xxxx.XX/AutoDiscover/AutoDiscover.xml

But the result of the command is ok.... I don't understand...

Get-ClientAccessServer | fl Id*,
*uri*
AutoDiscoverServiceInternalUri : https://webmail.XXX.xx/autodiscover/autodiscover.xml
0
TMekeelCommented:
Are you using Outlook 2007 and a GoDaddy cert?
XP clients?

You might have to update roots on them if so.
http://www.microsoft.com/en-us/download/details.aspx?id=38918
0
SA-ITAuthor Commented:
Problem solved by deleting the Autodiscover CNAME record in DNS Zone.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.