Solved

Exchange 2010 Configure Autodiscover with Multiple Domains

Posted on 2014-11-16
10
279 Views
Last Modified: 2016-06-15
Hey Guys

I'm trying to cleanup the Autodiscover for a server I've been put in charge of.
I've run BPA on the server and cleaned up some old junk. I've also patched it to SP3 and fixed the RDNS as that was missing. I've got internal and external users connecting ok. Internal Autodiscover is working. But external Autodiscover is not.

I noticed a couple of problems:
1. There are no autodicsover records set at the domain host.
2. The SSL certificate is from Godaddy and allows up to 5 names. It only has the mail.primarydomain.com address added (that address matches what is configured in Exchange for autodiscover services & URL's etc). There is autodiscover for the primary domain but it's autodiscover.mail.primarydomain.com. All other domains seem to be missing the autodiscover.domain.com addresses and any other relevant addresses.


So my question are:
1. Do I need an autodiscover A record (autodiscover.primarydomain.com , autodiscover.domain2.com, autodiscover.domain3.com) for each accepted domain at the domain host? If so, should I point them all to the mail.primarydomain.com DNS record or the public IP of the Exchange server?
2. In the new SSL cert that I wish to order, will autodiscover.mail.primarydomain work or does it need to be autodiscover.primarydomain.com.
3. Also do I need to add an autodiscover for each domain? Are there any other records I might need?
4. Do I need to make any changes to the Autodiscover site settings on the Exchange server so external Outlook users can use Autoconfigure for whichever domain their primary email address is?

Kind Regards
Aaron
0
Comment
Question by:moncomp
  • 5
  • 3
10 Comments
 
LVL 18

Expert Comment

by:suriyaehnop
ID: 40446696
If you're hosted multiple accepted, you can use 1 UC certifcate with one autodiscover name space on certificate then you create a SRV records for another autodiscover domain to point to autodiscover name in certificate.

https://social.technet.microsoft.com/Forums/exchange/en-US/c7518c14-f7f7-424f-aea2-651b48658cb8/autodiscover-and-srv-records

http://support.microsoft.com/kb/940881
0
 

Author Comment

by:moncomp
ID: 40446792
ahh thank you suriyaehnop I'll have a read of your links :)
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40447549
It depends if you have users with the additional domains as their PRIMARY email address?
For example, if you have users with example.com and example.co.uk, but the .co.uk is NOT any user's primary address, then there is no need to have it listed in Autodiscover.
If they do, then either additional Autodiscover A records or SRV records will be required.

The Autodiscover record needs to be Autodiscover.example.com, where example.com is the part after the @ sign in the email address. Therefore unless your email addresses are user@mail.example.com then the Autodiscover entry you are seeing is incorrect.

Simon.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:moncomp
ID: 40456748
Hi Simon

I do have that scenario you describe, I followed suriyaehnop's links and found this option: "Configure Autodiscover Redirection for the Multi-Tenant Organization": http://technet.microsoft.com/en-us/library/ff923256.aspx

I am running Exchange 2010 SP3 on a separate instance from the DC, do you think that I can setup the redirection site using IIS7 on the server running Exchange 2010?

Kind Regards
Aaron
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 40458665
You can setup another site. You will need another external IP address for it, so that it doesn't conflict with the main site and you don't have to configure lots of host headers for the second site so it works correctly.

Simon.
0
 

Author Comment

by:moncomp
ID: 40461190
Hi Simon

Also with the existing UNC cert, will it work if I have autodiscover.mail.primarydomain.com instead of autodiscover.primarydomain.com?  Or do I need to order a new one?
0
 

Author Comment

by:moncomp
ID: 40461198
Hi Simon

So if I break down the configuration to these tasks it should work?:
- create and point all autodiscover records to another external IP address that is pointing to the server hosting the site.
- Setup an autodiscover redirection site configured in IIS7 on the VM running Exchange 2010 (not the DC). Is this the best place to configure the new site?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 40463240
A certificate for "autodiscover.mail.primarydomain.com" would work for everything but "primarydomain.com", unless you configured them all for the redirection method.

Doesn't really matter where you configure the redirection site as long as it has its own external IP address and the traffic goes to the correct internal web site.

Simon.
0
 

Author Comment

by:moncomp
ID: 40463590
Hi Simon

Ahh i checked the email addresses for the users and none of them are using the primarydomain.com as their email address. So in that case it sounds like I can use the existsing autodiscover.mail.primarydomain.com cert for the other two domains in use in the users email addresses. That solves one issue. So I think the next step is to build an internal redirection site and then start testing the autoconfigure is parsing correctly.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question