SBS 2011 Exchange clients getting autodiscover.site.xxx messages

Today we received notifications from 2 different clients both with SBS2011 w/Exch 2010.

They are both getting autodiscover.site.xxx pop ups about the certificates.

I don't know why suddenly we're getting these or how to correctly deal with them.

I believe both clients were off site from their servers with Outlook remotely accessing their emails.

Any help appreciated and steps to resolve.
Thanks
BBraytonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Same hosting company by any chance?

My instinct is that the hosting company has implemented an updated version of their control panel, so have hijacked the first Autodiscover url (https://example.com/Autodiscover/Autodiscover.xml) OR you don't have Autodiscover.example.com in the SSL certificate and pointing at the Exchange server (perhaps there is a wildcard DNS entry for the hosting company).

If that is the case, then you need to get the hosting company to disable Autodiscover on the web hosting domain - they can do it, but it can take some time to get someone to acknowledge it.
You should also check the Autodiscover settings being used for each domain is correct. If you don't have Autodiscover.example.com in the SSL certificate, then you need to use SRV records most likely.

Simon.
0
BBraytonAuthor Commented:
Simon.  Thanks.

First we have not set up an autodiscover.mydomain.com at the external dns hosting site.  Should we ?

Typically we have a remote.mydomain.com with an SSL cert at the external dns host.

Is there anything to do dns wise or sbs console fix my network type stuff to do at the local server.

Thanks
0
Simon Butler (Sembee)ConsultantCommented:
This is nothing to do with the local server.
Autodiscover shouldn't really be treated as an optional feature. It allows the clients to work correctly - for example to get free-busy information. It isn't just the setup of the clients.

If the SSL certificate is just for remote.example.com and no other names, then you cannot use Autodiscover.example.com host name because it will fail on the SSL mismatch - hence the need for SRV records instead. http://semb.ee/srv

If you have never done anything for Autodiscover, then my guess of a wildcard in the domain and a change at the web host is probably the most likely.

Simon.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

BBraytonAuthor Commented:
Getting there.

You correctly state that we just have the ssl for remote.

We can get access to the external dns zone file.  I'm not sure of what to add for an SRV record.  Can you give me info on what to add into the srv ?

I'm guessing once that's done the autodiscover cert notice will not pop up when accessing remote anymore?

Bruce
0
Simon Butler (Sembee)ConsultantCommented:
The link I have provided sends you to the Microsoft page on how to setup the SRV records.
You also need to ensure that Autodiscover.example.com does NOT resolve externally, or if it must (because someone doesn't want to remove the wildcard DNS entry) it resolves to a null address.
You should also ensure that https://example.com/Autodiscover/Autodiscover.xml returns a 404.

Simon.
0
Cris HannaCommented:
The folks at Third Tier created a blog post for setting this up on SBS 2008 but it still applies on 2011
http://www.thirdtier.net/2009/02/setting-up-an-external-autodiscover-record-for-sbs-2008/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.