none
Internal autodiscover not working RRS feed

  • Question

  • Hi all,

    I have an exchange 2007 server, with a UCC certificate (mail.extdomain.com and autodiscover.extdomain.com)

    Everything working properly from the outside but from the inside, if I type mail.extdomain.com it brings me to the router login page. So internal OOF fails as well (it can't find autodiscover.extdomain.com). What are my options?

    Wednesday, September 7, 2011 7:33 PM

Answers

  • Hiya,

    - is there any way of setting the internal EWS to the netbios name of the CAS without getting a certificate error?

    Only if you disabled the requirement for SSL, which isn't a great idea.

    - if I do split DNS, is there any of way of avoiding the need to configure the WWW and the rest of the external records and just make sure they are forwarded outside?

    Not easily, unfortunately, you end up managing two DNS setups in parallel when you do it this way. If it's a small number (under ~50?) then any solution will be more complicated than just updating the occasional record in both places.

    - The router has a simple port forwarding option, what feature that will achieve what you're describing is missing on it?

    It depends on your router, it might not even do it. For example, at home on my DD-WRT based router I use the following iptables command to do this, though I doubt this will help much as it's pretty specific:

    iptables -t nat -A POSTROUTING -j MASQUERADE 

    Steve


    Steve Goodman
    Check out my Blog for more Exchange info or find me on Twitter

    • Marked as answer by inadmin Thursday, September 8, 2011 6:40 PM
    Wednesday, September 7, 2011 9:49 PM

All replies

  • You could consider using Split DNS and host a copy of your external domain DNS zone internally, substituting IP addressing for the external IP addresses.

    Alternatively, as it sounds like your router is performing NAT and port forwarding from a single external IP (just a guess), check if your router can be configured to port forward internal requests on port 80 and 443 to the external IP back to your Exchange server in the same way the external requests are.

    Steve


    Steve Goodman
    Check out my Blog for more Exchange info or find me on Twitter

    Wednesday, September 7, 2011 8:57 PM
  • You just hit the nail on the head. Yes the router is performing NAT and port forwarding from a single ext. IP.

    Ok a few questions:

    - is there any way of setting the internal EWS to the netbios name of the CAS without getting a certificate error?

    - if I do split DNS, is there any of way of avoiding the need to configure the WWW and the rest of the external records and just make sure they are forwarded outside?

    - The router has a simple port forwarding option, what feature that will achieve what you're describing is missing on it?

     

    Thanks for your helpful answers.


    • Edited by inadmin Wednesday, September 7, 2011 9:32 PM
    Wednesday, September 7, 2011 9:32 PM
  • Hiya,

    - is there any way of setting the internal EWS to the netbios name of the CAS without getting a certificate error?

    Only if you disabled the requirement for SSL, which isn't a great idea.

    - if I do split DNS, is there any of way of avoiding the need to configure the WWW and the rest of the external records and just make sure they are forwarded outside?

    Not easily, unfortunately, you end up managing two DNS setups in parallel when you do it this way. If it's a small number (under ~50?) then any solution will be more complicated than just updating the occasional record in both places.

    - The router has a simple port forwarding option, what feature that will achieve what you're describing is missing on it?

    It depends on your router, it might not even do it. For example, at home on my DD-WRT based router I use the following iptables command to do this, though I doubt this will help much as it's pretty specific:

    iptables -t nat -A POSTROUTING -j MASQUERADE 

    Steve


    Steve Goodman
    Check out my Blog for more Exchange info or find me on Twitter

    • Marked as answer by inadmin Thursday, September 8, 2011 6:40 PM
    Wednesday, September 7, 2011 9:49 PM
  • So there is no way of adding an internal CERT to the current one?
    Thursday, September 8, 2011 5:10 PM