SBS Exchange Autodiscover Cert Replacement

Hi guys....

I have a 2011 Small Business Server.  Everything has been running great for 3 years with a *.domain.com cert.  Autodiscover, OWA... all of it.  Last month the star cert expired and needed to be replaced.  We didn't want to pay for the star cert again due to cost, so we just bought a standard cert for remote.domain.com.  

I was able to configure the standard cert and all services work fine using the remote.domain.com cert.  EXCEPT... Outlook autodiscover.  When a users tries to open Outlook remotely, they get the cert mismatch error, saying the name of the security certificate is invalid or does not match the name of the target site remote.domain.com.

I have since purchased another standard cert for autodiscover.domain.com.  I have installed it on the server and it doesn't show any issues.  If I go into the Exchange Management Console and look at the server configuration I can see the cert and it shows to be valid.  But there does not appear to be a way to assign it to autodiscover.  If I assign the IIS service to it, then the breaks the OWA access and shows it is trying to use the autodiscover cert instead of the remote cert.

So... can this autodiscover cert work?  Or do I have to buy a different cert?  Or have I just not configured the remote.domain.com cert correctly for the autodiscovery?  Or maybe any other suggested solutions?

Thanks!!
mcdnetOwnerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
use 1 namespace for all services.
Outlook Anywhere – mail.example.com
Outlook Web App – https://mail.example.com/owa
Exchange Control Panel – https://mail.example.com/ecp
Exchange ActiveSync – https://mail.example.com/Microsoft-Server-ActiveSync
Exchange Web Services – https://mail.example.com/EWS/Exchange.asmx
Offline Address Book – https://mail.example.com/OAB
AutoDiscover – https://mail.example.com/Autodiscover/Autodiscover.xml

you would use remote.domain.com instead of mail. A ucc certificate with 5 names for 1 year would have cost you about $300 3 Years less than $250
http://exchangeserverpro.com/avoiding-exchange-2013-server-names-ssl-certificates/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Larry Struckmeyer MVPCommented:
SBS 2011 with at least Roll Up 4 removes .local from the cert request and handles all the rest "automagically" with a  standard $10 SSL cert.  You need the MX record for the mail, and a A for remote.domain.com.  Connections for all services should work fine with that if you use the SBS wizards to get from point A to point B.
mcdnetOwnerAuthor Commented:
I am still working on this as I am learning now about these ucc certificates.  Seems the choice to go with from the start.  If I can use remote.domain.com but add autodiscover to the same cert it would seem this would work.  Just need to try to get this new cert and see if it will work.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.