+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
Enterprise Software Thread, Autodiscover certificate error in Technical; Hi All, looking for some help with Autodiscover and hopefully this will be a quick resolution as i think it ...
  1. #1

    Join Date
    Mar 2010
    Location
    UK
    Posts
    43
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Autodiscover certificate error

    Hi All, looking for some help with Autodiscover and hopefully this will be a quick resolution as i think it will be a DNS configuration but my DNS knowledge is limited..
    Im working with a client whose email is being hosted by on our mail server. they are using outlook 2010/2013 and everytime they open outlook, they get a certification error. It seems that autodiscover functionality is looking for 'autodiscover.domain1.com.au' (Domain1 = client domain), and their mail server is 'mail.domain2.com.au' (domain2 = Email server domain). They are on a completely separate AD forest without any kind of trust in place, so are connecting over http i guess. in their exchange proxy settings the "use this URL to connect to my proxy server for exchange" is populated with the server within domain2 and has the mx record for the server entered in there.

    in its current state:
    the server is resolved using the fqdn of the mail server
    connecting to the mail server over http (from what i can grasp)
    when testing in the client domain, i cant seem to create a new outlook profile replicating other outlook profile settings as i cant authenicate against the administrator account for example.

    i have read up on autodiscover but cant seem to find anything that is specific to my scenario. i have created a service locator record to point at autodiscover.domain2.com.au. still no joy....

    Certificate Error attached.
    Attached Images Attached Images

  2. #2

    Join Date
    Mar 2010
    Location
    UK
    Posts
    43
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    i have just discovered that Out of Office cant be set up from the outlook client either, all users have to log into OWA to configure their OOO. Im sure this is all related, and im 95% certain this is a DNS configuration that is missing....
    Attached Images Attached Images

  3. #3

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    OOO is related to AutoD as it can't retrieve the settings so cannot be used.

    Just trying to get my head around this, are you a hosting provider?

    What is the endpoint that the customer connects to ?

    What certs do you have and what names are on it?

    Basically it's either rmissing a name for your end customer of they are connecting to the wrong endpoint.

    Really need to know how Exch Is deployed.

  4. #4

    Join Date
    Mar 2010
    Location
    UK
    Posts
    43
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    we are hosting their email yes. their mailboxes are on our mail server and their exchange settings within outlook point at our exchange server, as mentioned above this connects thru http. i was not the person who set this up so am not entirely sure how they got this working, but they left it in a way that autodiscover is throwing up this error each time the users open outlook.
    we have a certificate deployed for our exchange server in our domain, which again, their mailboxes reside on. i guess this is why it is moaning about the fact that the certificate doesnt match the name of the site. But its the correct server that outlook is connecting to so how do we establish a connection for AutoD to work?

  5. #5

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    What names do you have on your cert and what certs do you have binded to IIS. Maybe PM the details of the cert.

  6. #6
    wroberts's Avatar
    Join Date
    Apr 2013
    Location
    Leeds
    Posts
    41
    Thank Post
    1
    Thanked 8 Times in 7 Posts
    Rep Power
    4
    Quote Originally Posted by local-lad-steve View Post
    we are hosting their email yes. their mailboxes are on our mail server and their exchange settings within outlook point at our exchange server, as mentioned above this connects thru http. i was not the person who set this up so am not entirely sure how they got this working, but they left it in a way that autodiscover is throwing up this error each time the users open outlook.
    we have a certificate deployed for our exchange server in our domain, which again, their mailboxes reside on. i guess this is why it is moaning about the fact that the certificate doesnt match the name of the site. But its the correct server that outlook is connecting to so how do we establish a connection for AutoD to work?
    You may need to add a dns entry into your clients dns records for autodiscover.[Yourdomainname]

    And piint it to your public facing exchange address. I had a similar option with autodiscover in office365

  7. #7

    Join Date
    Mar 2010
    Location
    UK
    Posts
    43
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    thanks i did try this by adding a service locator record in and pointing to autodiscover.ourdomain.com.au. but this didnt work. but you suggest changing the autodiscover.ourdomain.com.au to our public facing ip?

