Solved

Outlook Autodiscover pointing to wrong URL

Posted on 2014-10-06
8
415 Views
Last Modified: 2014-10-06
Hi All,

I have asked this question previously but I can't seem to get it to work still.

Basically we have an Exchange 2010 server with two accepted email domains (company.ie and company.co.uk). The .ie is the main domain that was setup when the Exchange Server was first setup (as part of SBS 2011). Email for both domains works perfectly internally and externally. The issue arises for the users on the company.co.uk email domain. When these users open Outlook 2010 they receive a Security Alert about the Security Certificate is invalid or does not match the name of the site. We use OA for all external users and have a single name SSL certificate with the name remote.company.ie. The Exchange Proxy settings point to remote.company.ie for all users. The .ie users have no problem only the .co.uk users.

Just wondering do I need to have a new SSL certificate (SAN cert) created that includes the autodiscover.company.co.uk and the remote.company.ie or is there something I can do with DNS records that would resolve the issue. While it does not effect functionality it is annoying the users.

UPDATE: Just checked the external DNS records for the .co.uk domain and see there is a autodiscover.company.co.uk A Record created and points to the IP Address of the .co.uk Website (we have two web sites .ie and .co.uk). Could I change the A Record and point it to the Exchange Server IP Address or should I use a different Record Type (CNAME or SRV).

Any input would be appreciated.
0
Comment
Question by:brianquin
  • 3
  • 3
  • 2
8 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 40363328
Because you have one domain and one cert, simply use a CNAME and point to the certified domain.
0
 

Author Comment

by:brianquin
ID: 40363356
Hi, thanks for the reply.

So I can create a CNAME record autodiscover.company.co.uk and point that to remote.company.ie?

Thanks again.
0
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 40363357
yep :)
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 40363568
I disagree with the posts above.
A CNAME is not going to resolve this issue. All it does is change the DNS lookup from being A record to CNAME. The end result is going to be the same, because the client will still be looking at the wrong address.

You haven't said how you are doing Autodiscover for the first domain.

There are two resolutions to this.

1. Change the SSL certificate to a UC type, then include Autodiscover for both domains, plus the remote host name. This is the preferred method.

2. Configure an SRV record for Autodiscover in the second domain. To do that you must ensure that Autodiscover.example.com does not resolve, which also means ensuring there is no wildcard in the domain.
http://semb.ee/srv

If you are using a single name certificate with the primary domain name, then you must have something in place for Autodiscover, which either needs to be replicated or replaced.

Simon.
0
 

Author Comment

by:brianquin
ID: 40363604
Hi Simon,

Thanks for the reply. A new SSL looks like a simpler solution. The SSL currently in place uses the name remote.company.ie. Would I add the autodiscover.company.co.uk.

There is no external Auto-discover setup for either of the email domains.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 40363700
To keep things quiet you should have

remote.company.ie as the common name
Autodiscover.company.ie
Autodiscover.company.co.uk

Along with external DNS records pointing to the Exchange server.
That will ensure that everything works correctly.

Simon.
0
 

Author Comment

by:brianquin
ID: 40363753
Thanks Simon. What external DNS records are needed. We already have an A Record pointing to remote.company.ie and this is used for OWA. Are there other records needed?

Would I need to create A Records for autodiscover.company.ie, A Record for autodiscover.company.co.uk and keep existing A Record for remote.company.ie.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40364013
Correct.
If you have clients outside the network, such as Outlook Anywhere clients then they need Autodiscover to work correctly.

remote.company.ie would be the common name, which users connect to - everything else is names used under the hood so to speak.

Simon.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question