mbkitmgr
asked on
Wildcard Cert + Autodiscover + OLK 2016
I recently set up a new Server 2012 R2 Server with Exchange 2016.
I named the Active Dir domain AD.COMPANYNAME.COM and have the external domain registered prior to the new server project as COMPANYNAME.COM.
I generated a new wildcard SSL request in Exchange 2016 to retire the original single name SSL certificate and purchased *.COMPANYNAME.COM thinking it would address any naming issues with Exchange, Server 2012 and OLK.
Eg.
Clearly I have failed to understand/learn/hear/see/ feel something here as this isn't the case.
At present:
When I use OLK connection test I get the following in the log and the time it takes is less than a second:
Attempting URL https://servername.ad.companyname.com/autodiscover.xml found through SCP
Autodiscover to https://servername.ad.companyname.com/Autodiscover/Autodiscover.xml starting
GetLastError=0; httpStatus=200.
Autodiscover to https://servername.ad.companyname.com.Autodiscover/Autodiscover.xml Succeeded (0x00000000
When I query the AutoDiscoverInternalUri I get https://servername.ad.companyname.com/Autodiscover/Autodiscover.xml
So clearly something is smacking me in the face and I am not seeing it, so please help :)
I named the Active Dir domain AD.COMPANYNAME.COM and have the external domain registered prior to the new server project as COMPANYNAME.COM.
I generated a new wildcard SSL request in Exchange 2016 to retire the original single name SSL certificate and purchased *.COMPANYNAME.COM thinking it would address any naming issues with Exchange, Server 2012 and OLK.
Eg.
- Autodiscover.COMPANYNAME.C
OM - MAIL.COMPANYNAME.COM
- AUTODISCOVER.AD.COMPANYNAM
E.COM - SERVERNAME.AD.COMPANYNAME.
COM
Clearly I have failed to understand/learn/hear/see/
At present:
- EXRCA says all is perfectly configured.
- External devices such as tablets/phones all connected and sync without issue, it all works nicely.
- SSL checks show the Wildcard SSL cert is responding as expected.
- I reconfigured all virtual directory URLs in Exchange 2016 from their internal names to the external equivalents.
- OLK 2016 clients find and resolve the user to the mailbox and connect when Outlook is started for the 1st time for a user on a workstation.
- BUT Internal Outlook 2016 clients are giving the Security Alert showing the server responding is SERVERNAME.AD.COMPANYNAME.
COM. - When i View the Cert, it says its issued to *.COMPANYNAME.COM.
- If I elect to install the certificate on the client machine it persists with the Security Alert,
When I use OLK connection test I get the following in the log and the time it takes is less than a second:
Attempting URL https://servername.ad.companyname.com/autodiscover.xml found through SCP
Autodiscover to https://servername.ad.companyname.com/Autodiscover/Autodiscover.xml starting
GetLastError=0; httpStatus=200.
Autodiscover to https://servername.ad.companyname.com.Autodiscover/Autodiscover.xml Succeeded (0x00000000
When I query the AutoDiscoverInternalUri I get https://servername.ad.companyname.com/Autodiscover/Autodiscover.xml
So clearly something is smacking me in the face and I am not seeing it, so please help :)
Please ensure you make changes on virtual directories, especially steps 5,6 and 7 in my article.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I haven't been able to make the changes until the customer contact returns next week (w.e. 1/7/16) to approve the change.
http://#41660979 addresses the issue
ASKER
David J - the link isn't functioning for me in your response, can you provide an expanded URL. Thanks
wildcard certificates only go one level
*.domain.com will error with *.ad.domain.com you need a separate certificate for *.ad.domain.com
*.domain.com will error with *.ad.domain.com you need a separate certificate for *.ad.domain.com
ASKER
I am going to reset the virtual dirs after COB Monday to for-warn the users they may have to deleted their olk profile