Solved

Change autodiscover so it uses proper https/proxy settings

Posted on 2013-11-25
6
3,347 Views
Last Modified: 2013-12-11
Hi There,

I recently set up a brand new Exchange 2013 environment. Outlook is configured using autodiscover. Outlook 2013 works just fine, but for some reason I get this error using Outlook 2010r:

There is a problem with the proxy server's security certificate. The name on the security ticket is invalid or does not match the name of the target site [FQDN].

So, in my SSL cert I do have my server's FQDN, but if I check the exchange proxy settings I see the proxy server as https://server.sub.domain.com and the principal name as msstd:server.sub.domain.com

The principal name in my SAN cert is actually what I intended to use for all of my external URLs for the virtualdirectories, which is https://mail.domain.com

My question: How do I get autodiscover to use my principal name in my SAN SSL Cert, which is what I want to use, which is https://mail.domain.com instead of the FQDN of the server? Where can I make that change?

Cheers!
0
Comment
Question by:mmahelpdesk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 1

Author Comment

by:mmahelpdesk
ID: 39676645
I guess I need to find out something like this for Exchange 2013. I'll see if I can find some documentation for Exchange 2013.

http://technet.microsoft.com/en-us/library/aa998424(v=exchg.80).aspx
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39677271
You need to ensure that your public name resolves internally via split DNS.
Then change the internal and external URLs to match. That will be on all Outlook Anywhere and the EWS, OWA, ActiveSync virtual directories, plus the Autodiscover value on set-clientaccessserver.

My Exchange 2010 article outlines what needs to be changed - it is the same thing in Exchange 2013 via PowerShell. http://semb.ee/hostnames

Simon.
0
 
LVL 1

Author Comment

by:mmahelpdesk
ID: 39679516
This looks glorious, thanks for the reply. I'll be making these changes tonight when everyone is asleep thinking about turkey. I'll let you know how it goes, mate. Thanks!
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:mmahelpdesk
ID: 39680055
Simon,

It worked great, except it broke the Outlook 2010 Profiles in the process. I can't rightly ask my Helpdesk to completely re-do all of the Outlook 2010 profiles.

I'm guessing this has to do with the Outlook Anywhere authentication method, which for me was "negotiate" which I'm just now learning was a bad choice. Basic isn't an option as we don't have port 80 open, HTTP is out of the question.

The answer is NTLM, but as I said before the old profiles break.

Thanks,
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39680807
Shouldn't have caused problems with the old profiles unless Autodiscover isn't working correctly. The changes should have been picked up by Autodiscover and reflected by the clients.

Basic doesn't require port 80 to be open. It is an authentication method over SSL. The problem with Basic is that it requires authentication by the client separately from the domain. I tend to only use it when NTLM doesn't work. NTLM gets broken by firewalls in a lot of cases. However you should be able to use NTLM internally.

Simon.
0
 
LVL 1

Author Closing Comment

by:mmahelpdesk
ID: 39712328
This was an excellent reference. Thanks!
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
Outlook for dependable use in a very small business   This article is about using the Outlook application (part of Microsoft Office) in a very small business, or for homeowners where dependability and reliability are critical requirements. This …
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question