Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange Autodiscover Cert Question

Posted on 2014-10-08
2
Medium Priority
?
188 Views
Last Modified: 2014-10-13
Hi,

On Exchange 2010/2013, what's the best way of handling adding additional domains to the server so that certain users can have different primary email addresses.

Specifically the problem I have is that external users using Outlook Anywhere will get a security alert pop-up whenever they open up Outlook that "autodiscover.new2nddomain.com" is not valid or doesn't match the name of the site. You can just click Yes to proceed and it will work. I have a public CNAME record that points the above to the autodiscover domain that is on the SAN Certificate "autodiscover.primarydomain.com".

I know one way of doing it is just add that new domain to the SAN certificate. But that's kind of a nuisance if you have to do that every time you want to add a domain to your exchange environment.

Hosted Exchange Providers (like Intermedia, Godaddy, Office365) must get around this somehow as they have 1000s of domains of their 1000s of users and they just tell you to create a CNAME "autodiscover.domain.com" that points to their specific autodiscover FQDN. Out of the 20 or so companies I have on hosted exchange providers, I've never seen a certificate error, only some initial warning when setting up the account about some redirect and then it never comes up again.

I found some articles about deleting your CNAME for autodiscover and creating an SRV record. This seems plausible. However, hosted providers make you just create that CNAME.

I did an Exchange autodiscover test on one of the hosted providers and it seems to use some sort of HTTP conversion of some sort.

Anyhow, just wondering what other solutions are out there instead of having to add the domain to the SAN cert or creating the Public Service Record?
0
Comment
Question by:RFVDB
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 40369708
There are three ways to deal with this.

1. Adding the domain to the list of Autodiscover.xxxx on the SSL certificate.
Fine for a small number of domains, but not practical for hosters. Therefore Microsoft added two further methods:

2. SRV records for Autodiscover.
http://semb.ee/srv

3. HTTP redirection method.
http://technet.microsoft.com/en-us/library/cc539052.aspx

The Autodiscover process is discussed in some depth in this article:

http://msdn.microsoft.com/en-us/library/office/ee332364(v=exchg.140).aspx

The CNAME method will be using the HTTP redirection process. This is the usual favourite because it does not require SRV records, which are not supported by all DNS hosts.

Simon.
0
 

Author Comment

by:RFVDB
ID: 40379167
Super, I was missing the HTTP redirect method. Thanks!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question