<div>
Remove the Autodiscover Virtual Directory on the SBS server and make sure there are no Exchange accounts for the local users on the SBS server.<br />
<br />
Ensure that auto discover.yourdomain.com resolves in internal DNS to the hosted Exchange domain and not your internal domain and the errors should go away.<br />
<br />
You can use the following to find / remove the Autodiscover Virtual Directory:<br />
<br />
get-autodiscovervirtualdir<wbr />ectory | remove-autodiscovervirtual<wbr />directory<br />
<br />
Just curious though why you have SBS and then pay for Exchange hosted elsewhere?<br />
<br />
Alan
</div>


<div>
The reason why this happens.<br />
1) SBS created DNS entries for the exchange and are taking priority over the external resolution.<br />
<br />
Modify the DNS to resolve to the IP address of the Hosting provide rather than the Local server.<br />
<br />
the ones that you need to look at are <br />
SRV records and Auto discover .<br />
<br />
if not present add a SRV record with the details of the hosting provider.<br />
<br />
Also stop the relevant application directories within IIS instead of deleting them (Just in case you need them for
</div>


<div>
Hi,<br />
<br />
thanks for both your replies.<br />
<br />
I did delete the autodiscover virtual directory and there is currently no mailboxes on the local Exchange server but the problem persists. As for the autodiscover, I am configuring the email settings manually so there are no dns records with autodiscover internally or externally.
</div>


<div>
If you use the following command in a command prompt on a local computer in your network:<br />
<br />
nslookup autodiscover.yourdomain.co<wbr />m (obviously change the yourdomain.com part)<br />
<br />
What is returned as the result?
</div>


<div>
Here are the results<br />
<br />
C:\Users\terminal&gt;nslookup<wbr /> autodiscover.********quebe<wbr />c.local<br />
Serveur : &nbsp; pension-srv.*********quebe<wbr />c.local<br />
Address: &nbsp;10.10.0.5<br />
<br />
*** pension-srv.*********quebe<wbr />c.local ne parvient pas à trouver autodiscover.*********queb<wbr />ec.local : Non-existent domain
</div>


<div>
Okay - so it looks like you have an autodiscover DNS record locally which you need to delete.
</div>


<div>
I can't seem to find the record in the DNS manager of the server.<br />
<br />
ALso if I run the same command of the server itslef, here is the result I get.<br />
<br />
C:\Users\terminal&gt;nslookup<wbr /> autodiscover.*******quebec<wbr />.local<br />
Server: &nbsp;UnKnown<br />
Address: &nbsp;fe80::****:****:****:****<br />
<br />
*** UnKnown can't find autodiscover.******quebec.<wbr />local: Non-existent domain<br />
<br />
I did ipconfig /flushdns on the client machine and still get the same result
</div>


<div>
Are you using the 10.10.0.x IP range internally?
</div>


<div>
The it must either be in the DNSsettings or it's hard coded in the HOSTS fileon the server or client(s) (or the LMHOSTS file)<br />
<br />
Please check c:\windows\system32\driver<wbr />s\etc for both files locally and on the server(s).
</div>


<div>
I just checked both HOSTS &amp;&nbsp;LMHOsts files on an affected machine and the server and they are both at the default state with no added lines.
</div>


<div>
It has to be somewhere in DNS then on your servers. &nbsp;You need to find it and remove it, or if there is a * set that resolves anything that isn't specified, that needs removing.
</div>


<div>
Wouldn't the server give me the same result if that was the case? Also, I double checked and that station is using that server as it's DNS.
</div>


<div>
Depends on how the network and DNS is configured.<br />
<br />
Please post the IP configuration settings of the server and a workstation please showing the DNS Servers used for each (and please specify which are the server IP settings and which are the workstation settings).<br />
<br />
Thanks<br />
<br />
Alan
</div>


