Solved

Exchange 2013 connect outlook 2013 certificat problem alert

Posted on 2016-08-22
3
53 Views
Last Modified: 2016-08-23
Hi,

I have in my Exchange infrastrcture 2 Exchanges Servers
Server 1: MBX+CAS
Server 2: MBX+CAS
+ these servers have both a Public IP and directly connected to the Internet so no proxy or firewall configured

Even on my environnement i have the external url: mail.company.com
and also the certificat name it's purchased with this name: mail.company.com

I activeted the outlook anywhere  :OK
I configured the AutoDiscover InternalURI :OK
I configured the other virtualDirectory :OK
I add the autodiscover CNAME entry on my Public DNS company.com :OK

so my problem i arrived to connect an account with autodiscover method
but it's always return the certificat alert message with the autodiscover.company.com !!!

another problem when i have another account with different domain name like: user1@company1.com
who can i configure this with autodiscover !
0
Comment
Question by:Mohamed Amine LIMAME
3 Comments
 
LVL 38

Expert Comment

by:Adam Brown
ID: 41765696
There are a couple ways to address the certificate error problem, depending on whether the certificate you have has autodiscover.company.com as an alternate name. If you only have 1 name on the cert, the first option might not work.  
1. Create a CNAME DNS Record for Autodiscover.company.com that points to mail.company.com You would do the same thing for the DNS of all other companies that people use to connect with. For instance, if you have a user whose primary email address is user@company1.com, you would modify the company1.com DNS so there is a CNAME record for autodiscover.company1.com that points to mail.company.com.
2. Remove all of your existing DNS records for autodiscover.company.com and create a SRV record for autodiscover. http://wp.me/pUCB5-7X has instructions for creating Internal SRV records. External ones will use the same setting, but instructions vary depending on which DNS registrar you use. You would do this for every domain that people use as a primary email address on the exchange server.

One thing to note, though, is that if you have a website that you can reach using company.com (no www. or other host name), you need to make sure that website is not configured to redirect the /autodiscover/autodiscover.xml URL. If you don't, you'll always get certificate errors on devices that aren't on your domain and configured to skip the domain.com Autodiscover lookup.
0
 
LVL 7

Accepted Solution

by:
harryhelp earned 500 total points
ID: 41765883
The easiest way to resolve this would be to get a "SAN Certificate" (can be sold as a UC certificate as that is its typical use). This is a certificate that can have multiple domains associated - ie mail.mycompany.com and autodiscover.mycompany.com. This would allow you to use the current configuration with no issues.

A wildcard certificate will also do the trick (if you only have one domain).

The SAN certificate would typically be cheaper if you have one domain.
1
 

Author Closing Comment

by:Mohamed Amine LIMAME
ID: 41767171
The UCC certificat it's probably the best solution
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scenario: Your operations manager has discovered an anomaly in your security system. The business will start to suffer within 15 minutes if it is a major IT incident. What should she do? We have 6 recommendations for managing major incidents (https:…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now