locked
Exchange 2010 & Outlook 2010 Autodiscovery domain internal certificate name mismatch RRS feed

  • Question

  • Hi All,

    Since 2 days I've been reading through tons of articles relating to certificate error related to autodiscovery in EX2010, but I haven't found one which took care of my problem (or I miss the wood for the trees):

    Public domian: foobar.com
    Internal domain: foobar.local
    SCP: http://<EX_SRV_NAME>.foobar.local/autodiscover/Autodiscover.xml

    Starting one week ago everytime I start Outlook on my domain joined laptop I receive an certificate error stating a name mismatch. The certificate with the name mismath is the one from our hosted website and the url used is "autodiscover.foobar.com". Now 2 other clients in our network facing the same problem.

    In my opinion domain joined clients on the internal network use the SCP entry in AD which says https://<EX_SRV_NAME>.foobar.local/autodiscover/Autodiscover.xml in my case. According to the Outlook autoconfiguration test tool, the client sucessfully uses SCP, so why on earth does it look for the external URL autodiscover.foobar.com afterwards?

    Hope some is able to enlighten me :-)

    Monday, May 11, 2015 9:32 PM

All replies

  • Bite the bullet and deploy split-brain DNS so that you can use the external domain for everything internally and externally.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Tuesday, May 12, 2015 12:46 AM
  • Hi Rotesgnu,

    I recommend you refer to the following article, it may give you some hints:

    https://support.microsoft.com/en-us/kb/940726

    Try to change all the internal urls for the relevant services, like OAB, EWS and Autodiscover as mentioned in article.

    Best regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Niko Cheng
    TechNet Community Support

    Tuesday, May 12, 2015 9:03 AM
    Moderator
  • Are you using internal or public CA?

    I use external CA, i have servername with and without FQDN - both, external OWA url, autodiscover.domain.com added as SAN on the certificate, works well with and without VPN (internally and externally)


    Inderjit

    Tuesday, May 12, 2015 11:15 AM
  • I'm using an internal CA and just to clarify:

    The exchange and outlook setup worked flawlessly for more than 2 years now, from out now where the certificate message appeared.

    The certificate, the message complains about, is related to the webspace we've rented from a webhosting provider. As a "mismatchname" it shows the the domainname of the hoster not ours e.g. "hosterdomain.com". There we also registered our public domain foobar.com and set the mx record pointing towards our public ip. I haven't neither installed a certificate for our public website nor does our website use one.

    I'm courios why it started now to show the message, cause I haven't change the internal certificate for more then 6 month.

    I looks like Outlook uses the SCP correctly but then searches for autodiscover.foobar.com


    • Edited by Rotesgnu Tuesday, May 12, 2015 1:07 PM
    Tuesday, May 12, 2015 1:06 PM