Exchange 2010 SSL New Cert Causing Autodiscover Issues

Posted on 2014-08-27
Last Modified: 2014-09-18
Hello all,
Recently we attempted to move from a wildcard certificate on our Exchange 2010 single server to a digicert SSL certificate. The process seemed easy enough but we found that Autodiscover Outlook clients were getting: "There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site" and would prompt for credentials. It would never resolve the credentials and continue to prompt, thus never connecting Outlook.
We ensured the cert SANS included as well as all the other to include POP, and IMAP.
What are we missing the server worked fine with the wildcard cert?
Thank you in advance.

Question by:kryanC
    LVL 24

    Accepted Solution


    Author Comment

    Very odd, it appears that the autodiscover URL was never configured when I check in PowerShell. Is this possible since it worked with the wildcard?
    LVL 24

    Expert Comment

    May be it worked through SCP for internal/domain users
    LVL 77

    Assisted Solution

    by:David Johnson, CD, MVP
    autodiscover uses many different urls
    Within the domain it first checks active directory
    CN=<CAS_SERVER>,CN=Autodiscover,CN=Protocols,CN=<CAS_SERVER>,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=<ORG>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=com

    Open in new window

    Non domain joined machines do the following:
    SRV record query where a DNS query for an SRV record is made. The SRV record should be in the format, resolving to the FQDN of the Autodiscover endpoint. Test your settings.

    Author Closing Comment

    Turns out the auto-discover was never fully configured and went unnoticed because they had been using a wildcard cert that allowed two everything.



    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
    Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
    This video discusses moving either the default database or any database to a new volume.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now