Exchange 2013 autodiscover settings

Dear Experts,

I am deploying an Exchange 2013 server in a windows 2012R2 domain and would like some guidance as to setting up autodiscover correctly.  Its a greenfield install. Lets call the  domains intdomain.local and

What are the DNS entries required for the public domain?

I believe I may need to setup an internal split domain as .local domains are no longer being allowed as SAN on UCC certs. How do I do this properly?

What configuration changes do I need to make in exchange sever?

Who is Participating?
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
For your SSL SAN cert you need the following DNS names associated with the cert.
- A (host) record for
- Reverse (x.x.x.x) record pointing to
- cname record (

Internal DNS you will need to configure a Zone for
- Add all of your entries above to this internal zone for your external DNS names

You will then configure all of the virtual directories using the (except for autodiscover)
Virtual Directory Examples

Once you have set all of the URL's for your virtual directories you need to import and assign the cert via powershell.


Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxxxxxx -services "pop,imap,smtp,iis"

These are the high level steps to get your Exchange server up and running.

Md. MojahidCommented:
You need to adjust both so that they are handing out the same URL to the domain.

All servers in the same AD site should have the same value for the Autodiscover value.

set-clientaccessserver -Identity servername -AutodiscoverServiceInternalURI

Just as it was on Exchange 2007 and 2010.

If you have non-domain clients on the internal domain using the internal DNS then you will need to configure DNS records in the usual way, depending on the SSL certificate.

For more
tech53Author Commented:
"Internal DNS you will need to configure a Zone for
- Add all of your entries above to this internal zone for your external DNS names"

I have created a new Forward Lookup Zone called pointing to the internal IP address of the Exchange Server.  Do I need to create a CNAME record for inside that FLZ or do I even need to create one at all?
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Will SzymkowskiSenior Solution ArchitectCommented:
No you don't create a Forward Lookup Zone for "" you create it for Create an A record in this forward lookup zone for and create a cname record for

tech53Author Commented:
I've setup DNS as described above, thanks.   I setup a test pc and installed outlook 2010.  When I setup the outlook account I get a cert error stating that the internal name of the server doesn't appear in the cert.

Also when I setup the exchange account in outlook on a non-domain PC from a remote site, I get an error which states that "the connection to Microsoft exchange is unavailable. Outlook must be online or connected to complete this action"

When setting the internal and external names of the virtual directories, I used for both the internal and external names. Should I have left the internal names as they were?

tech53Author Commented:
Thanks folks. It was really the DNS that was holding me back. All working as promised.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.