0

Recently we had an issue with the Exchange autodiscover.xml appending ".com" to our mail servers autodiscover address. It resulted in a certificate error due to the name not matching the certificate. After hunting that down and correcting it (by someone much smarter than me) I got to thinking how, other than by a dumb mistake, would that get changed?

Obviously my main concern is some type of vulnerability or exploit in our network or mail server. After a little research I couldn't find anything real obvious that it could be and I was hoping someone here would be able to point me to some resources I could use to continue my research.

Also any thoughts on how else this could have happened and how it could be prevented in the future would be appreciated.

tkiuntke
  • 1
  • 1
  • 1
    Frankly, after having administered an Exchange server, I wouldn't assume that something malicious happened: it's Exchange - it likes to mess with itself. On a more direct note, I doubt very much that this could have been caused by a malicious action. There are just too many valid ways for this problem to have occurred legitimately. – schroeder May 28 '15 at 17:07
  • That's about what I expected. I had to ask because how else can you learn. Thanks! – tkiuntke Jun 01 '15 at 17:09

1 Answers1

1

It's likly exchange is just getting the wrong config/setup wrong you can FORCE the correct settings this way without local administrator

This is how I setup autodiscover

the xml file is placed on your local disk some place and edit the path to your exchange XML server RedirectUrl

autodiscover.xml

<?xml version="1.0" encoding="utf-8" ?>

<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">

<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">

<Account>

<AccountType>e-mail</AccountType>

<Action>redirectUrl</Action>

<RedirectUrl>https://mail.COMPANY.com/autodiscover/autodiscover.xml</RedirectUrl>

</Account>

</Response>
</Autodiscover>

the reg patch is just modified to reflect the path to the XML file above

autodiscover.reg

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\outlook\Autodiscover]
"COMPANY.com"="H:\\COMPANY\\Outlook\\autodiscover.xml"


[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\outlook\Autodiscover]
"COMPANY.com"="H:\\COMPANY\\Outlook\\autodiscover.xml"

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\outlook\Autodiscover]
"COMPANY.com"="H:\\COMPANY\\Outlook\\autodiscover.xml"

[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\outlook\Autodiscover]
"COMPANY.com"="H:\\COMPANY\\Outlook\\autodiscover.xml"

restart outlook profit

RmccurdyDOTcom
  • 11
  • 2