I have an out of the box SBS2011 install which is fully patched and updated.
During SBS2011 installation did not give me the option of putting a .com and has instead setup my domain name with a local extension, i.e. mydomain.local
From an external mail perspective, users use the domain extdomain.com.
I have installed a third-party SAN certificate on my server with the names:
- myserver
- myserver.mydomain.local
- remote.extdomain.com
- autodiscover.extdomain.com.
If I can help it don't actually want my server to live on the internet, I only want people to access internally over the VPN (which works fine they can send and receive email OK).
What is driving me nuts is in Outlook 2010 the certificate error popup as the domain registrar is responding to the autodiscover.extdomain.com with a holding page so Outlook thinks it is valid!
How can I disable this check in Outlook, or is there anything I can do if i open the IIS port up on the firewall and have a valid autodiscover page?
How can i account for I have an autodiscover.mydomain.local website but not an autodiscover.extdomain.com site in IIS?
You can do this with SRV DNS records without modifying your cert. That would avoid the autodiscover step. It seems to be recommended for SBS installations.
However, I usually set autodiscover as an A record or CNAME to the actual mail server's address. Why are you getting a holding page for that?
Check out: How do I reconfigure Exchange Autodiscover?
Create an autodiscover A host record and point it to the internal IP of the exchange server. Since you're trying to prevent any actual "internet" exposure to the exchange server then clients who use the SBS sever for DNS (Not sure if youre setting it for the VPN connections) will then lookup the default SRV record created in active directory DNS or the SPN.. but external VPN clients will lookup domain.com/autodiscover.xml and then autodiscover.domain.com where domain.com is extracted from their primary email address in Exchange.