jplatt1
asked on
Exchange 2010 offer Certificate from external web server to outlook clients
Hello all,
and thank you before hand. I am running an exchange 2010 sp3 server and it has been running for well over a year with no issue. I use a single cert purchased from godaddy and have made all the necessary config changes to the virtual directories and created a split horizon dns to support it. The autodiscover is set up as a svc record on my external dns hosting site. As I have said everything has been running flawlessly for over a year. All of a sudden this week when folks returned to work from the holiday weekend, when they opened outlook it connects and all functions perfectly except after about a minute or so a certificate warning pops up and asked them to accept it. The name it gives is my.domain.com.com. So the domain name is right but there is an extra .com added. Viewing the certificate shows that it is issued *.com.com and was issued by rapidssl. From what I have been able to gather this belongs to amazon technologies. I have checked the IIS certificate stores, The local computer certificate stores and checked dns to see if any changes had been made. There has been not updates or changes to exchange made recently, so it just spontaneously began. Mail functions, all the activesync for phones and owa functions and when you tell the certificate warning no it disappers and everything roles on until you close and open outlook again. The outlook clients being used are 2007, 2010 and 2013. The outlook clients have been running also for awhile so nothing was upgrade or a new outlook client add to a workstation recently.
Thank you for any guidance you might provide
and thank you before hand. I am running an exchange 2010 sp3 server and it has been running for well over a year with no issue. I use a single cert purchased from godaddy and have made all the necessary config changes to the virtual directories and created a split horizon dns to support it. The autodiscover is set up as a svc record on my external dns hosting site. As I have said everything has been running flawlessly for over a year. All of a sudden this week when folks returned to work from the holiday weekend, when they opened outlook it connects and all functions perfectly except after about a minute or so a certificate warning pops up and asked them to accept it. The name it gives is my.domain.com.com. So the domain name is right but there is an extra .com added. Viewing the certificate shows that it is issued *.com.com and was issued by rapidssl. From what I have been able to gather this belongs to amazon technologies. I have checked the IIS certificate stores, The local computer certificate stores and checked dns to see if any changes had been made. There has been not updates or changes to exchange made recently, so it just spontaneously began. Mail functions, all the activesync for phones and owa functions and when you tell the certificate warning no it disappers and everything roles on until you close and open outlook again. The outlook clients being used are 2007, 2010 and 2013. The outlook clients have been running also for awhile so nothing was upgrade or a new outlook client add to a workstation recently.
Thank you for any guidance you might provide
ASKER
Thank you for the reply. So the web site host is also incharge of the dns hosting. When I talked to him yesterday, he confirmed that the svc record for the domain had not change and was setup correctly. Are you talking about the dns host or the internet service provider that are external dns points too?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok Sir, I browsed to https://my.domain.com/autodicover/autodiscover.xml and received a login prompt. So that tells me that it is the website host that is hosting our dns at this point. Is this correct?
That suggests that wherever the root of the domain points (ensure that you are doing the test from outside your network) has Autodiscover enabled on it and the destination for the domain needs to get it removed.
That may not be anything to do with your DNS - it is where the web site actually is that is important.
Simon.
That may not be anything to do with your DNS - it is where the web site actually is that is important.
Simon.
ASKER
We are working on this with the DNS host provider and will get back to this forum.
Thank you
Thank you
fyi, I have cloudflare as my managed dns provider and my domain registrar points the name server records there. Many options and saves a lot of grief
ASKER
Hello,
Sorry for the amount of time. The DNS provider are working on the issue and believe the issue lies with them. We are waiting for confirmation as they asked for time to work on the issue.
Sorry for the amount of time. The DNS provider are working on the issue and believe the issue lies with them. We are waiting for confirmation as they asked for time to work on the issue.
ASKER
I am giving a "B" only because we do not have verification that this is the actually issue pending the providers inquiry. Though at this point it looks that Simon's explination is the most plausible.
Thank you all again for your help
Thank you all again for your help
The most common reason for this is that the web host has changed something so that the URL http://example.com/Autodiscover/Autodiscover.xml (where example.com is your domain) resolves to a host under their control. If that is the case then you need to get the host to disable Autodiscover for your domain. That will take some doing, as first line support will say it is something you do in DNS, which is not the case at all.
Simon.