Outlook anywere Help with a .local active directory name

Hi Guys

need some help as there looks to be a fair few ways to sort this.

Been asked to get outlook anywere working on a domain which i did not setup. unfortunally the orignally it team set the active directory as companyname.local

so with the new UCC certificate laws i cannot get a cert to get outlook anywere up and running.

any ideas which path i should take.

ideally i dont want to rebuild/migrate the whole domain not really an option currently. i have googled a fair bit and tried a few scripts to do with creating new virtual dirs on IIS but all seem to error.

Current setup is as follows
Server : Windows 2008 R2
Exchange : Exchange 2010
Servername : exchange.local
External domain : exchange.companyname.com
UCC cert is setup for : exchange.companyname.com, companyname.com

any help would be very much appreciated.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Not this question again.
This is very easy. Just setup a split DNS for your external name so the name resolves internally as well as externally.
Then change the configuration of Exchange to use the external name.

No need to rename the name or anything.

Peter HutchisonSenior Network Systems SpecialistCommented:
I agree with simon, a split DNS is possible, so you need to setup a public DNS name and thus use that for a basis for a external name for Outlook Anywhere.
EnlightxAuthor Commented:
thanks for help so far guys

i had already setup the splitdns as i have the public domain name pointing to the site ip and ports forwarded.

iv followed the guide and internal computers seems to be connecting using outlook anywere okay but still getting issues when trying to connect externally.

autodiscover does not work and when trying Manuel settings im getting certificate not trusted issues
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Simon Butler (Sembee)ConsultantCommented:
Do you have a trusted certificate in place?
Have you configured Autodiscover DNS records?
When you get the SSL prompt, look at the certificate. Is it your certificate?

A common problem is with Autodiscover looking at the root of the domain first (https://example.com instead of https://autodiscover.example.com/ ). If your web host has something on the root of the domain then you can get errors. You need to ask the web host to disable Autodiscover for your domain.

Gareth GudgerSolution ArchitectCommented:
Check out this article as well. Step-by-step on what you need to do. Lots of screenshots.
EnlightxAuthor Commented:
great guide using it to start from scratch. iv already noticed i stupidly didnt include autodicover in my cert request so starting fresh ill sort this hopefully will sort my issue.

will report back after new cert is issued
Gareth GudgerSolution ArchitectCommented:
The only time autodiscover isn't needed if you created an SRV record with your external DNS provider for autodiscover. But not all providers support this.
EnlightxAuthor Commented:
Hi Guys,

Sorry took so long had to revoke current cert and wait for credit then reissue. now all done but still having issues.

When trying to use an outside outlook client and using the setup wizard it trys to connect (i dont get any cert issues anymore now) but keeps asking for username and password login. which i have tried using domain credentials and it still fails with the following.

The connection to Microsoft Exchange is unavailable. Outlooks must be online or connected to complete this action.

to note all internal outlook clients seems to be working okay and use http okay when connecting.

local clients have the following settings in proxy settings

use this URL to connect :

Ticked only connect to proxy servers that have this principal name in there certificate:

unticked on fast networks connect using http first
ticked on slow networks connect using http first

proxy auth settings :
Basic Authentication
Gareth GudgerSolution ArchitectCommented:
When trying to use an outside outlook client and using the setup wizard it trys to connect (i dont get any cert issues anymore now) but keeps asking for username and password login. which i have tried using domain credentials and it still fails with the following.

This is still an indication of a certificate or a DNS issue.

Run the autodiscover test from www.exrca.com and post the results here.
EnlightxAuthor Commented:
Ahh yes I forgot about the tests you can perform.

I see the issue now but not sure how to sorT

      Attempting to test potential Autodiscover URL https://domain.com:443/Autodiscover/Autodiscover.xml

Failed test :
      Additional Details
Host name domain.com doesn't match any name found on the server certificate CN=*.secure-secure.co.uk, OU=Domain Control Validated.
Elapsed Time: 0 ms.
      Attempting to test potential Autodiscover URL https://autodiscover.domain.com:443/Autodiscover/Autodiscover.xml

Looks like it's looki on he webhosting site and not exchnage server

Current setup is as follows

Domain has webhosting with a company, this hosts a website as well as getting mail for the company.
The exchnage server is then running on a static ip broadband line and I have forwarded exchange.domain.com and autodiscover.domain.com to the static ip.

exchnage server picked up mail from pop server and has certificate installed etc.
Simon Butler (Sembee)ConsultantCommented:
You need to get the web host company to disable Autodiscover for your domain.
Autodiscover by default will try and do https://example.com/Autodiscover/Autodiscover.xml - with some web hosting packages that URL will work (with an SSL error). Only the web host can fix that, so that Autodiscover will then use one of the later URLs such as https://autodiscover.example.com/ 

EnlightxAuthor Commented:
okay thanks for info. ill get onto webhost see if i can get it disabled.

will be back with an update in couple of days
EnlightxAuthor Commented:
had the typical 1st response back from the web host saying it may not be possible to disable as we are on a linux package and linux doesnt use autodiscover :|

is there anyway around it is i have no luck with the webhost being able to disable?
Simon Butler (Sembee)ConsultantCommented:
The version of the web hosting package doesn't matter, as it is just a redirect.
Autodiscover isn't really a Linux feature, the web hosting package uses it for its own email service.

You need to check whether you get a response from https://example.com/Autodiscover/Autodiscover.xml (remember this is the root of the domain, so not www.example.com). If you are, then they need to disable the functionality.

EnlightxAuthor Commented:
Looking on the ftp there is nothing on the server at that path. If also tried putting a blank autodiscover.xml but still get the same errors.

Webhost is now saying there's nothing they can do :(

Anything else you can suggest I try
Gareth GudgerSolution ArchitectCommented:
Check your external DNS zone file.

Any SRV records in their for autodiscover? I know GoDaddy for example will create SRV records in their web hosting that direct autodiscover SRV records over to its CPANEL mail.

Also, check for CNAME autodiscover records. I have seen where hosting providers will set the CNAME of autodiscover to the @ record. Which then often points to the web hosting.
Simon Butler (Sembee)ConsultantCommented:
You will not see anything on an FTP lookup, because it is a virtual directory. The only way that you will see it is to browse to the path that I have posted to see what comes back.

If you are seeing the host's SSL certificate then they have to be doing something with Autodiscover.

EnlightxAuthor Commented:
looking at


i get the following

This XML file does not appear to have any style information associated with it. The document tree is shown below.
      <Autodiscover><Response><Error Time="21:36:40.0028140" Id="3007185755"><ErrorCode>600</ErrorCode><Message>Invalid Request</Message><DebugData/></Error></Response></Autodiscover>
EnlightxAuthor Commented:
well i just got a sucessul connection from outside the domain. just releasied RPC over HTTP was not install on the exchange server. installed that and im now connecting.

when autodiscover kicks in though it is asking for domain username and password in the form of a windows login box.

any ideas if its possible to stop this from asking this and it pickup from the outlook config settings? iv set NTLM so as i beleive it wont keep asking. will just make it easier for end users as i know sometimes this box can hide behind other windows on a dual monitor setup.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simon Butler (Sembee)ConsultantCommented:
Changing the authentication to NTLM will work for domain enabled clients. The change will be picked up by the clients via Autodiscover - if Autodiscover is working correctly.

The response you got from the browser is correct (to show that Autodiscover is there) because the browser is not Outlook, so the response is invalid.

EnlightxAuthor Commented:
found solution myself with added help with Simon Butler
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.