  8. #8

    Join Date
    Dec 2008
    Location
    Lancashire
    Posts
    380
    Thank Post
    28
    Thanked 6 Times in 6 Posts
    Rep Power
    13
    I have only setup our AutoDis and it only works on the autodiscover.ourdomain.com and not on the ourdomain.com But if the other poeples domain name is not in the cert as a SAN then their autodiscover wont work as it will take the email address as user@theirdomain.com then it will search autodiscover.theirdomain.com for the info. My advice if you dont want to purchase another cert is to remove the autodiscover and issue the settings with your mail.domain.com so its only their email address that is different.

  9. #9

    Join Date
    Mar 2010
    Location
    UK
    Posts
    43
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    The settings specify my domain. the exch server specified is within my domain, the https setting points to mail.mydomain.com. then the user/mailbox specifies their email address. i.e. user@theirdomain.com - so their email address IS the only thing that is different. it is still coming up with the error that the site name is different to that on the cert.

  10. #10

    Join Date
    Mar 2010
    Location
    UK
    Posts
    43
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi All,

    after having been looking into some other work i have been put back on this task of resolving this issue. i looked at it again today and started fresh, created a new mailbox on my exchange server and changed the primary smtp address to be the clients address: steve@clientdomain.com.au. thought this is sitting on our exchange server. i set up outlook to use http(outlook anywhere) and set the address to ourdomain.com.au. the exchange server it is pointing at is exchangeserver.ourdomain.com.au. the user/mailbox name is steve@clientdomain.com.au. When we open outlook, it loads fine, then about 30 seconds later it pops up with the cert error and it appears that it is getting a certificate for clientdomain.com.au instead of ourdomain.com.au.

    i have tested this with other clients that we host email for and it works fine, there is no error and they must get the correct öurdomain.com.au cert. i cant understand why this particular client is receiving a different cert, if they are accessing our server, in our domain, accessing the mailbox on our exchange server.

    any thoughts how this could be happening.

    to me it is clearly a DNS problem - just not sure where. i have done a whois and confirmed the DNS settings appear to be correct. im stumped.

    any ideas are greatly appreciated.

  11. #11

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    So, are you hosting Exchange for companies?

    What do you have on your cert?

  12. #12

    Join Date
    Mar 2010
    Location
    UK
    Posts
    43
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    yes, we host exchange for many companies. our cert specifies our domain only, which works for outlook anywhere so long as you enter mail.ourdomain.com.au and put in the clients email address for the mailbox/username. just this one seems to be picking up a cert from somewhere else and i have no idea where.

  13. #13

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Where does clientdomain.com.au.AutoD record point to?

  14. #14

    Join Date
    Mar 2010
    Location
    UK
    Posts
    43
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    i dont see where this would be configured. from the internet i have configured the http setting to point at mail.ourdomain.com.au. We host their dns where the mx records point to message labs, but there is no autoD record and we havent had the need to set that up for any other client that all work fine.

  15. #15

    Join Date
    Mar 2010
    Location
    UK
    Posts
    43
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    i guess all other clients use our internal dns for autdiscover which points to the ip of the exchange server and it works. this is an assumption. but if this works for them, i still dont understand where this other company are getting this alternate cert from as they have identical settings within outlook clients.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Windows 7 64bit - https / certificate error !!!
    By burgemaster in forum Windows 7
    Replies: 9
    Last Post: 28th March 2014, 02:56 PM
  2. windows 7 certificates error
    By andy_nic in forum Windows 7
    Replies: 7
    Last Post: 20th March 2011, 12:05 PM
  3. Firefox Certificate Errors
    By LosOjos in forum Internet Related/Filtering/Firewall
    Replies: 2
    Last Post: 26th January 2010, 03:57 PM
  4. VMWare Server 2 Certificate Error
    By Zoom7000 in forum Thin Client and Virtual Machines
    Replies: 3
    Last Post: 15th October 2008, 03:00 PM
  5. https:// Certificate Error: How Do We Eliminate It?
    By DaveP in forum How do you do....it?
    Replies: 9
    Last Post: 25th October 2007, 01:15 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •