Solved

Autodiscover issues with single ssl and multiple email domains

Posted on 2014-12-19
12
76 Views
Last Modified: 2015-03-30
Hi

I have an exchange 2013 server for only external users connecting via exchange active sync.

External name: hostedex.domain.com

I have an ssl on that domain and exchange is all setup and telnet in and out test work fine for mail flow.

The server will have quite a few different domains setup on it for email.

Users will not have access to all of the domains.

I want to try and setup autodiscover so they can setup their email accounts themselves but at the moment when i try to setup an email account such as

test@domain1.com the autodiscover is moaning that the ssl is for test@domain.com.

I have created a cname on domain1.com to point to the autodiscover address on domain.com but still no luck.

Can this be done without having to have an ssl cert for each domain we have on the server?

thanks
0
Comment
Question by:timb551
  • 6
  • 5
12 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
You cannot use a CNAME, because that is just a DNS entry, it doesn't change what the client tries to connect to.
If you want to use a single certificate then you have two (well technically three)

1. Autodiscover redirect method. This uses a non-HTTPS web site (needs to be separate from the main site, different IP address etc) to direct the clients to the SSL secured Autodiscover site.
2. SRV records. For SRV records to work correctly you must ensure that there are NO wildcards in the domain, so that Autodiscover.example.com does NOT resolve.

The third method is no Autodiscover support at all.
As you have said this is just for ActiveSync, this is a viable option. Not only because you can avoid it with mobile devices, but also because there is usually a very high failure rate in my experience with mobile devices and Autodiscover. Android it is very hit and miss, depending on the vendor and OS version. Apple a bit better. Blackberry OS 10 and Windows Phone usually work correctly.

Therefore whatever you do, you will need to have manual instructions.

Simon.
0
 

Author Comment

by:timb551
Comment Utility
Thanks

Why does option 2 involve manual instructions?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
You need to have manual instructions for the reasons I have given - Autodiscover more often than not does not work on mobile devices.

Simon.
0
 

Author Comment

by:timb551
Comment Utility
ah fair enough.

What do i need to do for option 2 though. will give that a go and see how i get on?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
Follow the instructions from Microsoft here: http://semb.ee/srv

Remember it is EXTERNAL DNS you need to make the changes on.

The quicker Microsoft release Accompli for themselves the better, as that does actually work (Accompli is an ActiveSync client for iOS and Android which Microsoft bought earlier this month).

Simon.
0
 
LVL 2

Accepted Solution

by:
Jasvindar Singh earned 500 total points
Comment Utility
As you have Single name certificate Issued to "hostedex.domain.com" the best option for autodiscover to work for single domain or multiple domain is to create SRV record.

For Eg. In Public DNS - Under domain1.com => Create SRV record

Service: _autodiscover
Protocol: _tcp
Port Number: 443
Host: hostedex.domain.com  (Value in your certificate)

In Public DNS - Under domain2.com => Create same SRV record and so on.

Supporting Article => http://support.microsoft.com/kb/940881
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:timb551
Comment Utility
Have added the srv record but still doesnt seem to be setting up without throwing up an SSL error.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
Have you checked that

Autodiscover.example.com

does NOT resolve somewhere it shouldn't do?

Furthermore,

https://example.com/Autodiscover/Autodiscover.xml

should also not work.

Once a trusted certificate is in place, the most common cause of problems is web hosts getting in the way, with wildcards in the domain, or using Autodiscover with their own control panels.

Simon.
0
 

Author Comment

by:timb551
Comment Utility
I have checked for wildcards and is does resolve to the correct ip.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
Does the URL that I posted above work?

Simon.
0
 

Author Comment

by:timb551
Comment Utility
It brings up a username and password box
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
If the root of your domain does not resolve to your Exchange server, then that is probably the cause of your problems. If you can cancel the authentication box, then look at the SSL certificate being presented I expect it isn't yours.

If that is the case, then you need to speak to your web host and get them to turn off Autodiscover on your domain. First line support will say it cannot be done (really means - we have no idea what you are on about), so you will have to be persistent.

Simon.
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now