Solved

How should a srv-record look like in DNS?

Posted on 2014-11-13
2
216 Views
Last Modified: 2014-12-04
Hi,

we are trying to get outlook work without SSL-errors from extern. On the exchange server there is a correct certificate for autodiscover.domain.com
If i connect over Internet to the domain, outlook throws a warning and shows the certificate of the webserver. On the webserver there is a A-record in DNS that forwards the outlook client to the correct exchange-server.
After the warning everything is fine.
Ithink the A-record should be deleted and ther have to be a SRV-record in DNS.
Would this work:
_autodiscover._tcp.domain.com
and
_https._tcp.domain.com

or should it be
_autodiscover._tcp.autodiscover.domain.com ?

And what about https ? Is this correct for using browser and OWA with thos SRV-record ?


Thanks in advance for helping answers

loosain
0
Comment
Question by:loosain
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
Paul Tozer earned 500 total points
ID: 40440871
You should really use a public SAN certificate (sometimes called a unified communications certificate) with both your owaaddress.yourdomain.com and the autodiscover.yourdomain.com in it. This should be from a public SSL provider otherwise the root certificate from your certificate authority needs installing on every device, as if you don't you'll get a certificate error showing it isn't trusted.

You can alternatively use SRV records which are set as follows:

_autodiscover._tcp.yourdomain.com. 3600 IN SRV 0 5 443 owaaddress.yourdomain.com.
0
 

Author Closing Comment

by:loosain
ID: 40481523
The SRV record made it even worse... We exported the certificate from the SBS inclusive private key to an pfx-file and imported it to the webserver. Now everyything is running fine without warnings or errors.
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month4 days, 21 hours left to enroll

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question