Exchange 2019 on-premises auto-discovery issue with IOS Mail app. Mail app discovers wrong SSL

Question

So I have my Exchange 2019 hosted on-premise with a purchased SSL for mail.example.com. Outlook and OWA work great with auto-discovery both onsite or offsite. When I add an email account into my iPhone mail app that is on my Exchange server i get an error "Cannot Verify Server Identity" This clearly is happening because the IOS app is loading a certificate from my hosting company for my website avsimplified.com However my exchange server is on my own server at mail.avsimplified.com

So avsimplified.com is at 66.96.147.96 public IP address and mail.avsimplified.com is at 173.218.1.192 public IP address.

I have added to my Godaddy DNS the following:

srv _autodiscover._tcp.mail 0 0 443 mail.avsimplified.com. 600 seconds

I am at a loss how to get the IOS app to pull the correct AutoDiscover and therefor the correct SSL certificate. Any help would be greatly appreciated.

Microsoft Remote Connectivity Analyzer results are as follows:

http://avsimplified.com/RCATestResult.html

AutoDiscover XML Tool Log

http://avsimplified.com/AutoDiscoverXMLTool-Results.txt

Give us the actual domain name so we can... you know... actually check it for ourselves. — joeqwerty, Jan 22 '22 at 20:45
Done. Was not sure if it would be needed... Thanks for looking at this. — Brian, Jan 22 '22 at 23:24

score 0 · Answer 1 · answered Jan 24 '22 at 15:06

This is due to how iOS processes autodiscover. It tries to hit https://<yourdomain>.com/microsoft-server-activesync first; which in your case has a certificate for *.<differentdomain>.com that doesn't match. I'd recommend working with your web host to redirect that to mail.<yourdomain>.com or disabling it entirely.

Exchange 2019 on-premises auto-discovery issue with IOS Mail app. Mail app discovers wrong SSL

1 Answers1