none
AutoDiscover Issue...

    Question

  • Alright, my external domain and my internal domain are not the same.

    owa.myexternal.com
    myinternal.local

    When my Outlook 2007 clients open the program they get the certificate warning obviously because the certificate on the CAS is for owa.myexternal.com

    My problem with autodiscover is if I go into exchange and manually set the autodiscover url to be autodiscover.myexternal.com then it constantly prompts Outlook users for a password which it never authenticates correctly because it's thinking they're part of myexternal.com instead of myinternal.local (or at least that's my best guess).  I was wanting to just get a wildcard cert and set autodiscover to be as I said before but the password issue will not let me...

    Did I set up something wrong or do I have any other options?  Are there any certificates that allow you to have wildcard for a domain and an internal server name?  Or should I set something up differently like multple CASs somehow?

    Thanks for any help in advance

    -John
    John Whites
    Friday, January 16, 2009 1:38 PM

Answers

  •  

    Hi John,

     

    1. Please let me know how the Outlook connects to Exchange server? Exchange Mode or Outlook Anywhere?

    2. Please let me know how you changed the autodiscover url?

     

    Please understand that for internal Outlook client, it gather the autodiscover url through SCP record. In order to change SCP record, we need to use adsiedit.msc tool to change SCP object.

     

    For external Outlook client, the autodiscover url is hard coded based on your SMTP domain name.

     

    Base on your situation, I suggest you get a SAN certificate and enable it on the Web Site.

     

    For more information:

     

    Certificate Use in Exchange Server 2007

    http://technet.microsoft.com/en-us/library/bb851505.aspx

     

    Autodiscover and Exchange 2007

    http://technet.microsoft.com/hi-in/library/bb232838(en-us).aspx

     

    Mike

    • Marked as answer by Mike Shen Monday, January 26, 2009 1:19 AM
    Monday, January 19, 2009 9:36 AM

All replies

  •  

    Hi John,

     

    1. Please let me know how the Outlook connects to Exchange server? Exchange Mode or Outlook Anywhere?

    2. Please let me know how you changed the autodiscover url?

     

    Please understand that for internal Outlook client, it gather the autodiscover url through SCP record. In order to change SCP record, we need to use adsiedit.msc tool to change SCP object.

     

    For external Outlook client, the autodiscover url is hard coded based on your SMTP domain name.

     

    Base on your situation, I suggest you get a SAN certificate and enable it on the Web Site.

     

    For more information:

     

    Certificate Use in Exchange Server 2007

    http://technet.microsoft.com/en-us/library/bb851505.aspx

     

    Autodiscover and Exchange 2007

    http://technet.microsoft.com/hi-in/library/bb232838(en-us).aspx

     

    Mike

    • Marked as answer by Mike Shen Monday, January 26, 2009 1:19 AM
    Monday, January 19, 2009 9:36 AM
  • Outlook connects in exchange mode for internal users and outlook anywhere for the external users (as well as owa)

    I believe i changed the autodiscover service using scp so the certificate needs to say (srv-exchange) for instance, but it doesn't obviously.

    If I get a SAN certificate to I put the server name or the FQDN for the server as the alternative name?
    John Whites
    Tuesday, January 20, 2009 5:31 PM
  •  

    Hi John,

     

    I think the Subject Alternative Name of the SAN certificate which enabled on the Default Web Site should include:

     

    Netbios name of the CAS server

    FQDN of the CAS server

    The external name of the CAS server

    Autodiscover Names (for example: autodiscover.domain.com)

    Outlook Anywhere external name

     

    Mike

     

    Wednesday, January 21, 2009 8:13 AM