<div>
Here is one client station:<br />
<br />
<br />
Configuration IP de Windows<br />
<br />
&nbsp; &nbsp;Nom de l'hôte . . . . . . . . . . : t2013-02<br />
&nbsp; &nbsp;Suffixe DNS principal . . . . . . : ******quebec.local<br />
&nbsp; &nbsp;Type de noeud. . . . . . . . . . &nbsp;: Hybride<br />
&nbsp; &nbsp;Routage IP activé . . . . . . . . : Non<br />
&nbsp; &nbsp;Proxy WINS activé . . . . . . . . : Non<br />
&nbsp; &nbsp;Liste de recherche du suffixe DNS.: ******quebec.local<br />
<br />
Carte Ethernet Ethernet :<br />
<br />
&nbsp; &nbsp;Suffixe DNS propre à la connexion. . . : *******quebec.local<br />
&nbsp; &nbsp;Description. . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller<br />
&nbsp; &nbsp;Adresse physique . . . . . . . . . . . : 74-D0-**-**-**-C7<br />
&nbsp; &nbsp;DHCP activé. . . . . . . . . . . . . . : Oui<br />
&nbsp; &nbsp;Configuration automatique activée. . . : Oui<br />
&nbsp; &nbsp;Adresse IPv6 de liaison locale. . . . .: fe80::****:****:****:f0b%3<wbr />(préféré)<br />
<br />
&nbsp; &nbsp;Adresse IPv4. . . . . . . . . . . . . .: 10.10.0.102(préféré)<br />
&nbsp; &nbsp;Masque de sous-réseau. . . . . . . . . : 255.255.255.0<br />
&nbsp; &nbsp;Bail obtenu. . . . . . . . . . . . . . : 24 novembre 2014 08:18:58<br />
&nbsp; &nbsp;Bail expirant. . . . . . . . . . . . . : 2 décembre 2014 08:19:18<br />
&nbsp; &nbsp;Passerelle par défaut. . . . . . . . . : 10.10.0.1<br />
&nbsp; &nbsp;Serveur DHCP . . . . . . . . . . . . . : 10.10.0.5<br />
&nbsp; &nbsp;IAID DHCPv6 . . . . . . . . . . . : 256919133<br />
&nbsp; &nbsp;DUID de client DHCPv6. . . . . . . . : 00-01-00-01-19-**-**-**-**<wbr />-D0-2B-2B-<wbr />03<br />
-C7<br />
&nbsp; &nbsp;Serveurs DNS. . . &nbsp;. . . . . . . . . . : 10.10.0.5<br />
&nbsp; &nbsp;NetBIOS sur Tcpip. . . . . . . . . . . : Activé<br />
<br />
Carte Tunnel isatap.******quebec.local :<br />
<br />
&nbsp; &nbsp;Statut du média. . . . . . . . . . . . : Média déconnecté<br />
&nbsp; &nbsp;Suffixe DNS propre à la connexion. . . :<br />
&nbsp; &nbsp;Description. . . . . . . . . . . . . . : Carte Microsoft ISATAP #2<br />
&nbsp; &nbsp;Adresse physique . . . . . . . . . . . : 00-00-00-00-00-00-00-E0<br />
&nbsp; &nbsp;DHCP activé. . . . . . . . . . . . . . : Non<br />
&nbsp; &nbsp;Configuration automatique activée. . . : Oui<br />
<br />
<br />
<br />
<br />
Here is the Server:<br />
<br />
Windows IP Configuration<br />
<br />
&nbsp; &nbsp;Host Name . . . . . . . . . . . . : PENSION-SRV<br />
&nbsp; &nbsp;Primary Dns Suffix &nbsp;. . . . . . . : *******quebec.local<br />
&nbsp; &nbsp;Node Type . . . . . . . . . . . . : Hybrid<br />
&nbsp; &nbsp;IP Routing Enabled. . . . . . . . : No<br />
&nbsp; &nbsp;WINS Proxy Enabled. . . . . . . . : No<br />
&nbsp; &nbsp;DNS Suffix Search List. . . . . . : ********quebec.local<br />
<br />
Ethernet adapter Local Area Connection 2:<br />
<br />
&nbsp; &nbsp;Media State . . . . . . . . . . . : Media disconnected<br />
&nbsp; &nbsp;Connection-specific DNS Suffix &nbsp;. :<br />
&nbsp; &nbsp;Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS<br />
&nbsp;VBD Client) #2<br />
&nbsp; &nbsp;Physical Address. . . . . . . . . : A4-BA-**-**-8C-10<br />
&nbsp; &nbsp;DHCP Enabled. . . . . . . . . . . : No<br />
&nbsp; &nbsp;Autoconfiguration Enabled . . . . : Yes<br />
<br />
Ethernet adapter Local Area Connection:<br />
<br />
&nbsp; &nbsp;Connection-specific DNS Suffix &nbsp;. :<br />
&nbsp; &nbsp;Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS<br />
&nbsp;VBD Client)<br />
&nbsp; &nbsp;Physical Address. . . . . . . . . : A4-BA-**-**-8C-11<br />
&nbsp; &nbsp;DHCP Enabled. . . . . . . . . . . : No<br />
&nbsp; &nbsp;Autoconfiguration Enabled . . . . : Yes<br />
&nbsp; &nbsp;Link-local IPv6 Address . . . . . : fe80::3d2c:****:****:7e82%<wbr />10(Preferr<wbr />ed)<br />
&nbsp; &nbsp;Link-local IPv6 Address . . . . . : fe80::8cce:****:****:717c%<wbr />10(Preferr<wbr />ed)<br />
&nbsp; &nbsp;IPv4 Address. . . . . . . . . . . : 10.10.0.5(Preferred)<br />
&nbsp; &nbsp;Subnet Mask . . . . . . . . . . . : 255.255.255.0<br />
&nbsp; &nbsp;Default Gateway . . . . . . . . . : 10.10.0.1<br />
&nbsp; &nbsp;DHCPv6 IAID . . . . . . . . . . . : 228899547<br />
&nbsp; &nbsp;DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-**-**-**-**-A4<wbr />-BA-DB-53-<wbr />8C-11<br />
<br />
&nbsp; &nbsp;DNS Servers . . . . . . . . . . . : fe80::3d2c:****:****:7e82%<wbr />10<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;10.10.0.5<br />
&nbsp; &nbsp;NetBIOS over Tcpip. . . . . . . . : Enabled<br />
<br />
Tunnel adapter Local Area Connection* 8:<br />
<br />
&nbsp; &nbsp;Media State . . . . . . . . . . . : Media disconnected<br />
&nbsp; &nbsp;Connection-specific DNS Suffix &nbsp;. :<br />
&nbsp; &nbsp;Description . . . . . . . . . . . : isatap.{D95D3C6E-1884-4D9C<wbr />-9879-A50E<wbr />78396<br />
588}<br />
&nbsp; &nbsp;Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0<br />
&nbsp; &nbsp;DHCP Enabled. . . . . . . . . . . : No<br />
&nbsp; &nbsp;Autoconfiguration Enabled . . . . : Yes<br />
<br />
Tunnel adapter Local Area Connection* 9:<br />
<br />
&nbsp; &nbsp;Media State . . . . . . . . . . . : Media disconnected<br />
&nbsp; &nbsp;Connection-specific DNS Suffix &nbsp;. :<br />
&nbsp; &nbsp;Description . . . . . . . . . . . : isatap.{64C8DA7C-8595-4B47<wbr />-91F9-EE17<wbr />1D948<br />
9A3}<br />
&nbsp; &nbsp;Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0<br />
&nbsp; &nbsp;DHCP Enabled. . . . . . . . . . . : No<br />
&nbsp; &nbsp;Autoconfiguration Enabled . . . . : Yes
</div>


