locked
AD with two domains, what determines which domain Autodiscovery uses RRS feed

  • Question

  • Started working at company that is in the process of migrating from Exchange 2003 to Exchange 2010.  Their AD was setup with two domains and I will call them alpha.com and beta.com.  Before I came on board they purchased a certificate which supported multiple SAN entries with one of those being autodiscover.beta.com, but there is NO entry for autodiscover.alpha.com host.  Not only that but there is no entry for autodiscover.alpha.com in internal DNS or internet facing DNS which I don't think is an issue, but just trying to be thorough with my information.

    When some users attempt to connect Outlook 2007 across a VPN they receive the dreaded name mismatch certificate error because the autodiscover service is returning autodiscover.alpha.com.  What I don't understand is what exactly determines which domain gets appended to the autodiscover during connection attempts.

    I have a feeling that it might be what is set as the primary email domain for the user account but I really don't know.  Appreciate everyone's time on this.

    Thursday, February 24, 2011 9:55 PM

Answers

  • Yes it will use the primary email domain. If you're support multiple SMTP domains you need to do the srv redirect method or HTTP redirect method. The whitepaper below goes over both scenarios when using multiple SMTP domains.

    White Paper: Exchange 2007 Autodiscover Service

    http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx



    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
    • Marked as answer by GHuey Friday, February 25, 2011 8:45 PM
    Thursday, February 24, 2011 10:03 PM

All replies

  • Yes it will use the primary email domain. If you're support multiple SMTP domains you need to do the srv redirect method or HTTP redirect method. The whitepaper below goes over both scenarios when using multiple SMTP domains.

    White Paper: Exchange 2007 Autodiscover Service

    http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx



    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
    • Marked as answer by GHuey Friday, February 25, 2011 8:45 PM
    Thursday, February 24, 2011 10:03 PM
  • I think you have to save both autodiscover settings in your DNS Server.

    If a userr authenticated to Active Directory the mail adress is used to generate the autodiscover entry whicht is lookup in DNS. But I think that it is a goof Idee to save the Serrvicerecord autodiscover entries in DNS

    _autodiscover._tcp.domain TCP 443 Hostname of your Exchangesever

    So you can have one Exchangeserver with multiple maildomains and the certificate of your Exchangeserver only contains the name of the server and not the autodiscoverr.domain names with doesn´t fit on big organisations with a lot of maildomains.

     


    regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com
    Thursday, February 24, 2011 10:05 PM