Solved

Autodiscover Exchange 2013 -- Turn off Connect to proxy servers that have this principal name in their certificate

Posted on 2013-11-11
5
2,964 Views
Last Modified: 2013-11-14
Hi,

I am having issues with Exchange Server 2013. Autodiscover is checking the box (Only Connect To Proxy Servers That Have This Principal Name In Their Certificate). How can i disable this.

I have tried:
Set-OutlookProvider EXPR -CertPrincipalName none

but did not work.
0
Comment
Question by:harbz96
  • 2
  • 2
5 Comments
 
LVL 14

Expert Comment

by:Radweld
ID: 39641343
You have to specify a principle name otherwise how with the cert work?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39644516
What is the objective with wanting to disable the function?
If your SSL certificate is for host.example.com then fine. If it is for *.example.com then you can have problems, but usually only with Windows XP clients.

Outline the original issue, not what you believe is the fix.

Simon.
0
 

Author Comment

by:harbz96
ID: 39646125
Hi Simon.

Our certificate is for exchange.domain.com

But our proxy address is mail.domain.local

And it's looking for proxy address in certificate
0
 
LVL 14

Expert Comment

by:Radweld
ID: 39647304
Your certificate must have exchange.domain.com listed as a subject alternative name (SAN) entry or be the principle name (the default name) if the default is something else but contains the san entry you can Set-OutlookProvider EXPR -CertPrincipalName exchange.domain.com
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39647314
You need to reconfigure Exchange to use your public name everywhere. That includes changing the internal and external host name for OWA, ActiveSync, Outlook Anywhere etc. Use a split DNS system to ensure the name resolution goes the correct place.

There should be no reason to change the OutlookProvider value if you configure the host name in Outlook Anywhere correctly.

Internal server names are not allowed on SSL certificates that expire past November 2014, so the switch to split DNS using the external name needs to happen at some point, you may as well do so for a new implementation.

Simon.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now