<div>
Well that all looks normal (sadly).<br />
<br />
So what have you got configured in DNS internally?<br />
<br />
Can you post a screen shot of the DNS Zones (obscuring anything identifying but not so that the names can't be identified as internal / external ones).<br />
<br />
Thanks<br />
<br />
Alan
</div>


<div>
Thanks for your replies.<br />
<br />
Here are the screenshots as asked.<br />
<a href="https://filedb.experts-exchange.com/incoming/2014/11_w48/885324/dns1.jpg" target="_blank" class="file-inline" title="DNS 1 (114 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>dns1.jpg</a><br />
<a href="https://filedb.experts-exchange.com/incoming/2014/11_w48/885325/dns2.jpg" target="_blank" class="file-inline" title="DNS 2 (159 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>dns2.jpg</a>
</div>


dns1.jpg

dns2.jpg

<div>
Thanks for those. &nbsp;Can you show me the .org DNS zone too.<br />
<br />
Many thanks<br />
<br />
Alan
</div>


dns3.jpg

<div>
Sorry - just reviewed the earlier comments and I asked you to lookup auto discover.yourdomain.com and you posted the result as:<br />
<br />
nslookup autodiscover.********quebe<wbr />c.local<br />
<br />
This is not the correct domain - it needs to be your external (Public domain) not your internal domain.<br />
<br />
Please re-run the command using autodiscover.yourdomain.or<wbr />g and post the result.<br />
<br />
Thanks<br />
<br />
Alan
</div>


