Announcement

Collapse
No announcement yet.

Exchange 2010 autodiscover security alert

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2010 autodiscover security alert

    I have an SBS 2011 server with Exchange 2010. Several remote users connect using RPC over HTTPS in Outlook 2003. When I installed the server, I purchased a single-domain SSL certificate from GoDaddy so the remote users would not have to install the self-signed certificate.

    Now I am replacing one of the remote computers and have gone from Outlook 2007 to Outlook 2013. I get a security alert for autodiscover.mydomain.com that the name on the security certificate is invalid.

    I went into the DNS panel where the domain is hosted and tried creating an CNAME record 'autodiscover' that resolved to mail.mydomain.com but this did not fix the problem. Next I created an SRV record _autodiscover _tcp that pointed to mail.mydomain.com but I am still getting the security alert.

    Is there an easy fix for this or do I have to purchase a SANS certificate? Because there are not a lot of remote users involved, would it be less expensive to uninstall the GoDaddy SSL and just install and use the self-signed certificate on the remote computers?

    Our OWA address is h t t p s ://mail.mydomain.com

    Thanks
    Last edited by r042wal; 20th August 2014, 13:59.

  • #2
    Re: Exchange 2010 autodiscover security alert

    a UCC/SAN is probably your best bet, however there is an article on Sembee's site about working around this


    http://exchange.sembee.info/2010/ins...glenamessl.asp


    however, it absolutely won't work with outlook 2003.

    also, quite how this fits in with this, http://exchange.sembee.info/2010/ins...sl-sbs2011.asp , you'd have to review
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Exchange 2010 autodiscover security alert

      You need to make sure that Autodiscover.example.com does NOT resolve if you want to use SRV records. You also need to ensure that https://example.com/Autodiscover/Autodiscover.xml doesn't work either. That may require contact with your web host, as one of the most popular control panels tries to take over Autodiscover for its own purposes.

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment

      Working...
      X