Outlook Autodiscover pointing to wrong URL

Hi All,

I have asked this question previously but I can't seem to get it to work still.

Basically we have an Exchange 2010 server with two accepted email domains (company.ie and company.co.uk). The .ie is the main domain that was setup when the Exchange Server was first setup (as part of SBS 2011). Email for both domains works perfectly internally and externally. The issue arises for the users on the company.co.uk email domain. When these users open Outlook 2010 they receive a Security Alert about the Security Certificate is invalid or does not match the name of the site. We use OA for all external users and have a single name SSL certificate with the name remote.company.ie. The Exchange Proxy settings point to remote.company.ie for all users. The .ie users have no problem only the .co.uk users.

Just wondering do I need to have a new SSL certificate (SAN cert) created that includes the autodiscover.company.co.uk and the remote.company.ie or is there something I can do with DNS records that would resolve the issue. While it does not effect functionality it is annoying the users.

UPDATE: Just checked the external DNS records for the .co.uk domain and see there is a autodiscover.company.co.uk A Record created and points to the IP Address of the .co.uk Website (we have two web sites .ie and .co.uk). Could I change the A Record and point it to the Exchange Server IP Address or should I use a different Record Type (CNAME or SRV).

Any input would be appreciated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Imtiaz HashamTechnical Director / IT ConsultantCommented:
Because you have one domain and one cert, simply use a CNAME and point to the certified domain.
brianquinAuthor Commented:
Hi, thanks for the reply.

So I can create a CNAME record autodiscover.company.co.uk and point that to remote.company.ie?

Thanks again.
Imtiaz HashamTechnical Director / IT ConsultantCommented:
yep :)
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Simon Butler (Sembee)ConsultantCommented:
I disagree with the posts above.
A CNAME is not going to resolve this issue. All it does is change the DNS lookup from being A record to CNAME. The end result is going to be the same, because the client will still be looking at the wrong address.

You haven't said how you are doing Autodiscover for the first domain.

There are two resolutions to this.

1. Change the SSL certificate to a UC type, then include Autodiscover for both domains, plus the remote host name. This is the preferred method.

2. Configure an SRV record for Autodiscover in the second domain. To do that you must ensure that Autodiscover.example.com does not resolve, which also means ensuring there is no wildcard in the domain.

If you are using a single name certificate with the primary domain name, then you must have something in place for Autodiscover, which either needs to be replicated or replaced.

brianquinAuthor Commented:
Hi Simon,

Thanks for the reply. A new SSL looks like a simpler solution. The SSL currently in place uses the name remote.company.ie. Would I add the autodiscover.company.co.uk.

There is no external Auto-discover setup for either of the email domains.
Simon Butler (Sembee)ConsultantCommented:
To keep things quiet you should have

remote.company.ie as the common name

Along with external DNS records pointing to the Exchange server.
That will ensure that everything works correctly.

brianquinAuthor Commented:
Thanks Simon. What external DNS records are needed. We already have an A Record pointing to remote.company.ie and this is used for OWA. Are there other records needed?

Would I need to create A Records for autodiscover.company.ie, A Record for autodiscover.company.co.uk and keep existing A Record for remote.company.ie.
Simon Butler (Sembee)ConsultantCommented:
If you have clients outside the network, such as Outlook Anywhere clients then they need Autodiscover to work correctly.

remote.company.ie would be the common name, which users connect to - everything else is names used under the hood so to speak.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.