<div>
Here is the result from the server<br />
<br />
Microsoft Windows [Version 6.0.6002]<br />
Copyright (c) 2006 Microsoft Corporation. &nbsp;All rights reserved.<br />
<br />
C:\Users\terminal&gt;nslookup<wbr /> autodiscover.******.org<br />
Server: &nbsp;UnKnown<br />
Address: &nbsp;fe80::****:****:****:7e82<br />
<br />
*** UnKnown can't find autodiscover.*******.org: Non-existent domain<br />
<br />
C:\Users\terminal&gt;
</div>


<div>
Okay - so is there an Autodiscover A record setup in your External DNS records (not locally on your server) that points to the Public IP Address of your hosting company, or if they don't have auto discover.yourdomain.org added to their SSL certificate, which they probably won't, do you have an SRV record that points to a name included in their SSL certificate?<br />
<br />
Here is a guide in case you need help setting it up:<br />
<a href="http://support.microsoft.com/kb/940881" rel="ugc nofollow">http://support.microsoft.com/kb/940881</a><br />
<br />
This will normally be setup where you login to a Control Panel and may be where your domain is hosted / purchased.<br />
<br />
Alan
</div>


<div>
Okay here is more information on this case:<br />
<br />
We recently took over the IT for this company and it's a little messy but we have to deal with it for now.<br />
The hosted exchange is actually on another SBS Server with exchange in the same LAN but separated by VLANs<br />
We happens to also manage the other SBS so if you need info there, I can supply it also. They put all the mailboxes on one server to save cost on backup licences. (I think?)<br />
<br />
That being said, If I create an SRV record that points to the another exchange, it resolves it just fine, but I also get the annoying DNSAlias.org certificate. It seems to come from the local AD and comes before anything else.<br />
<br />
Once again, thanks for your help.
</div>


<div>
Is the server hosting Exchange not on a Fixed IP Address?
</div>


<div>
It is yes, but it can also be reached locally with the local IP address 10.9.0.2 through a firewall rule within the VLANs.
</div>


<div>
Okay - if it is on a fixed Public IP Address - why is it using a dnsalias.org certificate
</div>


<div>
The dnsalias.org certificate is the one from the local/decomissionned exchange which they are not using anymore.
</div>


<div>
Okay - how decommissioned is the server as if it is throwing up cert prompts, it doesn't sound very decommissioned to me?
</div>


<div>
Well that's pretty much the root of my problem.<br />
<br />
As stated previously, I did delete the local autodiscover virtual directory and there is currently no mailboxes on the local Exchange server but the certificate prompt of the local exchange persists. The next step could be to completely uninstall exchange but I am very hesitant to do that since it is a Windows Small Business server and that exchange is so closely tied to the SBS Console.
</div>


<div>
Can you disable all the Exchange services and stop the default website without knowingly causing other issues?<br />
<br />
Alan
</div>


<div>
I just did but I get the same results unfortunately.
</div>


<div>
<div class="content wysiwyg-content">
Hi!<br />
<br />
We have a weird issue at one of our clients.<br />
<br />
here is the scenario:<br />
<br />
They have a local SBS2008 with Exchange 2007 but do not use the local Exchange. Instead, they use a hosted exchange from a nerby company. The problem is that when we configure Outlook, we have a certificate error message that refers to the Outlook Anywhere of the local Exchange.<br />
<br />
Here is what we have tried so far:<br />
<br />
-Deleted/recreated the Outlook Profile<br />
-Did the Outlook connectivity test and nowhere does it refer to the URL in the certificate error.<br />
-Removed the computer from the domain and tried configuring the Profile in a workgroup (It worked)
</div>
</div>


Hi!

We have a weird issue at one of our clients.

here is the scenario:

They have a local SBS2008 with Exchange 2007 but do not use the local Exchange. Instead, they use a hosted exchange from a nerby company. The problem is that when we configure Outlook, we have a certificate error message that refers to the Outlook Anywhere of the local Exchange.

Here is what we have tried so far:

-Deleted/recreated the Outlook Profile
-Did the Outlook connectivity test and nowhere does it refer to the URL in the certificate error.
-Removed the computer from the domain and tried configuring the Profile in a workgroup (It worked)

Exchange Certificate Prompt

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

An email client, email reader or more formally mail user agent (MUA) is a computer program used to access and manage a user's email. A web application that provides message management, composition, and reception functions is sometimes also considered an email client, but more commonly referred to as webmail.