Exchange 2013 autodiscover and SSL cert

Alasdairb
Alasdairb used Ask the Experts™
on
Hello
I have just set up my first Exchange 2013 server. It works fine for the internal users on the domain. Now I want to allow access for some external non-domain colleagues. This is what I have done so far, following what I can find on the Internet.

Enabled Split-DNS (http://exchange.sembee.info/network/split-dns.asp)

Set the internal and external URLs of the following directories to https://remote.mydomain.com/whatever ...  ECP, EWS, ActiveSync, OAB, OWA, Powershell
(http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2013/)

From the same article I modified the internal and external URL of Outlook Anywhere by going to ECP, Servers, Servers, Outlook Anywhere tab.

Finally I ran the following powershell command to change the Autodiscover URL
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml

At this point I have not created or applied for a third party SSL certificate. This is my next step but I am trying to test first. But at the moment if I try to set up an account from an external PC, I get a warning about the SSL cert, I click Continue and get the error in the attached file.

Is my problem caused because I have not got a proper certificate or haOutlookAnywhere-error.rtfve I done something wrong / missed something in my config so far?

When I apply for the certificate do I need to have remote.mydomain.com AND autodiscover.mydomain.com as a SAN? Or just remote.mydomain.com?

Thanks very much in advance.

Alasdair
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Senior Engineer
Commented:
That is exactly what is going on.  Because you don't have the cert you are getting the warning.

When you order and install your cert with all of your URLs in it, the cert warnings will go away.

Yes, you need both of these addresses in the cert.

I recently worked a case where the installer left off the autodiscover URL and we kept getting the cert warnings.  Once he re-ordered it and it was installed everything started working as it should.

I also followed the instructions here to create my SRV record.

https://support.microsoft.com/en-us/kb/2772058

Author

Commented:
Hello ScottCha,

Thanks for the reply. I applied for a digicert certificate with both URLs and got it approved and the cert mailed back within ten minutes, and yes, all works fine now.

Thanks again.

Alasdair
Scott CSenior Engineer

Commented:
Happy to have helped.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial