I have a single public address.
Port 443 is mapped on the firewall to the direct access server. Port 8443 is mapped to the exchange client access server.
The direct access server presents a certificate with the subject name of "connect.domain.com". I have created a new website on the exchange client access server on port 8443 and have created the exchange virtual directories on the new website. The exchange services present a certificate with the subject name of "mail.domain.com"
I have created a SRV record of _autodiscover._tcp.domain.com in the external DNS. the SRV record resolves to a host called mail.domain.com and port 8443. mail.domain.com resolves to the external address of the firewall. I do not have a autodiscover.domain.com record in the external DNS.
My expectation is that Outlook anywhere clients should connect to my firewall at port 8443 because of the SRV record. However I can see it connecting at port 443, as the client warns about a name mismatch because it receives the direct access certificate and does not connect.
Is the port number from the SRV record ignored by clients?
Can you use Network Monitor to capture the connection session and see whether the ports are used correctly:
If you have feedback for TechNet Subscriber Support, contact firstname.lastname@example.org
TechNet Community Support