Solved

Exchange 2013 autodiscover settings

Posted on 2015-01-16
6
253 Views
Last Modified: 2015-02-04
Dear Experts,

I am deploying an Exchange 2013 server in a windows 2012R2 domain and would like some guidance as to setting up autodiscover correctly.  Its a greenfield install. Lets call the  domains intdomain.local and extdomain.com

What are the DNS entries required for the public domain?

I believe I may need to setup an internal split domain as .local domains are no longer being allowed as SAN on UCC certs. How do I do this properly?

What configuration changes do I need to make in exchange sever?

Thanks
0
Comment
Question by:tech53
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 40554787
You need to adjust both so that they are handing out the same URL to the domain.

All servers in the same AD site should have the same value for the Autodiscover value.

set-clientaccessserver -Identity servername -AutodiscoverServiceInternalURI https://host.example.com/autodiscover/autodiscover.xml

Just as it was on Exchange 2007 and 2010.

If you have non-domain clients on the internal domain using the internal DNS then you will need to configure DNS records in the usual way, depending on the SSL certificate.

For more

http://jaworskiblog.com/2013/04/13/setting-internal-and-external-urls-in-exchange-2013/
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40555360
For your SSL SAN cert you need the following DNS names associated with the cert.
External
- mail.domain.com
- autodiscover.domain.com
- A (host) record for mail.domain.com
- Reverse (x.x.x.x) record pointing to mail.domain.com
- cname record autodiscover.domain.com (mail.domain.com)

Internal DNS you will need to configure a Zone for external.domain.com
- Add all of your entries above to this internal zone for your external DNS names

You will then configure all of the virtual directories using the mail.domain.com (except for autodiscover)
Virtual Directory Examples
https://mail.domain.com/owa
https://mail.domain.com/EWS/Exchange.asmx
https://mail.domain.com/Microsoft-Server-ActiveSync
https://mail.domain.com/oab
https://autodiscover.domain.com//Autodiscover/Autodiscover.xml

Once you have set all of the URL's for your virtual directories you need to import and assign the cert via powershell.

Get-ExchangeCertificate

Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxxxxxx -services "pop,imap,smtp,iis"

These are the high level steps to get your Exchange server up and running.

Will.
0
 
LVL 1

Author Comment

by:tech53
ID: 40557573
"Internal DNS you will need to configure a Zone for external.domain.com
- Add all of your entries above to this internal zone for your external DNS names"

I have created a new Forward Lookup Zone called mail.domain.com pointing to the internal IP address of the Exchange Server.  Do I need to create a CNAME record for autodiscover.domain.com inside that FLZ or do I even need to create one at all?
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40557688
No you don't create a Forward Lookup Zone for "mail.domain.com" you create it for domain.com. Create an A record in this forward lookup zone for mail.domain.com and create a cname record for autodiscover.domain.com.

Will.
0
 
LVL 1

Author Comment

by:tech53
ID: 40558695
I've setup DNS as described above, thanks.   I setup a test pc and installed outlook 2010.  When I setup the outlook account I get a cert error stating that the internal name of the server doesn't appear in the cert.

Also when I setup the exchange account in outlook on a non-domain PC from a remote site, I get an error which states that "the connection to Microsoft exchange is unavailable. Outlook must be online or connected to complete this action"

When setting the internal and external names of the virtual directories, I used https://mail.domain.com/virtualdirectory for both the internal and external names. Should I have left the internal names as they were?

Thanks
0
 
LVL 1

Author Closing Comment

by:tech53
ID: 40589493
Thanks folks. It was really the DNS that was holding me back. All working as promised.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question