Solved

Outlook Autodiscover pointing to wrong URL

Posted on 2014-10-06
8
389 Views
Last Modified: 2014-10-06
Hi All,

I have asked this question previously but I can't seem to get it to work still.

Basically we have an Exchange 2010 server with two accepted email domains (company.ie and company.co.uk). The .ie is the main domain that was setup when the Exchange Server was first setup (as part of SBS 2011). Email for both domains works perfectly internally and externally. The issue arises for the users on the company.co.uk email domain. When these users open Outlook 2010 they receive a Security Alert about the Security Certificate is invalid or does not match the name of the site. We use OA for all external users and have a single name SSL certificate with the name remote.company.ie. The Exchange Proxy settings point to remote.company.ie for all users. The .ie users have no problem only the .co.uk users.

Just wondering do I need to have a new SSL certificate (SAN cert) created that includes the autodiscover.company.co.uk and the remote.company.ie or is there something I can do with DNS records that would resolve the issue. While it does not effect functionality it is annoying the users.

UPDATE: Just checked the external DNS records for the .co.uk domain and see there is a autodiscover.company.co.uk A Record created and points to the IP Address of the .co.uk Website (we have two web sites .ie and .co.uk). Could I change the A Record and point it to the Exchange Server IP Address or should I use a different Record Type (CNAME or SRV).

Any input would be appreciated.
0
Comment
Question by:brianquin
  • 3
  • 3
  • 2
8 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 40363328
Because you have one domain and one cert, simply use a CNAME and point to the certified domain.
0
 

Author Comment

by:brianquin
ID: 40363356
Hi, thanks for the reply.

So I can create a CNAME record autodiscover.company.co.uk and point that to remote.company.ie?

Thanks again.
0
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 40363357
yep :)
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 40363568
I disagree with the posts above.
A CNAME is not going to resolve this issue. All it does is change the DNS lookup from being A record to CNAME. The end result is going to be the same, because the client will still be looking at the wrong address.

You haven't said how you are doing Autodiscover for the first domain.

There are two resolutions to this.

1. Change the SSL certificate to a UC type, then include Autodiscover for both domains, plus the remote host name. This is the preferred method.

2. Configure an SRV record for Autodiscover in the second domain. To do that you must ensure that Autodiscover.example.com does not resolve, which also means ensuring there is no wildcard in the domain.
http://semb.ee/srv

If you are using a single name certificate with the primary domain name, then you must have something in place for Autodiscover, which either needs to be replicated or replaced.

Simon.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:brianquin
ID: 40363604
Hi Simon,

Thanks for the reply. A new SSL looks like a simpler solution. The SSL currently in place uses the name remote.company.ie. Would I add the autodiscover.company.co.uk.

There is no external Auto-discover setup for either of the email domains.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 40363700
To keep things quiet you should have

remote.company.ie as the common name
Autodiscover.company.ie
Autodiscover.company.co.uk

Along with external DNS records pointing to the Exchange server.
That will ensure that everything works correctly.

Simon.
0
 

Author Comment

by:brianquin
ID: 40363753
Thanks Simon. What external DNS records are needed. We already have an A Record pointing to remote.company.ie and this is used for OWA. Are there other records needed?

Would I need to create A Records for autodiscover.company.ie, A Record for autodiscover.company.co.uk and keep existing A Record for remote.company.ie.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40364013
Correct.
If you have clients outside the network, such as Outlook Anywhere clients then they need Autodiscover to work correctly.

remote.company.ie would be the common name, which users connect to - everything else is names used under the hood so to speak.

Simon.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now