Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 623
  • Last Modified:

Exchange 2010 Configure Autodiscover with Multiple Domains

Hey Guys

I'm trying to cleanup the Autodiscover for a server I've been put in charge of.
I've run BPA on the server and cleaned up some old junk. I've also patched it to SP3 and fixed the RDNS as that was missing. I've got internal and external users connecting ok. Internal Autodiscover is working. But external Autodiscover is not.

I noticed a couple of problems:
1. There are no autodicsover records set at the domain host.
2. The SSL certificate is from Godaddy and allows up to 5 names. It only has the mail.primarydomain.com address added (that address matches what is configured in Exchange for autodiscover services & URL's etc). There is autodiscover for the primary domain but it's autodiscover.mail.primarydomain.com. All other domains seem to be missing the autodiscover.domain.com addresses and any other relevant addresses.


So my question are:
1. Do I need an autodiscover A record (autodiscover.primarydomain.com , autodiscover.domain2.com, autodiscover.domain3.com) for each accepted domain at the domain host? If so, should I point them all to the mail.primarydomain.com DNS record or the public IP of the Exchange server?
2. In the new SSL cert that I wish to order, will autodiscover.mail.primarydomain work or does it need to be autodiscover.primarydomain.com.
3. Also do I need to add an autodiscover for each domain? Are there any other records I might need?
4. Do I need to make any changes to the Autodiscover site settings on the Exchange server so external Outlook users can use Autoconfigure for whichever domain their primary email address is?

Kind Regards
Aaron
0
moncomp
Asked:
moncomp
  • 5
  • 3
3 Solutions
 
suriyaehnopCommented:
If you're hosted multiple accepted, you can use 1 UC certifcate with one autodiscover name space on certificate then you create a SRV records for another autodiscover domain to point to autodiscover name in certificate.

https://social.technet.microsoft.com/Forums/exchange/en-US/c7518c14-f7f7-424f-aea2-651b48658cb8/autodiscover-and-srv-records

http://support.microsoft.com/kb/940881
0
 
moncompAuthor Commented:
ahh thank you suriyaehnop I'll have a read of your links :)
0
 
Simon Butler (Sembee)ConsultantCommented:
It depends if you have users with the additional domains as their PRIMARY email address?
For example, if you have users with example.com and example.co.uk, but the .co.uk is NOT any user's primary address, then there is no need to have it listed in Autodiscover.
If they do, then either additional Autodiscover A records or SRV records will be required.

The Autodiscover record needs to be Autodiscover.example.com, where example.com is the part after the @ sign in the email address. Therefore unless your email addresses are user@mail.example.com then the Autodiscover entry you are seeing is incorrect.

Simon.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
moncompAuthor Commented:
Hi Simon

I do have that scenario you describe, I followed suriyaehnop's links and found this option: "Configure Autodiscover Redirection for the Multi-Tenant Organization": http://technet.microsoft.com/en-us/library/ff923256.aspx

I am running Exchange 2010 SP3 on a separate instance from the DC, do you think that I can setup the redirection site using IIS7 on the server running Exchange 2010?

Kind Regards
Aaron
0
 
Simon Butler (Sembee)ConsultantCommented:
You can setup another site. You will need another external IP address for it, so that it doesn't conflict with the main site and you don't have to configure lots of host headers for the second site so it works correctly.

Simon.
0
 
moncompAuthor Commented:
Hi Simon

Also with the existing UNC cert, will it work if I have autodiscover.mail.primarydomain.com instead of autodiscover.primarydomain.com?  Or do I need to order a new one?
0
 
moncompAuthor Commented:
Hi Simon

So if I break down the configuration to these tasks it should work?:
- create and point all autodiscover records to another external IP address that is pointing to the server hosting the site.
- Setup an autodiscover redirection site configured in IIS7 on the VM running Exchange 2010 (not the DC). Is this the best place to configure the new site?
0
 
Simon Butler (Sembee)ConsultantCommented:
A certificate for "autodiscover.mail.primarydomain.com" would work for everything but "primarydomain.com", unless you configured them all for the redirection method.

Doesn't really matter where you configure the redirection site as long as it has its own external IP address and the traffic goes to the correct internal web site.

Simon.
0
 
moncompAuthor Commented:
Hi Simon

Ahh i checked the email addresses for the users and none of them are using the primarydomain.com as their email address. So in that case it sounds like I can use the existsing autodiscover.mail.primarydomain.com cert for the other two domains in use in the users email addresses. That solves one issue. So I think the next step is to build an internal redirection site and then start testing the autoconfigure is parsing correctly.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now