Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How should a srv-record look like in DNS?

Posted on 2014-11-13
2
Medium Priority
?
234 Views
Last Modified: 2014-12-04
Hi,

we are trying to get outlook work without SSL-errors from extern. On the exchange server there is a correct certificate for autodiscover.domain.com
If i connect over Internet to the domain, outlook throws a warning and shows the certificate of the webserver. On the webserver there is a A-record in DNS that forwards the outlook client to the correct exchange-server.
After the warning everything is fine.
Ithink the A-record should be deleted and ther have to be a SRV-record in DNS.
Would this work:
_autodiscover._tcp.domain.com
and
_https._tcp.domain.com

or should it be
_autodiscover._tcp.autodiscover.domain.com ?

And what about https ? Is this correct for using browser and OWA with thos SRV-record ?


Thanks in advance for helping answers

loosain
0
Comment
Question by:loosain
2 Comments
 
LVL 7

Accepted Solution

by:
Paul Tozer earned 2000 total points
ID: 40440871
You should really use a public SAN certificate (sometimes called a unified communications certificate) with both your owaaddress.yourdomain.com and the autodiscover.yourdomain.com in it. This should be from a public SSL provider otherwise the root certificate from your certificate authority needs installing on every device, as if you don't you'll get a certificate error showing it isn't trusted.

You can alternatively use SRV records which are set as follows:

_autodiscover._tcp.yourdomain.com. 3600 IN SRV 0 5 443 owaaddress.yourdomain.com.
0
 

Author Closing Comment

by:loosain
ID: 40481523
The SRV record made it even worse... We exported the certificate from the SBS inclusive private key to an pfx-file and imported it to the webserver. Now everyything is running fine without warnings or errors.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question