Solved

outlook certificate error  and autodiscover.domain.com

Posted on 2014-11-21
6
555 Views
Last Modified: 2014-11-24
On our Exchange 2010 server we have an SSL certificate for Outlook Anywhere and OWA. This works well but since we have installed the certificate Domain connected users get a certificate error when they open outlook, they just accept and can work normally.
Looking at the certificate name it is for https://domain.com.
There are several articles on the web: Microsoft 940726 and a blog by Elan Shudnow which describe this exact error.
It seems that the certificate needs to have autodiscover.domain.com added as an SNA, would this be added to my Exchange certificate or does my domain hosting company have to add it to there certificate?
0
Comment
Question by:PHBSupport
6 Comments
 
LVL 16

Expert Comment

by:Rajitha Chimmani
ID: 40457499
You need to have autodicover.domain.com added to the Exchange certificate.
0
 
LVL 8

Expert Comment

by:tshearon
ID: 40457705
If you don't currently have it you will need a new one from your provider.
0
 

Author Comment

by:PHBSupport
ID: 40457737
At the moment the certificate is for remote.domain.com
I've reconfigured Exchange to use FQDN as per MS id 940726
I've added autodiscover.domain.com as a SAN to the Exchange certificate

When ever a domain connected user opens Outlook they get a certificate error, it's going to the https certificate of our web site. The hosting company say there nothing they can do as they use a wild card so cant add individual entry's to it

In the "old days" we just put the domain.local in the certificate but that has now been stopped.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40458607
There are one of two things you can do.

Either create an autodiscover SRV record at your external DNS provider. That was you can just do a standard SSL. No SAN needed.

The alternative is to an SAN cert.

Check out my article here. I think it will help.
http://supertekboy.com/2014/05/27/designing-a-simple-name-space-for-exchange-2010/
0
 

Author Closing Comment

by:PHBSupport
ID: 40462827
Gareth I had implemented everything in your article except the split brain DNS. Once I had added the entry no more cert errors

Many thanks

And thanks for the other contributions
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40462829
Awesome!
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now