Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Autodiscover on SBS 2008

Posted on 2014-08-20
10
Medium Priority
?
173 Views
Last Modified: 2014-10-14
I'm running SBS 2008 Premium and i'm wondering what the default, out of box, setting for autodiscover is?  I've recently started to get autodiscover messages pop up in my Outlook 2013 client - this never happened before in the 4yrs this box has been running.

The popup I get is a security alert about the certificate being invalid.  In the popup I see that Outlook is trying to get a certificate from our company website hosted outside of our network (on a shared host).  What setting in DNS do I need to set to make it look internally?

I re-ran the SBS "Setup your Internet address" wizard and selecting the option to "manage the domain name myself" but that didn't fix the issue.
0
Comment
Question by:Medrx
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 14

Expert Comment

by:Brad Groux
ID: 40273828
Download, install and run the latest version of SBS BPA - http://support.microsoft.com/kb/2673284

You should be able to trust the certificate even though it is external. Simply install the certificate on the local SBS, and then try these steps.

1.

Start the SBS Management Console. On the "Getting Started Tasks" panel, choose "Add a trusted certificate". You can also start the wizard on the Networking panel, under Connectivity, by choosing "Web Server Certificate" then "Add a trusted certificate".

2.

After choosing Next on the first screen, on the second screen select "I want to use a certificate that is already installed on the server." and click Next.

3.

A list of certificates that can be used are now shown. Choose the trusted certificate and select Next. The wizard is then imported.You can then test connectivity from here - https://testconnectivity.microsoft.com/
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 40273845
Hi probably you will need to create the SRV record in your DNS.

Take a look here and see if help.

Regards
0
 

Author Comment

by:Medrx
ID: 40274066
David,

Do I need to create this DNS SRV record on my internal DNS server or at the Hosting company DNS? or Both?  
I'm really not that interested in having autodiscover setup outside my network (ie internet).

Brad,  the certificate that outlook is trying to use is from the hosting company which leads me to believe autodiscover is not setup correctly.  How do I tell Outlook to look at the self-issued cert first?  I don't understand why its even trying to look for autodiscover at my hosting provider VS the internal SBS box?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:Brad Groux
ID: 40274081
The SRV record should be created internally for the SBS server to utilize.
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 40274198
Hi Medrx,

You should create in the internal DNS and all your clients should point to the internal DNS.

But for a better understand Simon has a good explanation and how to here for the several scenarios.
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40275416
The SRV record is only really used by External clients, ones that are not domain joined and cannot query the SCP for AutoDiscover within AD. If that is the case for the client who is using Outlook 2013 (e.g: the Outlook 2013 user is using a non-domain joined machine, or a domain joined machine outside the office) then you can use an SRV record: http://support.microsoft.com/kb/940881/en-us

An internal client (Outlook 2007+) will first query the SCP object for AutoDiscover. I would open Exchange Management Shell and run the following to see where it actually points too...
Get-ClientAccessServer | Select Name, AutoDiscoverInternalUri

Open in new window


If this is pointing to his website, then that would probably the cause here. If it is a single server environment without split DNS, this can point to the Exchange 2007 server as long as that name exists on the SSL certificate that is assigned to IIS.

I honestly do not see the point most of the time to use the SRV record (which most folks dont use) but sometimes (like this) it might help.
0
 

Author Comment

by:Medrx
ID: 40276929
I have added the SRV entry on my internal DNS and deleted the autodiscovery A, and SRV records at bluehost DNS.  This appears to have fixed the issue on my client machine.

Adam,

I was getting the popup on my local workstation that is joined to the domain and connected to the work network.
Running your command returned this:
[PS] C:\Windows\system32>Get-ClientAccessServer | Select Name, AutoDiscoverInternalUri

Name                                                         AutoDiscoverInternalUri
----                                                         -----------------------
ODIN

Open in new window

0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 40276951
You don´t have the the internal URL in place.

You will need to configure it.

Get-ClientAccessServer –Identity "Exchange server" | Set-ClientAccessServer
–AutodiscoverServiceInternalUri https://autodiscover.myExternalDomainNameInTheCertificate.com/autodiscover/autodiscover.xml

Open in new window

0
 

Author Comment

by:Medrx
ID: 40277055
What should I put in as the correct URI?

I do not have split DNS.  For example sake;

Internal Domain is:  contoso.lan
External website is: contoso.com

Do I then use:
https://remote.contoso.lan/Autodiscover/autodiscover.xml 
OR
https://remote.contoso.com/Autodiscover/autodiscover.xml

This being SBS and not wanting to break other things.
0
 
LVL 19

Accepted Solution

by:
Adam Farage earned 2000 total points
ID: 40277229
In internal DNS I would create a new forward lookup zone for contoso.com, and then create an A record for autodiscover there that points to the CAS. From there you would do the following:

Get-ClientAccessArray | Set-ClientAccessArray -AutoDiscoverInternalUri https://remote.contoso.com/autodiscover/autodiscover.xml

Open in new window


From there then check the property as I provided above, and this should work for your clients.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes Top 9 Exchange troubleshooting utilities that every Exchange Administrator should know. Most of the utilities are available free of cost. List of tools that I am going to explain in this article are:   Microsoft Remote Con…
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month13 days, 3 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question