Solved

Exchange 2010 Autoconfig/WEb server DNS issue

Posted on 2014-01-15
3
312 Views
Last Modified: 2014-01-20
Earlier I post this question which was answered successfully.  "I have a correct cert installed for mail.domain.com and can check it 100% via EMC.  When I set up a new outlook profile or test autoconfiguration on an existing outlook profile I receive a certificate mismatch and it states that the cert is for a different domain that I own but it's the www cert that it's finding.  Not sure where to start looking for trouble here because the www server doesn't live on the LAN where the exchange server or outlook clients are located."

Deleting the root A record for my domainname on my windows DNS server solved this sissue but introduced another issue where by no one can get to http://domain.com while on the internal LAN.  The web server lives outside my LAN.  If i create a parent A record for domain.com then exchange autodiscover fails as it find the IP of my web server.  How do I direct web traffic that doesn't use www correctly?
0
Comment
Question by:cmkeur
  • 2
3 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39783580
Is your internal domain name the same as your public domain name?
If so there isn't much you can do about this other than tell users to use the "www" variant.

Autodiscover will try and use the root of the domain first - although internally that shouldn't be happening unless the clients are NOT members of the domain.

If they are members of the domain then the DNS method of Autodiscover isn't used, it uses an endpoint in the domain. You can see the host name being used with this command:

get-clientaccessserver | select identity, AutodiscoverInternalServiceURI

Ensure the host name resolves internally to the Exchange server and is on the SSL certificate.

Otherwise, you will need to do an Autodiscover test (hold down ctrl while right clicking on the Outlook icon in the system tray) to see what is going on.

Simon.
0
 

Author Comment

by:cmkeur
ID: 39783727
thanks for the reply.
Not quite, I have a forward lookup zone on the DNS server for the webserver domain.
I'm thinking that maybe I need to nuke the forward lookup zone and create a bunch of cname records in the name.local DNS forward lookup zone.  however...
When i process that command i receive under identity column "mail" and under autodiscoverinternalserviceuri it's blank.  Found that you had the service and internal reversed in the command.  after correcting and running command i receive https://mail.domain.com/autodiscover/autodiscover.xml
The clients are all members of the domain so i don't understand why the DNS method of autodiscover is being used.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39784698
Sorry about the typo on the command, damn dyslexia gets in the way sometimes.

If you have a complete zone, then that is probably not helping.
What you should do is create a zone for each host that you want to resolve internally - so create a zone for Autodiscover.example.com then put an entry in the zone with no host name of your internal IP address.

That way nothing else other than that host will be disrupted, so users can use external resources as well.

http://semb.ee/splitdns - see the single host name replacement section.

Simon.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video discusses moving either the default database or any database to a new volume.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now