Go Premium for a chance to win a PS4. Enter to Win


Hosted Exchange issues Autodiscover and redirect

Posted on 2016-07-14
Medium Priority
Last Modified: 2016-08-25
G'day guys,

I spent awhile on the phone to the hosted exchange provider trying to resolve this but he could not.

Basically what happens is that I have a bunch of clients who use Hosted Exchange services. Now most clients use me or some other 3rd party to host their websites, DNS, etc but I generally like to move every client to Hosted Exchange because I just can't compete and it means it becomes someone else's responsibility to make sure that it is up and running 24/7.

Now this works fine, up until the following scenario.

Joe Bloggs has a domain called joebloggs.com

Website is hosted with me. DNS management is with my hosting provider, along with domain registration.
IP of the server is (this is a shared cPanel server, I'm just one of the resellers on this server).

I use Hosted Exchange through iiNet - https://iihelp.iinet.net.au/DNS_records_for_Hosted_Exchange
Followed the DNS records to the letter.

So for the DNS I would have something like this:

joebloggs.com. 14400 A
www.joebloggs.com. 14400 CNAME joebloggs.com.

Open in new window

joebloggs.com. 14400 MX 10 smtp.exchange.iinet.net.au.
autodiscover.joebloggs.com. 14400 CNAME autodiscvr.exchange.iinet.net.au.
webmail.joebloggs.com. 14400 CNAME exchange.iinet.net.au
joebloggs.com 14400 TXT "v=spf1 redirect=exchange.iinet.net.au"

Open in new window

Now my issues are these:

1) When configuring Outlook or similar to connect through using the Autodiscover feature it always complains that the SSL Certificate is wrong - it picks up the SSL Certificate in use at (keep in mind it is shared hosting so that could be anything)

2) If I try to use the webmail.joebloggs.com in the URL bar, it will error with a certificate issue because it clearly doesn't match the name attributed to the the exchange.iinet.net.au

So my question(s) are these:

1) How do I fix the autodiscover so that rather then picking up the SSL certificate used at it picks up the certificate used at the Hosted Exchange provider??

2) How do I setup a tailored DNS record like webmail.joebloggs.com to redirect me without causing a SSL Certificate issue? I'm happy for the URL to change, I just want my clients to type in something familiar to them.

Thanks in advance.

Steven Swarts
Question by:sjswarts
  • 6
  • 4
  • 2
  • +1
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 41711779
Instead of using a CNAME record for autodiscover, use a SRV record instead.  That should resolve the ssl cert error for that part.

Create that record as follows:
Service: _autodiscover
Protocol: _tcp
Port Number: 443
Host: autodiscvr.exchange.iinet.net.au
Weight: 0
Priority: 0

Also make sure that your DNS Zone doesn't have any wildcard "*" A or CNAME records.

For the webmail issue, you can use a redirect instead of a CNAME.  The URL will change in the user's browser, but at least it won't have the SSL error.  Configure a redirect in cPanel > Domains > Redirects

Expert Comment

by:Raghu Addanki
ID: 41711792
That's by design. It checks www or domain.com first and moves on to discover a record Autodiscover.

That is why you see invalid or failed lookup wrt SSL.

I am currently driving and if no one else help you with how it works and how to correct records I would do in next 3 hours.

But you get a good grip on it here meanwhile:

LVL 16

Expert Comment

ID: 41712860
I hope it is not throwing an error because of your typo

autodiscover.joebloggs.com. 14400 CNAME autodiscvr.exchange.iinet.net.au.<< Do you intentionally have the o missing in autodiscover in your CNAME

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!


Author Comment

ID: 41713014
@foxluv if you look at the link provided by iiNet (Hosted Exchange Provider) they have it set like that for whatever reason.

Also it's missing more then just the o :p

Author Comment

ID: 41713121
@Jeffrey Kane

You seem to be on the right track. I was sure that I read somewhere today that I shouldn't use SRV records, but maybe that is only when you have a SSL certificate for autodiscover.domain.com  - https://www.reddit.com/r/exchangeserver/comments/3qm2l8/autodiscoverdomaincom_is_getting_ssl_certificate/

As it stands I've removed the autodiscover and replaced it with this (keep in mind this is cPanel so it's a little different)

_autodiscover._tcp 3600 0 0 443 autodiscvr.exchange.iinet.net.au.

Open in new window

cPanel SRV vs CNAME autodiscover
Attached is a screen shot of my options and also what I originally had.

However when I do this it still doesn't autodiscover correctly on my Android phone (might work on others). What I mean is that it correctly asks me if it should use the found SRV record pointing to autodiscover.exchange.iinet.net.au but then it doesn't populate the server field correctly which obviously fails because it fills it with joebloggs.com rather then exchange.iinet.net.au.

I am fixing my Outlook to try it locally at my office so I will report back with any findings.

As for the redirects that does work. However I found that you missed a step, first you need to create a subdomain and then you have option to redirect that subdomain. For our example:

Create subdomain webmail.joebloggs.com

Redirect webmail.joebloggs.com permanently (301) to exchange.iinet.net.au

Then it works beautifully. Is this what you meant? Be nice if that extra step wasn't there.

Author Comment

ID: 41713795
@Raghu Addanki

Thanks for that article. I presumed that was the case.

I guess the only way it is possible for me to resolve this then is to get my clients to buy a dedicated IP for their public website?? Make sure they don't utilise SSL certificate OR have a current one??

A shared IP (which is commonly used for cheap website hosting) appears to cause this issue.

Expert Comment

by:Raghu Addanki
ID: 41713828
Perfect sjswarts!
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 41714452
Make sure they don't utilise SSL certificate OR have a current one??

No, you missed a fine point in that article -- you want to make sure that if you do have an SSL certificate on your public web site that it includes the ROOT (ie, joebloggs.com) as well as www.joebloggs.com.  Then it won't throw a certificate error.

Author Comment

ID: 41714456
@Jeffrey - don't all www certificates automatically secure root domains?

For example:

Buy 2 year SSL Certificate for www.joebloggs.com and it covers both https://www.joebloggs.com and https://joebloggs.com

Although I presume that this is not the case for any other subdomains.

Author Comment

ID: 41714459
@Jeffrey why doesn't the SRV record work to configure autocomplete properly?

I noticed that if I only have the SRV record it fills the "Server" section to my android device with "joebloggs.com".

But if I use the autodiscover A record it fills it just fine and works like a charm, of course not if there isn't a dedicated IP for the public website or a current SSL certificate.
LVL 74

Accepted Solution

Jeffrey Kane - TechSoEasy earned 2000 total points (awarded by participants)
ID: 41714476
Unfortunately this seems to be a problem with Android: https://goo.gl/cLPjqZ

But when creating the autodiscover record in cPanel be sure that the Name field has the following:

I just tested creating one in cPanel and it actually added the domain name automatically after I entered the _autodiscover._tcp. part

Author Comment

ID: 41714635
Hmmm interesting find.

I'll have to investigate further, but thanks for the heads up.
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 41769947
author abandoned

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
How to effectively resolve the number one email related issue received by helpdesks.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question