Solved

Exchange 2010 Configure Autodiscover with Multiple Domains

Posted on 2014-11-16
10
179 Views
Last Modified: 2016-06-15
Hey Guys

I'm trying to cleanup the Autodiscover for a server I've been put in charge of.
I've run BPA on the server and cleaned up some old junk. I've also patched it to SP3 and fixed the RDNS as that was missing. I've got internal and external users connecting ok. Internal Autodiscover is working. But external Autodiscover is not.

I noticed a couple of problems:
1. There are no autodicsover records set at the domain host.
2. The SSL certificate is from Godaddy and allows up to 5 names. It only has the mail.primarydomain.com address added (that address matches what is configured in Exchange for autodiscover services & URL's etc). There is autodiscover for the primary domain but it's autodiscover.mail.primarydomain.com. All other domains seem to be missing the autodiscover.domain.com addresses and any other relevant addresses.


So my question are:
1. Do I need an autodiscover A record (autodiscover.primarydomain.com , autodiscover.domain2.com, autodiscover.domain3.com) for each accepted domain at the domain host? If so, should I point them all to the mail.primarydomain.com DNS record or the public IP of the Exchange server?
2. In the new SSL cert that I wish to order, will autodiscover.mail.primarydomain work or does it need to be autodiscover.primarydomain.com.
3. Also do I need to add an autodiscover for each domain? Are there any other records I might need?
4. Do I need to make any changes to the Autodiscover site settings on the Exchange server so external Outlook users can use Autoconfigure for whichever domain their primary email address is?

Kind Regards
Aaron
0
Comment
Question by:moncomp
  • 5
  • 3
10 Comments
 
LVL 18

Expert Comment

by:suriyaehnop
Comment Utility
If you're hosted multiple accepted, you can use 1 UC certifcate with one autodiscover name space on certificate then you create a SRV records for another autodiscover domain to point to autodiscover name in certificate.

https://social.technet.microsoft.com/Forums/exchange/en-US/c7518c14-f7f7-424f-aea2-651b48658cb8/autodiscover-and-srv-records

http://support.microsoft.com/kb/940881
0
 

Author Comment

by:moncomp
Comment Utility
ahh thank you suriyaehnop I'll have a read of your links :)
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
It depends if you have users with the additional domains as their PRIMARY email address?
For example, if you have users with example.com and example.co.uk, but the .co.uk is NOT any user's primary address, then there is no need to have it listed in Autodiscover.
If they do, then either additional Autodiscover A records or SRV records will be required.

The Autodiscover record needs to be Autodiscover.example.com, where example.com is the part after the @ sign in the email address. Therefore unless your email addresses are user@mail.example.com then the Autodiscover entry you are seeing is incorrect.

Simon.
0
 

Author Comment

by:moncomp
Comment Utility
Hi Simon

I do have that scenario you describe, I followed suriyaehnop's links and found this option: "Configure Autodiscover Redirection for the Multi-Tenant Organization": http://technet.microsoft.com/en-us/library/ff923256.aspx

I am running Exchange 2010 SP3 on a separate instance from the DC, do you think that I can setup the redirection site using IIS7 on the server running Exchange 2010?

Kind Regards
Aaron
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
Comment Utility
You can setup another site. You will need another external IP address for it, so that it doesn't conflict with the main site and you don't have to configure lots of host headers for the second site so it works correctly.

Simon.
0
 

Author Comment

by:moncomp
Comment Utility
Hi Simon

Also with the existing UNC cert, will it work if I have autodiscover.mail.primarydomain.com instead of autodiscover.primarydomain.com?  Or do I need to order a new one?
0
 

Author Comment

by:moncomp
Comment Utility
Hi Simon

So if I break down the configuration to these tasks it should work?:
- create and point all autodiscover records to another external IP address that is pointing to the server hosting the site.
- Setup an autodiscover redirection site configured in IIS7 on the VM running Exchange 2010 (not the DC). Is this the best place to configure the new site?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
Comment Utility
A certificate for "autodiscover.mail.primarydomain.com" would work for everything but "primarydomain.com", unless you configured them all for the redirection method.

Doesn't really matter where you configure the redirection site as long as it has its own external IP address and the traffic goes to the correct internal web site.

Simon.
0
 

Author Comment

by:moncomp
Comment Utility
Hi Simon

Ahh i checked the email addresses for the users and none of them are using the primarydomain.com as their email address. So in that case it sounds like I can use the existsing autodiscover.mail.primarydomain.com cert for the other two domains in use in the users email addresses. That solves one issue. So I think the next step is to build an internal redirection site and then start testing the autoconfigure is parsing correctly.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now