Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange 2010 Autoconfig/WEb server DNS issue

Posted on 2014-01-15
3
Medium Priority
?
322 Views
Last Modified: 2014-01-20
Earlier I post this question which was answered successfully.  "I have a correct cert installed for mail.domain.com and can check it 100% via EMC.  When I set up a new outlook profile or test autoconfiguration on an existing outlook profile I receive a certificate mismatch and it states that the cert is for a different domain that I own but it's the www cert that it's finding.  Not sure where to start looking for trouble here because the www server doesn't live on the LAN where the exchange server or outlook clients are located."

Deleting the root A record for my domainname on my windows DNS server solved this sissue but introduced another issue where by no one can get to http://domain.com while on the internal LAN.  The web server lives outside my LAN.  If i create a parent A record for domain.com then exchange autodiscover fails as it find the IP of my web server.  How do I direct web traffic that doesn't use www correctly?
0
Comment
Question by:cmkeur
  • 2
3 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39783580
Is your internal domain name the same as your public domain name?
If so there isn't much you can do about this other than tell users to use the "www" variant.

Autodiscover will try and use the root of the domain first - although internally that shouldn't be happening unless the clients are NOT members of the domain.

If they are members of the domain then the DNS method of Autodiscover isn't used, it uses an endpoint in the domain. You can see the host name being used with this command:

get-clientaccessserver | select identity, AutodiscoverInternalServiceURI

Ensure the host name resolves internally to the Exchange server and is on the SSL certificate.

Otherwise, you will need to do an Autodiscover test (hold down ctrl while right clicking on the Outlook icon in the system tray) to see what is going on.

Simon.
0
 

Author Comment

by:cmkeur
ID: 39783727
thanks for the reply.
Not quite, I have a forward lookup zone on the DNS server for the webserver domain.
I'm thinking that maybe I need to nuke the forward lookup zone and create a bunch of cname records in the name.local DNS forward lookup zone.  however...
When i process that command i receive under identity column "mail" and under autodiscoverinternalserviceuri it's blank.  Found that you had the service and internal reversed in the command.  after correcting and running command i receive https://mail.domain.com/autodiscover/autodiscover.xml
The clients are all members of the domain so i don't understand why the DNS method of autodiscover is being used.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39784698
Sorry about the typo on the command, damn dyslexia gets in the way sometimes.

If you have a complete zone, then that is probably not helping.
What you should do is create a zone for each host that you want to resolve internally - so create a zone for Autodiscover.example.com then put an entry in the zone with no host name of your internal IP address.

That way nothing else other than that host will be disrupted, so users can use external resources as well.

http://semb.ee/splitdns - see the single host name replacement section.

Simon.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question