Home / server / Questions / 498321
Accepted
xstnc
Asked: 2013-04-12 00:56:55 +0800 CST

Exchange 2010 Hosted mode, Autodiscover issues

  • 772

Env: 4 Exch 2010 Sp1 hosting mode MBXs, 2 CASHUBs, HLB infront.

This setup runs multiple domains for several different customers. The HLB can be reached at mail.ourhostingdomain.com and is where all the clients connect for anything (as this loadbalances the CAS-servers). When we run autodiscover tests against our own domain which differs form the hosting domain, the WEBSERVER of our primary domain replies with it's SSL certificate. This gives a faulty autodiscover, and warns the users that something is wrong.

I'm running tests with [email protected], and it connects to the HLB as it should on mail.ourhostingdomain.com. Why would the webserver of ourprimarydomain.com reply instead of the exchange/hlb which got the correct certificate?

Ourprimarydomain.com got an _autodiscover SRV record to throw the requests to mail.ourhostingdomain.com (This seem to partially work, as we get connected to the correct server?)

If anyone could explain this behaviour, it would be much appreciated!

(No, there is no A or CNAME for autodiscover.ourprimarydomain.com, just the SRV)

The same thing happens for others on the same platform, and all of them got an SRV record that points to mail.ourhostingdomain.com.

ssl

2 Answers

  1. Best Answer

    The default autodiscover queries DOMAIN.COM first before it queries AUTODISCOVER.DOMAIN.COM. Because of this, if you have a certificate on DOMAIN.com it will query that certificate and throw up the error. You can ignore the cert error in Outlook and then it will find the second cert and work ok, but it is a pain and will happen every time.

    You have a few choices from what I can recall.

    Either DON'T have an A record in DNS for the domain itself and only use a www record, etc. for webhosting. This would mean that if someone typed DOMAIN.com into a browser it wouldn't resolve though...only www.DOMAIN.com would.

    Choice #2 - http://windowsitpro.com/windows/how-can-i-force-my-microsoft-outlook-2007-client-particular-autodiscovery-server

    Choice #3 - I think you can use this registry key: “ExcludeHttpsRootDomain” in the Autodiscover section in the registry under Outlook on the clients computer. You'll need to set it to 1.

    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Outlook\Autodiscover]

    for instance on Outlook 14.

    • 1

  2. Use http://www.testexchangeconnectivity.com - run the Autodiscover test and it will show you what order Exchange clients use for autodiscover information. I think it tries connecting in such a way, that your web server is effectively 'answering' one of the requests, and then this causes autodiscover to fail.

    You can probably get round this by making your webserver only respond for 'www.' rather than 'yourdomain.com'

    • 0