?
Solved

Exchange 2013 connect outlook 2013 certificat problem alert

Posted on 2016-08-22
3
Medium Priority
?
77 Views
Last Modified: 2016-08-23
Hi,

I have in my Exchange infrastrcture 2 Exchanges Servers
Server 1: MBX+CAS
Server 2: MBX+CAS
+ these servers have both a Public IP and directly connected to the Internet so no proxy or firewall configured

Even on my environnement i have the external url: mail.company.com
and also the certificat name it's purchased with this name: mail.company.com

I activeted the outlook anywhere  :OK
I configured the AutoDiscover InternalURI :OK
I configured the other virtualDirectory :OK
I add the autodiscover CNAME entry on my Public DNS company.com :OK

so my problem i arrived to connect an account with autodiscover method
but it's always return the certificat alert message with the autodiscover.company.com !!!

another problem when i have another account with different domain name like: user1@company1.com
who can i configure this with autodiscover !
0
Comment
Question by:Mohamed Amine LIMAME
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 42

Expert Comment

by:Adam Brown
ID: 41765696
There are a couple ways to address the certificate error problem, depending on whether the certificate you have has autodiscover.company.com as an alternate name. If you only have 1 name on the cert, the first option might not work.  
1. Create a CNAME DNS Record for Autodiscover.company.com that points to mail.company.com You would do the same thing for the DNS of all other companies that people use to connect with. For instance, if you have a user whose primary email address is user@company1.com, you would modify the company1.com DNS so there is a CNAME record for autodiscover.company1.com that points to mail.company.com.
2. Remove all of your existing DNS records for autodiscover.company.com and create a SRV record for autodiscover. http://wp.me/pUCB5-7X has instructions for creating Internal SRV records. External ones will use the same setting, but instructions vary depending on which DNS registrar you use. You would do this for every domain that people use as a primary email address on the exchange server.

One thing to note, though, is that if you have a website that you can reach using company.com (no www. or other host name), you need to make sure that website is not configured to redirect the /autodiscover/autodiscover.xml URL. If you don't, you'll always get certificate errors on devices that aren't on your domain and configured to skip the domain.com Autodiscover lookup.
0
 
LVL 7

Accepted Solution

by:
harryhelp earned 2000 total points
ID: 41765883
The easiest way to resolve this would be to get a "SAN Certificate" (can be sold as a UC certificate as that is its typical use). This is a certificate that can have multiple domains associated - ie mail.mycompany.com and autodiscover.mycompany.com. This would allow you to use the current configuration with no issues.

A wildcard certificate will also do the trick (if you only have one domain).

The SAN certificate would typically be cheaper if you have one domain.
1
 

Author Closing Comment

by:Mohamed Amine LIMAME
ID: 41767171
The UCC certificat it's probably the best solution
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Postmortem reporting allow us to examine mistakes in a way that focuses on the situational aspects of a failure’s mechanism and the decision-making process of individuals proximate to the failure. Read our guide on how to handle IT post-mortem repor…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month15 days, 6 hours left to enroll

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question