Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Outlook Autodiscover pointing to wrong URL

Posted on 2014-10-06
8
Medium Priority
?
715 Views
Last Modified: 2014-10-06
Hi All,

I have asked this question previously but I can't seem to get it to work still.

Basically we have an Exchange 2010 server with two accepted email domains (company.ie and company.co.uk). The .ie is the main domain that was setup when the Exchange Server was first setup (as part of SBS 2011). Email for both domains works perfectly internally and externally. The issue arises for the users on the company.co.uk email domain. When these users open Outlook 2010 they receive a Security Alert about the Security Certificate is invalid or does not match the name of the site. We use OA for all external users and have a single name SSL certificate with the name remote.company.ie. The Exchange Proxy settings point to remote.company.ie for all users. The .ie users have no problem only the .co.uk users.

Just wondering do I need to have a new SSL certificate (SAN cert) created that includes the autodiscover.company.co.uk and the remote.company.ie or is there something I can do with DNS records that would resolve the issue. While it does not effect functionality it is annoying the users.

UPDATE: Just checked the external DNS records for the .co.uk domain and see there is a autodiscover.company.co.uk A Record created and points to the IP Address of the .co.uk Website (we have two web sites .ie and .co.uk). Could I change the A Record and point it to the Exchange Server IP Address or should I use a different Record Type (CNAME or SRV).

Any input would be appreciated.
0
Comment
Question by:brianquin
  • 3
  • 3
  • 2
8 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 40363328
Because you have one domain and one cert, simply use a CNAME and point to the certified domain.
0
 

Author Comment

by:brianquin
ID: 40363356
Hi, thanks for the reply.

So I can create a CNAME record autodiscover.company.co.uk and point that to remote.company.ie?

Thanks again.
0
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 40363357
yep :)
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 2000 total points
ID: 40363568
I disagree with the posts above.
A CNAME is not going to resolve this issue. All it does is change the DNS lookup from being A record to CNAME. The end result is going to be the same, because the client will still be looking at the wrong address.

You haven't said how you are doing Autodiscover for the first domain.

There are two resolutions to this.

1. Change the SSL certificate to a UC type, then include Autodiscover for both domains, plus the remote host name. This is the preferred method.

2. Configure an SRV record for Autodiscover in the second domain. To do that you must ensure that Autodiscover.example.com does not resolve, which also means ensuring there is no wildcard in the domain.
http://semb.ee/srv

If you are using a single name certificate with the primary domain name, then you must have something in place for Autodiscover, which either needs to be replicated or replaced.

Simon.
0
 

Author Comment

by:brianquin
ID: 40363604
Hi Simon,

Thanks for the reply. A new SSL looks like a simpler solution. The SSL currently in place uses the name remote.company.ie. Would I add the autodiscover.company.co.uk.

There is no external Auto-discover setup for either of the email domains.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 2000 total points
ID: 40363700
To keep things quiet you should have

remote.company.ie as the common name
Autodiscover.company.ie
Autodiscover.company.co.uk

Along with external DNS records pointing to the Exchange server.
That will ensure that everything works correctly.

Simon.
0
 

Author Comment

by:brianquin
ID: 40363753
Thanks Simon. What external DNS records are needed. We already have an A Record pointing to remote.company.ie and this is used for OWA. Are there other records needed?

Would I need to create A Records for autodiscover.company.ie, A Record for autodiscover.company.co.uk and keep existing A Record for remote.company.ie.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 40364013
Correct.
If you have clients outside the network, such as Outlook Anywhere clients then they need Autodiscover to work correctly.

remote.company.ie would be the common name, which users connect to - everything else is names used under the hood so to speak.

Simon.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, we will learn to set up the Group Naming policy and will see how it is going to impact the Display Name and the Email addresses of the Group.
Upgrading from older Exchange server to the latest Exchange server can be tiresome, error-prone and risky, without being a seasoned exchange server administrators. It can become even problematic if you're an organization that runs on tight timeline…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month10 days, 6 hours left to enroll

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question