Solved

Exchange 2010 Autoconfig/WEb server DNS issue

Posted on 2014-01-15
3
306 Views
Last Modified: 2014-01-20
Earlier I post this question which was answered successfully.  "I have a correct cert installed for mail.domain.com and can check it 100% via EMC.  When I set up a new outlook profile or test autoconfiguration on an existing outlook profile I receive a certificate mismatch and it states that the cert is for a different domain that I own but it's the www cert that it's finding.  Not sure where to start looking for trouble here because the www server doesn't live on the LAN where the exchange server or outlook clients are located."

Deleting the root A record for my domainname on my windows DNS server solved this sissue but introduced another issue where by no one can get to http://domain.com while on the internal LAN.  The web server lives outside my LAN.  If i create a parent A record for domain.com then exchange autodiscover fails as it find the IP of my web server.  How do I direct web traffic that doesn't use www correctly?
0
Comment
Question by:cmkeur
  • 2
3 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
Is your internal domain name the same as your public domain name?
If so there isn't much you can do about this other than tell users to use the "www" variant.

Autodiscover will try and use the root of the domain first - although internally that shouldn't be happening unless the clients are NOT members of the domain.

If they are members of the domain then the DNS method of Autodiscover isn't used, it uses an endpoint in the domain. You can see the host name being used with this command:

get-clientaccessserver | select identity, AutodiscoverInternalServiceURI

Ensure the host name resolves internally to the Exchange server and is on the SSL certificate.

Otherwise, you will need to do an Autodiscover test (hold down ctrl while right clicking on the Outlook icon in the system tray) to see what is going on.

Simon.
0
 

Author Comment

by:cmkeur
Comment Utility
thanks for the reply.
Not quite, I have a forward lookup zone on the DNS server for the webserver domain.
I'm thinking that maybe I need to nuke the forward lookup zone and create a bunch of cname records in the name.local DNS forward lookup zone.  however...
When i process that command i receive under identity column "mail" and under autodiscoverinternalserviceuri it's blank.  Found that you had the service and internal reversed in the command.  after correcting and running command i receive https://mail.domain.com/autodiscover/autodiscover.xml
The clients are all members of the domain so i don't understand why the DNS method of autodiscover is being used.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
Sorry about the typo on the command, damn dyslexia gets in the way sometimes.

If you have a complete zone, then that is probably not helping.
What you should do is create a zone for each host that you want to resolve internally - so create a zone for Autodiscover.example.com then put an entry in the zone with no host name of your internal IP address.

That way nothing else other than that host will be disrupted, so users can use external resources as well.

http://semb.ee/splitdns - see the single host name replacement section.

Simon.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now