Solved

Outlook Autodiscover pointing to wrong URL

Posted on 2014-10-06
8
357 Views
Last Modified: 2014-10-06
Hi All,

I have asked this question previously but I can't seem to get it to work still.

Basically we have an Exchange 2010 server with two accepted email domains (company.ie and company.co.uk). The .ie is the main domain that was setup when the Exchange Server was first setup (as part of SBS 2011). Email for both domains works perfectly internally and externally. The issue arises for the users on the company.co.uk email domain. When these users open Outlook 2010 they receive a Security Alert about the Security Certificate is invalid or does not match the name of the site. We use OA for all external users and have a single name SSL certificate with the name remote.company.ie. The Exchange Proxy settings point to remote.company.ie for all users. The .ie users have no problem only the .co.uk users.

Just wondering do I need to have a new SSL certificate (SAN cert) created that includes the autodiscover.company.co.uk and the remote.company.ie or is there something I can do with DNS records that would resolve the issue. While it does not effect functionality it is annoying the users.

UPDATE: Just checked the external DNS records for the .co.uk domain and see there is a autodiscover.company.co.uk A Record created and points to the IP Address of the .co.uk Website (we have two web sites .ie and .co.uk). Could I change the A Record and point it to the Exchange Server IP Address or should I use a different Record Type (CNAME or SRV).

Any input would be appreciated.
0
Comment
Question by:brianquin
  • 3
  • 3
  • 2
8 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 40363328
Because you have one domain and one cert, simply use a CNAME and point to the certified domain.
0
 

Author Comment

by:brianquin
ID: 40363356
Hi, thanks for the reply.

So I can create a CNAME record autodiscover.company.co.uk and point that to remote.company.ie?

Thanks again.
0
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 40363357
yep :)
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 40363568
I disagree with the posts above.
A CNAME is not going to resolve this issue. All it does is change the DNS lookup from being A record to CNAME. The end result is going to be the same, because the client will still be looking at the wrong address.

You haven't said how you are doing Autodiscover for the first domain.

There are two resolutions to this.

1. Change the SSL certificate to a UC type, then include Autodiscover for both domains, plus the remote host name. This is the preferred method.

2. Configure an SRV record for Autodiscover in the second domain. To do that you must ensure that Autodiscover.example.com does not resolve, which also means ensuring there is no wildcard in the domain.
http://semb.ee/srv

If you are using a single name certificate with the primary domain name, then you must have something in place for Autodiscover, which either needs to be replicated or replaced.

Simon.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:brianquin
ID: 40363604
Hi Simon,

Thanks for the reply. A new SSL looks like a simpler solution. The SSL currently in place uses the name remote.company.ie. Would I add the autodiscover.company.co.uk.

There is no external Auto-discover setup for either of the email domains.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 40363700
To keep things quiet you should have

remote.company.ie as the common name
Autodiscover.company.ie
Autodiscover.company.co.uk

Along with external DNS records pointing to the Exchange server.
That will ensure that everything works correctly.

Simon.
0
 

Author Comment

by:brianquin
ID: 40363753
Thanks Simon. What external DNS records are needed. We already have an A Record pointing to remote.company.ie and this is used for OWA. Are there other records needed?

Would I need to create A Records for autodiscover.company.ie, A Record for autodiscover.company.co.uk and keep existing A Record for remote.company.ie.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40364013
Correct.
If you have clients outside the network, such as Outlook Anywhere clients then they need Autodiscover to work correctly.

remote.company.ie would be the common name, which users connect to - everything else is names used under the hood so to speak.

Simon.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now