Solved

How should a srv-record look like in DNS?

Posted on 2014-11-13
2
197 Views
Last Modified: 2014-12-04
Hi,

we are trying to get outlook work without SSL-errors from extern. On the exchange server there is a correct certificate for autodiscover.domain.com
If i connect over Internet to the domain, outlook throws a warning and shows the certificate of the webserver. On the webserver there is a A-record in DNS that forwards the outlook client to the correct exchange-server.
After the warning everything is fine.
Ithink the A-record should be deleted and ther have to be a SRV-record in DNS.
Would this work:
_autodiscover._tcp.domain.com
and
_https._tcp.domain.com

or should it be
_autodiscover._tcp.autodiscover.domain.com ?

And what about https ? Is this correct for using browser and OWA with thos SRV-record ?


Thanks in advance for helping answers

loosain
0
Comment
Question by:loosain
2 Comments
 
LVL 7

Accepted Solution

by:
Paul Tozer earned 500 total points
ID: 40440871
You should really use a public SAN certificate (sometimes called a unified communications certificate) with both your owaaddress.yourdomain.com and the autodiscover.yourdomain.com in it. This should be from a public SSL provider otherwise the root certificate from your certificate authority needs installing on every device, as if you don't you'll get a certificate error showing it isn't trusted.

You can alternatively use SRV records which are set as follows:

_autodiscover._tcp.yourdomain.com. 3600 IN SRV 0 5 443 owaaddress.yourdomain.com.
0
 

Author Closing Comment

by:loosain
ID: 40481523
The SRV record made it even worse... We exported the certificate from the SBS inclusive private key to an pfx-file and imported it to the webserver. Now everyything is running fine without warnings or errors.
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video discusses moving either the default database or any database to a new volume.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now