Solved

Exchange 2010 Autoconfig/WEb server DNS issue

Posted on 2014-01-15
3
316 Views
Last Modified: 2014-01-20
Earlier I post this question which was answered successfully.  "I have a correct cert installed for mail.domain.com and can check it 100% via EMC.  When I set up a new outlook profile or test autoconfiguration on an existing outlook profile I receive a certificate mismatch and it states that the cert is for a different domain that I own but it's the www cert that it's finding.  Not sure where to start looking for trouble here because the www server doesn't live on the LAN where the exchange server or outlook clients are located."

Deleting the root A record for my domainname on my windows DNS server solved this sissue but introduced another issue where by no one can get to http://domain.com while on the internal LAN.  The web server lives outside my LAN.  If i create a parent A record for domain.com then exchange autodiscover fails as it find the IP of my web server.  How do I direct web traffic that doesn't use www correctly?
0
Comment
Question by:cmkeur
  • 2
3 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39783580
Is your internal domain name the same as your public domain name?
If so there isn't much you can do about this other than tell users to use the "www" variant.

Autodiscover will try and use the root of the domain first - although internally that shouldn't be happening unless the clients are NOT members of the domain.

If they are members of the domain then the DNS method of Autodiscover isn't used, it uses an endpoint in the domain. You can see the host name being used with this command:

get-clientaccessserver | select identity, AutodiscoverInternalServiceURI

Ensure the host name resolves internally to the Exchange server and is on the SSL certificate.

Otherwise, you will need to do an Autodiscover test (hold down ctrl while right clicking on the Outlook icon in the system tray) to see what is going on.

Simon.
0
 

Author Comment

by:cmkeur
ID: 39783727
thanks for the reply.
Not quite, I have a forward lookup zone on the DNS server for the webserver domain.
I'm thinking that maybe I need to nuke the forward lookup zone and create a bunch of cname records in the name.local DNS forward lookup zone.  however...
When i process that command i receive under identity column "mail" and under autodiscoverinternalserviceuri it's blank.  Found that you had the service and internal reversed in the command.  after correcting and running command i receive https://mail.domain.com/autodiscover/autodiscover.xml
The clients are all members of the domain so i don't understand why the DNS method of autodiscover is being used.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39784698
Sorry about the typo on the command, damn dyslexia gets in the way sometimes.

If you have a complete zone, then that is probably not helping.
What you should do is create a zone for each host that you want to resolve internally - so create a zone for Autodiscover.example.com then put an entry in the zone with no host name of your internal IP address.

That way nothing else other than that host will be disrupted, so users can use external resources as well.

http://semb.ee/splitdns - see the single host name replacement section.

Simon.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AD account Auto logoff 1 35
Exchange 2013 DL hack 4 32
Remote Powershell Issue 3 29
Exchange Server Send connector and DNS Round Robin ? 6 38
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question