LSeven
asked on
Exchange 2010, Autodiscover, CName record, Name Mismatch issue
So I searched for a while and can't seem to find an answer that applies to me through here or even with my best google-fu.
My issue is as follows:
I have an Exchange 2010 server that hosts a few dozen completetly different domains. At one point I used to add those domains to a UCC cert. I would add autodiscover.domain.com to the certificate plus the DNS record for autodiscover.domain.com to point at my CAS server. Everything worked great.
One day I found that Office 365 was using a simple CName record to redirect autodiscover.domain.com to autodiscover.outlook.com. For those Office 365 hosted exchange users, they worked great. I have never seen a certificate name mismatch prompt on their side.
Here is where I am at now:
I have setup the same CName record of autodiscover.domain.com and pointed it at my Exchange 2010 CAS server. The cname entry for autodiscover.domain.com is to my external, let's call it, autodiscover.hosted.com. That autodiscover.hosted.com name is on my SSL certificate. Autodiscover tests from testexchangeconnectivity.c
HOWEVER, I continue to get a prompt about a name mistmatch. Running the autodiscover test from Outlook returns all expected values. There isn't an internal (.local) URL entry there.
I suppose finally, my question is how to resolve this. I have found 3 or 4 references here that were of no help. Adding them to the UCC defeats the purpose as the ease of usage is missing when I had new domains, which I do frequently.
My issue is as follows:
I have an Exchange 2010 server that hosts a few dozen completetly different domains. At one point I used to add those domains to a UCC cert. I would add autodiscover.domain.com to the certificate plus the DNS record for autodiscover.domain.com to point at my CAS server. Everything worked great.
One day I found that Office 365 was using a simple CName record to redirect autodiscover.domain.com to autodiscover.outlook.com. For those Office 365 hosted exchange users, they worked great. I have never seen a certificate name mismatch prompt on their side.
Here is where I am at now:
I have setup the same CName record of autodiscover.domain.com and pointed it at my Exchange 2010 CAS server. The cname entry for autodiscover.domain.com is to my external, let's call it, autodiscover.hosted.com. That autodiscover.hosted.com name is on my SSL certificate. Autodiscover tests from testexchangeconnectivity.c
HOWEVER, I continue to get a prompt about a name mistmatch. Running the autodiscover test from Outlook returns all expected values. There isn't an internal (.local) URL entry there.
I suppose finally, my question is how to resolve this. I have found 3 or 4 references here that were of no help. Adding them to the UCC defeats the purpose as the ease of usage is missing when I had new domains, which I do frequently.
Cliff Galiher
There is no way around it. The certificate name must match the domain name that Outlook uses. CNAME records *do NOT* redirect. They provide an alternate name, but if you use that alternate name then the certificate must still contain that alternate name.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sembee2, thanks for the response. I will try this out and see how I fair.
ASKER
Sembee2, are you saying for every O365 Hosted Exchange solution they offer, MSFT uses a completely unused (HTTP/HTTPS) IP address?!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It seems a srv record works as expected. Add in a note to tell them to uncheck the pop up box is, while not the cleanest, probably the easiest solution.