Solved

Change autodiscover so it uses proper https/proxy settings

Posted on 2013-11-25
6
3,032 Views
Last Modified: 2013-12-11
Hi There,

I recently set up a brand new Exchange 2013 environment. Outlook is configured using autodiscover. Outlook 2013 works just fine, but for some reason I get this error using Outlook 2010r:

There is a problem with the proxy server's security certificate. The name on the security ticket is invalid or does not match the name of the target site [FQDN].

So, in my SSL cert I do have my server's FQDN, but if I check the exchange proxy settings I see the proxy server as https://server.sub.domain.com and the principal name as msstd:server.sub.domain.com

The principal name in my SAN cert is actually what I intended to use for all of my external URLs for the virtualdirectories, which is https://mail.domain.com

My question: How do I get autodiscover to use my principal name in my SAN SSL Cert, which is what I want to use, which is https://mail.domain.com instead of the FQDN of the server? Where can I make that change?

Cheers!
0
Comment
Question by:mmahelpdesk
  • 4
  • 2
6 Comments
 
LVL 1

Author Comment

by:mmahelpdesk
ID: 39676645
I guess I need to find out something like this for Exchange 2013. I'll see if I can find some documentation for Exchange 2013.

http://technet.microsoft.com/en-us/library/aa998424(v=exchg.80).aspx
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39677271
You need to ensure that your public name resolves internally via split DNS.
Then change the internal and external URLs to match. That will be on all Outlook Anywhere and the EWS, OWA, ActiveSync virtual directories, plus the Autodiscover value on set-clientaccessserver.

My Exchange 2010 article outlines what needs to be changed - it is the same thing in Exchange 2013 via PowerShell. http://semb.ee/hostnames

Simon.
0
 
LVL 1

Author Comment

by:mmahelpdesk
ID: 39679516
This looks glorious, thanks for the reply. I'll be making these changes tonight when everyone is asleep thinking about turkey. I'll let you know how it goes, mate. Thanks!
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 1

Author Comment

by:mmahelpdesk
ID: 39680055
Simon,

It worked great, except it broke the Outlook 2010 Profiles in the process. I can't rightly ask my Helpdesk to completely re-do all of the Outlook 2010 profiles.

I'm guessing this has to do with the Outlook Anywhere authentication method, which for me was "negotiate" which I'm just now learning was a bad choice. Basic isn't an option as we don't have port 80 open, HTTP is out of the question.

The answer is NTLM, but as I said before the old profiles break.

Thanks,
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39680807
Shouldn't have caused problems with the old profiles unless Autodiscover isn't working correctly. The changes should have been picked up by Autodiscover and reflected by the clients.

Basic doesn't require port 80 to be open. It is an authentication method over SSL. The problem with Basic is that it requires authentication by the client separately from the domain. I tend to only use it when NTLM doesn't work. NTLM gets broken by firewalls in a lot of cases. However you should be able to use NTLM internally.

Simon.
0
 
LVL 1

Author Closing Comment

by:mmahelpdesk
ID: 39712328
This was an excellent reference. Thanks!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now