• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 91
  • Last Modified:

Exchange 2013 connect outlook 2013 certificat problem alert


I have in my Exchange infrastrcture 2 Exchanges Servers
Server 1: MBX+CAS
Server 2: MBX+CAS
+ these servers have both a Public IP and directly connected to the Internet so no proxy or firewall configured

Even on my environnement i have the external url: mail.company.com
and also the certificat name it's purchased with this name: mail.company.com

I activeted the outlook anywhere  :OK
I configured the AutoDiscover InternalURI :OK
I configured the other virtualDirectory :OK
I add the autodiscover CNAME entry on my Public DNS company.com :OK

so my problem i arrived to connect an account with autodiscover method
but it's always return the certificat alert message with the autodiscover.company.com !!!

another problem when i have another account with different domain name like: user1@company1.com
who can i configure this with autodiscover !
Mohamed Amine LIMAME
Mohamed Amine LIMAME
1 Solution
Adam BrownSr Solutions ArchitectCommented:
There are a couple ways to address the certificate error problem, depending on whether the certificate you have has autodiscover.company.com as an alternate name. If you only have 1 name on the cert, the first option might not work.  
1. Create a CNAME DNS Record for Autodiscover.company.com that points to mail.company.com You would do the same thing for the DNS of all other companies that people use to connect with. For instance, if you have a user whose primary email address is user@company1.com, you would modify the company1.com DNS so there is a CNAME record for autodiscover.company1.com that points to mail.company.com.
2. Remove all of your existing DNS records for autodiscover.company.com and create a SRV record for autodiscover. http://wp.me/pUCB5-7X has instructions for creating Internal SRV records. External ones will use the same setting, but instructions vary depending on which DNS registrar you use. You would do this for every domain that people use as a primary email address on the exchange server.

One thing to note, though, is that if you have a website that you can reach using company.com (no www. or other host name), you need to make sure that website is not configured to redirect the /autodiscover/autodiscover.xml URL. If you don't, you'll always get certificate errors on devices that aren't on your domain and configured to skip the domain.com Autodiscover lookup.
The easiest way to resolve this would be to get a "SAN Certificate" (can be sold as a UC certificate as that is its typical use). This is a certificate that can have multiple domains associated - ie mail.mycompany.com and autodiscover.mycompany.com. This would allow you to use the current configuration with no issues.

A wildcard certificate will also do the trick (if you only have one domain).

The SAN certificate would typically be cheaper if you have one domain.
Mohamed Amine LIMAMEAuthor Commented:
The UCC certificat it's probably the best solution

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now