troubleshooting Question

Why is Outlook 2007 throwing an Autodiscover certificate error when connecting to SBS 2011 Exchange?

Avatar of Perarduaadastra
PerarduaadastraFlag for United Kingdom of Great Britain and Northern Ireland asked on
ExchangeOutlookSBSSSL / HTTPSDNS
6 Comments1 Solution229 ViewsLast Modified:
The current situation is probably the product of cumulative errors over a couple of years, but it’s reached a point where I'm pulling out what hair I have left.

An SBS 2011 Exchange installation which has been working fine for years has recently started throwing an autodiscover name mismatch certificate error when Outlook 2007 is started on a domain computer. There is a website for the domain (let’s call it xyz.co.uk) although it’s not active at the moment, but the mail server at remote.xyz.co.uk is fairly busy, and it’s that name that I'm expecting to see on the SSL certificate; instead, I'm seeing the certificate for the domain name host, with the name *.123-secure.com on it although I'm pretty sure that if things were working properly I wouldn't see anything relating to SSL certificates at all.

If it’s relevant, the mail server is using a UCC SSL certificate from GoDaddy.

I've tried adding a CNAME record to the internal DNS forward lookup zone to no avail, and an SRV record for xyz.co.uk to the external DNS via the 123-reg control panel, but the error persists. I started to add a SRV record to the internal DNS forward lookup zone as well, until I noticed that the domain field at the top of the form contained remote.xyz.co.uk and not just xyz.co.uk. I sensed that pointing the record to itself might not be helpful...

Nslookup returns the IP address of the domain name host and not the static public IP of the SBS server; it lists no aliases.

The MS Test Connectivity tool for autodiscover for both ActiveSync and Outlook passes with warnings, to the effect that the DNS SRV redirect method was the only one that worked. The other methods returned name mismatches and wrong IP addresses. This suggests that the SRV record I added is both correct and necessary.

OWA works fine, and mail is sent and received without problems.

It seems that autodiscover is finding the root domain xyz.co.uk instead of being directed to remote.xyz.co.uk, so how can I fix this?

Why is the 123-secure certificate being invoked at all?

I’ve found 123-reg support to be glacially slow and entirely unhelpful so far.

Do I have to start again from scratch, or is the situation retrievable?
ASKER CERTIFIED SOLUTION
Log in to continue reading
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform for $9.99/mo
View membership options
Unlock 1 Answer and 6 Comments.
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
The Value of Experts Exchange in My Daily IT Life

Experts Exchange (EE) has become my company's go-to resource to get answers. I've used EE to make decisions, solve problems and even save customers. OutagesIO has been a challenging project and... Keep reading >>

Mike

Owner of Outages.IO
Phoenix, Arizona, United States
Member Since 2016
Join a full scale community that combines the best parts of other tools into one platform.
Unlock 1 Answer and 6 Comments.
View membership options
“All of life is about relationships, and EE has made a virtual community a real community. It lifts everyone's boat.”
William Peck

Member since 2004