Solved

Exchange 2013 connect outlook 2013 certificat problem alert

Posted on 2016-08-22
3
64 Views
Last Modified: 2016-08-23
Hi,

I have in my Exchange infrastrcture 2 Exchanges Servers
Server 1: MBX+CAS
Server 2: MBX+CAS
+ these servers have both a Public IP and directly connected to the Internet so no proxy or firewall configured

Even on my environnement i have the external url: mail.company.com
and also the certificat name it's purchased with this name: mail.company.com

I activeted the outlook anywhere  :OK
I configured the AutoDiscover InternalURI :OK
I configured the other virtualDirectory :OK
I add the autodiscover CNAME entry on my Public DNS company.com :OK

so my problem i arrived to connect an account with autodiscover method
but it's always return the certificat alert message with the autodiscover.company.com !!!

another problem when i have another account with different domain name like: user1@company1.com
who can i configure this with autodiscover !
0
Comment
Question by:Mohamed Amine LIMAME
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 40

Expert Comment

by:Adam Brown
ID: 41765696
There are a couple ways to address the certificate error problem, depending on whether the certificate you have has autodiscover.company.com as an alternate name. If you only have 1 name on the cert, the first option might not work.  
1. Create a CNAME DNS Record for Autodiscover.company.com that points to mail.company.com You would do the same thing for the DNS of all other companies that people use to connect with. For instance, if you have a user whose primary email address is user@company1.com, you would modify the company1.com DNS so there is a CNAME record for autodiscover.company1.com that points to mail.company.com.
2. Remove all of your existing DNS records for autodiscover.company.com and create a SRV record for autodiscover. http://wp.me/pUCB5-7X has instructions for creating Internal SRV records. External ones will use the same setting, but instructions vary depending on which DNS registrar you use. You would do this for every domain that people use as a primary email address on the exchange server.

One thing to note, though, is that if you have a website that you can reach using company.com (no www. or other host name), you need to make sure that website is not configured to redirect the /autodiscover/autodiscover.xml URL. If you don't, you'll always get certificate errors on devices that aren't on your domain and configured to skip the domain.com Autodiscover lookup.
0
 
LVL 7

Accepted Solution

by:
harryhelp earned 500 total points
ID: 41765883
The easiest way to resolve this would be to get a "SAN Certificate" (can be sold as a UC certificate as that is its typical use). This is a certificate that can have multiple domains associated - ie mail.mycompany.com and autodiscover.mycompany.com. This would allow you to use the current configuration with no issues.

A wildcard certificate will also do the trick (if you only have one domain).

The SAN certificate would typically be cheaper if you have one domain.
1
 

Author Closing Comment

by:Mohamed Amine LIMAME
ID: 41767171
The UCC certificat it's probably the best solution
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Read this checklist to learn more about the 15 things you should never include in an email signature.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question