Member_2_4488436
asked on
Autodiscover on SBS 2008
I'm running SBS 2008 Premium and i'm wondering what the default, out of box, setting for autodiscover is? I've recently started to get autodiscover messages pop up in my Outlook 2013 client - this never happened before in the 4yrs this box has been running.
The popup I get is a security alert about the certificate being invalid. In the popup I see that Outlook is trying to get a certificate from our company website hosted outside of our network (on a shared host). What setting in DNS do I need to set to make it look internally?
I re-ran the SBS "Setup your Internet address" wizard and selecting the option to "manage the domain name myself" but that didn't fix the issue.
The popup I get is a security alert about the certificate being invalid. In the popup I see that Outlook is trying to get a certificate from our company website hosted outside of our network (on a shared host). What setting in DNS do I need to set to make it look internally?
I re-ran the SBS "Setup your Internet address" wizard and selecting the option to "manage the domain name myself" but that didn't fix the issue.
Hi probably you will need to create the SRV record in your DNS.
Take a look here and see if help.
Regards
Take a look here and see if help.
Regards
ASKER
David,
Do I need to create this DNS SRV record on my internal DNS server or at the Hosting company DNS? or Both?
I'm really not that interested in having autodiscover setup outside my network (ie internet).
Brad, the certificate that outlook is trying to use is from the hosting company which leads me to believe autodiscover is not setup correctly. How do I tell Outlook to look at the self-issued cert first? I don't understand why its even trying to look for autodiscover at my hosting provider VS the internal SBS box?
Do I need to create this DNS SRV record on my internal DNS server or at the Hosting company DNS? or Both?
I'm really not that interested in having autodiscover setup outside my network (ie internet).
Brad, the certificate that outlook is trying to use is from the hosting company which leads me to believe autodiscover is not setup correctly. How do I tell Outlook to look at the self-issued cert first? I don't understand why its even trying to look for autodiscover at my hosting provider VS the internal SBS box?
The SRV record should be created internally for the SBS server to utilize.
Hi Medrx,
You should create in the internal DNS and all your clients should point to the internal DNS.
But for a better understand Simon has a good explanation and how to here for the several scenarios.
You should create in the internal DNS and all your clients should point to the internal DNS.
But for a better understand Simon has a good explanation and how to here for the several scenarios.
The SRV record is only really used by External clients, ones that are not domain joined and cannot query the SCP for AutoDiscover within AD. If that is the case for the client who is using Outlook 2013 (e.g: the Outlook 2013 user is using a non-domain joined machine, or a domain joined machine outside the office) then you can use an SRV record: http://support.microsoft.com/kb/940881/en-us
An internal client (Outlook 2007+) will first query the SCP object for AutoDiscover. I would open Exchange Management Shell and run the following to see where it actually points too...
If this is pointing to his website, then that would probably the cause here. If it is a single server environment without split DNS, this can point to the Exchange 2007 server as long as that name exists on the SSL certificate that is assigned to IIS.
I honestly do not see the point most of the time to use the SRV record (which most folks dont use) but sometimes (like this) it might help.
An internal client (Outlook 2007+) will first query the SCP object for AutoDiscover. I would open Exchange Management Shell and run the following to see where it actually points too...
Get-ClientAccessServer | Select Name, AutoDiscoverInternalUriIf this is pointing to his website, then that would probably the cause here. If it is a single server environment without split DNS, this can point to the Exchange 2007 server as long as that name exists on the SSL certificate that is assigned to IIS.
I honestly do not see the point most of the time to use the SRV record (which most folks dont use) but sometimes (like this) it might help.
ASKER
I have added the SRV entry on my internal DNS and deleted the autodiscovery A, and SRV records at bluehost DNS. This appears to have fixed the issue on my client machine.
Adam,
I was getting the popup on my local workstation that is joined to the domain and connected to the work network.
Running your command returned this:
Adam,
I was getting the popup on my local workstation that is joined to the domain and connected to the work network.
Running your command returned this:
[PS] C:\Windows\system32>Get-ClientAccessServer | Select Name, AutoDiscoverInternalUri
Name AutoDiscoverInternalUri
---- -----------------------
ODIN
You don´t have the the internal URL in place.
You will need to configure it.
You will need to configure it.
Get-ClientAccessServer –Identity "Exchange server" | Set-ClientAccessServer
–AutodiscoverServiceInternalUri https://autodiscover.myExternalDomainNameInTheCertificate.com/autodiscover/autodiscover.xmlASKER
What should I put in as the correct URI?
I do not have split DNS. For example sake;
Internal Domain is: contoso.lan
External website is: contoso.com
Do I then use:
https://remote.contoso.lan/Autodiscover/autodiscover.xml
OR
https://remote.contoso.com/Autodiscover/autodiscover.xml
This being SBS and not wanting to break other things.
I do not have split DNS. For example sake;
Internal Domain is: contoso.lan
External website is: contoso.com
Do I then use:
https://remote.contoso.lan/Autodiscover/autodiscover.xml
OR
https://remote.contoso.com/Autodiscover/autodiscover.xml
This being SBS and not wanting to break other things.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You should be able to trust the certificate even though it is external. Simply install the certificate on the local SBS, and then try these steps.
1.
Start the SBS Management Console. On the "Getting Started Tasks" panel, choose "Add a trusted certificate". You can also start the wizard on the Networking panel, under Connectivity, by choosing "Web Server Certificate" then "Add a trusted certificate".2.
After choosing Next on the first screen, on the second screen select "I want to use a certificate that is already installed on the server." and click Next.3.
A list of certificates that can be used are now shown. Choose the trusted certificate and select Next. The wizard is then imported.You can then test connectivity from here - https://testconnectivity.microsoft.com/