Solved

Hosted Exchange issues Autodiscover and redirect

Posted on 2016-07-14
13
55 Views
Last Modified: 2016-08-25
G'day guys,

I spent awhile on the phone to the hosted exchange provider trying to resolve this but he could not.

Basically what happens is that I have a bunch of clients who use Hosted Exchange services. Now most clients use me or some other 3rd party to host their websites, DNS, etc but I generally like to move every client to Hosted Exchange because I just can't compete and it means it becomes someone else's responsibility to make sure that it is up and running 24/7.

Now this works fine, up until the following scenario.

Joe Bloggs has a domain called joebloggs.com

Website is hosted with me. DNS management is with my hosting provider, along with domain registration.
IP of the server is 103.241.2.211 (this is a shared cPanel server, I'm just one of the resellers on this server).

I use Hosted Exchange through iiNet - https://iihelp.iinet.net.au/DNS_records_for_Hosted_Exchange
Followed the DNS records to the letter.

So for the DNS I would have something like this:

WEBSITE
joebloggs.com. 14400 A 103.241.2.211
www.joebloggs.com. 14400 CNAME joebloggs.com.

Open in new window


EMAIL
joebloggs.com. 14400 MX 10 smtp.exchange.iinet.net.au.
autodiscover.joebloggs.com. 14400 CNAME autodiscvr.exchange.iinet.net.au.
webmail.joebloggs.com. 14400 CNAME exchange.iinet.net.au
joebloggs.com 14400 TXT "v=spf1 redirect=exchange.iinet.net.au"

Open in new window


Now my issues are these:

1) When configuring Outlook or similar to connect through using the Autodiscover feature it always complains that the SSL Certificate is wrong - it picks up the SSL Certificate in use at 103.241.2.211 (keep in mind it is shared hosting so that could be anything)

2) If I try to use the webmail.joebloggs.com in the URL bar, it will error with a certificate issue because it clearly doesn't match the name attributed to the the exchange.iinet.net.au

So my question(s) are these:

1) How do I fix the autodiscover so that rather then picking up the SSL certificate used at 103.241.2.211 it picks up the certificate used at the Hosted Exchange provider??

2) How do I setup a tailored DNS record like webmail.joebloggs.com to redirect me without causing a SSL Certificate issue? I'm happy for the URL to change, I just want my clients to type in something familiar to them.

Thanks in advance.

Steven Swarts
TechCare
0
Comment
Question by:sjswarts
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 41711779
Instead of using a CNAME record for autodiscover, use a SRV record instead.  That should resolve the ssl cert error for that part.

Create that record as follows:
Service: _autodiscover
Protocol: _tcp
Port Number: 443
Host: autodiscvr.exchange.iinet.net.au
Weight: 0
Priority: 0

Also make sure that your DNS Zone doesn't have any wildcard "*" A or CNAME records.

For the webmail issue, you can use a redirect instead of a CNAME.  The URL will change in the user's browser, but at least it won't have the SSL error.  Configure a redirect in cPanel > Domains > Redirects
1
 
LVL 1

Expert Comment

by:Raghu Addanki
ID: 41711792
That's by design. It checks www or domain.com first and moves on to discover a record Autodiscover.

That is why you see invalid or failed lookup wrt SSL.

I am currently driving and if no one else help you with how it works and how to correct records I would do in next 3 hours.

But you get a good grip on it here meanwhile:

http://www.shudnow.net/2013/07/26/outlook-certificate-error-and-autodiscover-domain-com-not-working/
1
 
LVL 16

Expert Comment

by:FOX
ID: 41712860
I hope it is not throwing an error because of your typo

autodiscover.joebloggs.com. 14400 CNAME autodiscvr.exchange.iinet.net.au.<< Do you intentionally have the o missing in autodiscover in your CNAME

autodiscover.exchange.iinet.net.au
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 

Author Comment

by:sjswarts
ID: 41713014
@foxluv if you look at the link provided by iiNet (Hosted Exchange Provider) they have it set like that for whatever reason.

Also it's missing more then just the o :p
0
 

Author Comment

by:sjswarts
ID: 41713121
@Jeffrey Kane

You seem to be on the right track. I was sure that I read somewhere today that I shouldn't use SRV records, but maybe that is only when you have a SSL certificate for autodiscover.domain.com  - https://www.reddit.com/r/exchangeserver/comments/3qm2l8/autodiscoverdomaincom_is_getting_ssl_certificate/

As it stands I've removed the autodiscover and replaced it with this (keep in mind this is cPanel so it's a little different)

_autodiscover._tcp 3600 0 0 443 autodiscvr.exchange.iinet.net.au.

Open in new window


cPanel SRV vs CNAME autodiscover
Attached is a screen shot of my options and also what I originally had.

However when I do this it still doesn't autodiscover correctly on my Android phone (might work on others). What I mean is that it correctly asks me if it should use the found SRV record pointing to autodiscover.exchange.iinet.net.au but then it doesn't populate the server field correctly which obviously fails because it fills it with joebloggs.com rather then exchange.iinet.net.au.

I am fixing my Outlook to try it locally at my office so I will report back with any findings.

As for the redirects that does work. However I found that you missed a step, first you need to create a subdomain and then you have option to redirect that subdomain. For our example:

Create subdomain webmail.joebloggs.com

Redirect webmail.joebloggs.com permanently (301) to exchange.iinet.net.au

Then it works beautifully. Is this what you meant? Be nice if that extra step wasn't there.
0
 

Author Comment

by:sjswarts
ID: 41713795
@Raghu Addanki

Thanks for that article. I presumed that was the case.

I guess the only way it is possible for me to resolve this then is to get my clients to buy a dedicated IP for their public website?? Make sure they don't utilise SSL certificate OR have a current one??

A shared IP (which is commonly used for cheap website hosting) appears to cause this issue.
0
 
LVL 1

Expert Comment

by:Raghu Addanki
ID: 41713828
Perfect sjswarts!
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 41714452
Make sure they don't utilise SSL certificate OR have a current one??

No, you missed a fine point in that article -- you want to make sure that if you do have an SSL certificate on your public web site that it includes the ROOT (ie, joebloggs.com) as well as www.joebloggs.com.  Then it won't throw a certificate error.
1
 

Author Comment

by:sjswarts
ID: 41714456
@Jeffrey - don't all www certificates automatically secure root domains?

For example:

Buy 2 year SSL Certificate for www.joebloggs.com and it covers both https://www.joebloggs.com and https://joebloggs.com

Although I presume that this is not the case for any other subdomains.
0
 

Author Comment

by:sjswarts
ID: 41714459
@Jeffrey why doesn't the SRV record work to configure autocomplete properly?

I noticed that if I only have the SRV record it fills the "Server" section to my android device with "joebloggs.com".

But if I use the autodiscover A record it fills it just fine and works like a charm, of course not if there isn't a dedicated IP for the public website or a current SSL certificate.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points (awarded by participants)
ID: 41714476
Unfortunately this seems to be a problem with Android: https://goo.gl/cLPjqZ

But when creating the autodiscover record in cPanel be sure that the Name field has the following:
_autodiscover._tcp.joebloggs.com.

I just tested creating one in cPanel and it actually added the domain name automatically after I entered the _autodiscover._tcp. part
1
 

Author Comment

by:sjswarts
ID: 41714635
Hmmm interesting find.

I'll have to investigate further, but thanks for the heads up.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 41769947
author abandoned
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Find out what you should include to make the best professional email signature for your organization.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question