Solved

How should a srv-record look like in DNS?

Posted on 2014-11-13
2
204 Views
Last Modified: 2014-12-04
Hi,

we are trying to get outlook work without SSL-errors from extern. On the exchange server there is a correct certificate for autodiscover.domain.com
If i connect over Internet to the domain, outlook throws a warning and shows the certificate of the webserver. On the webserver there is a A-record in DNS that forwards the outlook client to the correct exchange-server.
After the warning everything is fine.
Ithink the A-record should be deleted and ther have to be a SRV-record in DNS.
Would this work:
_autodiscover._tcp.domain.com
and
_https._tcp.domain.com

or should it be
_autodiscover._tcp.autodiscover.domain.com ?

And what about https ? Is this correct for using browser and OWA with thos SRV-record ?


Thanks in advance for helping answers

loosain
0
Comment
Question by:loosain
2 Comments
 
LVL 7

Accepted Solution

by:
Paul Tozer earned 500 total points
ID: 40440871
You should really use a public SAN certificate (sometimes called a unified communications certificate) with both your owaaddress.yourdomain.com and the autodiscover.yourdomain.com in it. This should be from a public SSL provider otherwise the root certificate from your certificate authority needs installing on every device, as if you don't you'll get a certificate error showing it isn't trusted.

You can alternatively use SRV records which are set as follows:

_autodiscover._tcp.yourdomain.com. 3600 IN SRV 0 5 443 owaaddress.yourdomain.com.
0
 

Author Closing Comment

by:loosain
ID: 40481523
The SRV record made it even worse... We exported the certificate from the SBS inclusive private key to an pfx-file and imported it to the webserver. Now everyything is running fine without warnings or errors.
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Find out what you should include to make the best professional email signature for your organization.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question