Announcement

Collapse
No announcement yet.

Autodiscover Question.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Autodiscover Question.

    This may be a dumb question, but I need to double check.

    My company has other business units in it so I have about 8 different domains we accept mail for.

    For my UC cert, I only have the parent domain in the SANs.

    Ex:
    • webmail.domain.com
    • mobile.domain.com
    • domain.com
    • autodiscover.domain.com


    So, as expected, I get a cert warning when I open outlook for a email address containing [email protected] because autodiscover.domain2.com is not a SAN in the cert.

    My question is, will I need to have an autodiscover entry in the cert for each accepted domain?

    My first instinct is, yes I do, but I wanted to make sure there isn't some configuration change I could make around this or if this is just how it is.

    And as an example, my SANs would look like:
    • domain.com
    • autodiscover.domain.com
    • webmail.domain.com
    • mobile.domain.com
    • autodiscover.domain2.com
    • autodiscover.domain3.com
    • autodiscover.domain4.com
    • autodiscover.domain5.com
    • autodiscover.domain6.com
    • autodiscover.domain7.com
    • autodiscover.domain8.com


    Thanks for your help!

  • #2
    Re: Autodiscover Question.

    try to have a single, non-identifiable domain.

    EG, Office365 - they don't have a certificate that exists for autodiscover.domain for EVERY client - its impossible.

    for instance - if I look at one of my O365 profiles within outlook, it shows that it's looking for MSSTDutlook.com


    so short answer is - no, you shouldn't need to bind all the domains to the UCC
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Autodiscover Question.

      Thanks for the reply!

      Now the question is, how do I get it so that it doesn't hit me with a cert error every time I open outlook?

      I'm not sure how to get that to stop.

      I understand what it's doing when it's looking for autodiscover.domain2.com and it's not seeing it as a SAN, but I don't know how to get it to use autodiscover.domain.com.

      I hope that makes sense and thanks again.

      Comment


      • #4
        Re: Autodiscover Question.

        As a follow up, this article explains my situation to a T and hopefully, it'll help anyone else with my situation.

        http://www.msexchange.org/articles-t...ins-part1.html

        Comment


        • #5
          Re: Autodiscover Question.

          This is for internal computers only, correct? If so, on your local DNS setup an A record for autodiscover.domain.com to point to nothing. That should fix it.
          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment


          • #6
            Re: Autodiscover Question.

            If the computers are on the domain, then Autodiscover works in a different way. It uses the value of this command:

            get-clientaccessserver | select identity, autodiscoverserviceinternalURI

            If the computers are not on the domain then you need to use DNS autodiscover. That usually means in this scenario NOT having autodiscover.example.com resolving anywhere, but instead using SRV records.

            http://semb.ee/srv

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment

            Working...
            X