Options
SBS2008 & Autodiscover woes
If you haven't had the pleasure of working with autodiscover yet, boy are you in for a suprise! I don't know if it's against policy to ask work related questions on here, so if it's removed I won't be upset.
I've been working with a client on SBS2008, Exchange 2007, Outlook 2010. They mentioned OOF was not working, getting an error. Works fine from OWA. Looked into it, they are also getting security alerts. I have changed the Autodiscover URL's to remote.domain.com, server.domain.local and finally mail.domain.com. Now they can get OOF working by selecting Yes on the Security Alerts. These security alerts say it's not from a trusted source, but it shows the issuer is mail.domain.com. Sometimes it also gets security alerts for remote.domain.com and says "The name on the security cert is invalid or does not match the name of the site". When I run the Test Autoconfig, it passes (though it brings up another security alert). Sometimes they get an alert for autodiscover.domain.com, and the issuer of the cert is their hosting service. The cert has *.hostingservice.com for the name. I don't even know why it is contacting that address, it does not show up in the autoconfig at all. Testexchangeconnectivity.com shows that autodiscover fails, usually being that the name on the certificate does not match the name of the site (again, the cert it pulls is from their hosting company, no idea why).
I know it's a long shot, but any suggestions? I've spent countless hours researching this.
I've been working with a client on SBS2008, Exchange 2007, Outlook 2010. They mentioned OOF was not working, getting an error. Works fine from OWA. Looked into it, they are also getting security alerts. I have changed the Autodiscover URL's to remote.domain.com, server.domain.local and finally mail.domain.com. Now they can get OOF working by selecting Yes on the Security Alerts. These security alerts say it's not from a trusted source, but it shows the issuer is mail.domain.com. Sometimes it also gets security alerts for remote.domain.com and says "The name on the security cert is invalid or does not match the name of the site". When I run the Test Autoconfig, it passes (though it brings up another security alert). Sometimes they get an alert for autodiscover.domain.com, and the issuer of the cert is their hosting service. The cert has *.hostingservice.com for the name. I don't even know why it is contacting that address, it does not show up in the autoconfig at all. Testexchangeconnectivity.com shows that autodiscover fails, usually being that the name on the certificate does not match the name of the site (again, the cert it pulls is from their hosting company, no idea why).
I know it's a long shot, but any suggestions? I've spent countless hours researching this.
Comments
-
Options
rsutton
Member Posts: 1,029 ■■■■■□□□□□
Are you using a multi-domain cert with autodiscover.yourdomain.com listed on it? -
Options
Tackle
Member Posts: 534
Are you using a multi-domain cert with autodiscover.yourdomain.com listed on it?
I don't think so. Get-Exchangecertificate | fl lists 6 certificates. None of which show autodiscover.domain.com in the certificate domains. Though there are a couple with multiple CertificateDomains. -
Optionsbenbuiltpc
Member Posts: 80 ■■□□□□□□□□
Are you using a multi-domain cert with autodiscover.yourdomain.com listed on it?
We had to do the same. Additional subject alternative names. -
Optionsit_consultant
Member Posts: 1,903
You also need to set up an autodiscover record in DNS. That, coupled with the multi domain cert, make setting up outlook 2010 outside of the domain a breeze. I have made more money cleaning up this exact problem...
-
OptionsTackle
Member Posts: 534
it_consultant wrote: »You also need to set up an autodiscover record in DNS. That, coupled with the multi domain cert, make setting up outlook 2010 outside of the domain a breeze. I have made more money cleaning up this exact problem...
This is my first go with SBS2008 and Outlook 2010. Learning all sorts of new things.
SRV record? I'll take a look at getting a multi domain cert. I should be able to use a created/self signed one internally, correct? -
Options
blargoe
Member Posts: 4,174 ■■■■■■■■■□
You can, but all the computers that connect to Exchange will get a security warning indicating that the certificate is not trusted, unless you import the certificate into the their Trusted Root Certificates store on their PC or ActiveSync device (whichever they are using).
Best thing for you to do is to get a cheap multi-domain SSL certificate from Entrust or GoDaddy and make sure autodiscover.domain.com is listed for every email domain you're hosting, plus whatever your is your hostname for OWA, and then make sure autodiscover.domain.com has a record in DNS.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
Optionsmbarra
Member Posts: 44 ■■■□□□□□□□
You need to use the "Add a trusted Certificate" wizard in the Network--> Connectivity within the SBS Console to generate a certificate request for a trusted public cert.
If you are using a self signed cert then go thru the "Fix my Network" wizard. Network --> Connectivity also in the SBS console.
The most important thing to remember in SBS is to use the wizards in the console to do your tasks. Add Users, Computers, WSUS, Certificates, Exchange et al.
SBS has so many interrelated components that if you do not use the wizards behind the scene things will not get done.
