External autodiscover issues with clients of Exchange 2010

Hello,

I have several users in the field that we have moved away from POP3 for Outlook to connect to Exchange and have moved them to Exchaneg over HTTPS. I get a security warning on  Outlook after it connects stating for "autodiscover.example.com" The name of the security certifiacte is invalid or does not match the name of the site. This statement is totally accurate. The actual name on the certificate site is remote.example1.com. This is actually the cert for our OWA site. I did some research created and SRV record pointing to the correct site name internally and that is not an issue. However, how do I get this issue resolved? We have several email domains inside the company that is different than the domain name present in the cert.

Any guidance is appreciated!

Thank you!
wunderlichAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Md. MojahidConnect With a Mentor Commented:
what type of certificate you have. You should go with SAN certificate.
0
 
Alan HardistyCo-OwnerCommented:
Your SRV record should be pointing to remote.example1.com so that Autodiscover resolves and you can modify your internal URL's to point to remote.example1.com by running the following Exchange Management Shell commands:

Set-AutodiscoverVirtualDirectory -Identity * -internalurl “https://remote.example1.com/autodiscover/autodiscover.xml”
Set-ClientAccessServer -Identity * -AutodiscoverServiceInternalUri “https://remote.example1.com/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory -Identity * -internalurl “https://remote.example1.com/EWS/Exchange.asmx”
Set-oabvirtualdirectory -Identity * -internalurl “https://remote.example1.com/oab”
Set-owavirtualdirectory -Identity * -internalurl “https://remote.example1.com/owa”
Set-ecpvirtualdirectory -Identity * -internalurl “https://remote.example1.com/ecp”
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "https://remote.example1.com/Microsoft-Server-ActiveSync"

That should resolve the Certificate errors.

Alan
0
 
wunderlichAuthor Commented:
Mojahid,

Thank you this was the conclusion I came to at 9:00 last night!

Thank you!
0
 
Alan HardistyCo-OwnerCommented:
You don't need a SAN certificate.  You can make it work happily with a single name certificate.

Alan
0
 
wunderlichAuthor Commented:
Alan,

I have been working though stuff you suggested and keep hitting roadblocks. I did more research and came to the same conclusion as Mojahid. Though your solutions did point out some research points and with such I will try to alert point strategy.

Thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.