0

I am aware this is a known issue since that .local names weren't allowed in certificates anymore, but despite my research and my own intuition I cannot seem to find a solution to the problem I am having stemming form the fact that no user can send or retrieve email on their phones outside the network.

A lot of the articles in regards to this problem ask to make sure the virtual directories are correct in Exchange Server 2010, receive connectors are good, the external and internal URL's are the same, etc... but I haven't came across one talking about my particular issue which is the certificate being retrieved is the wrong one.

Here's what I get from Additional Details:

Host name autodiscover.lifecarefhdc.org doesn't match any name found on the server certificate CN=*.prod.iad2.secureserver.net, O="Special Domain Services, LLC.", L=Scottsdale, S=Arizona, C=US. Elapsed Time: 0 ms.

Interestingly, the tests pass previously.

Then in HTTP section, all the steps pass until:

Attempting to test potential Autodiscover URL https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml

Clearly that is wrong. Is this an external DNS issue perhaps?

Articles Read:

  1. http://www.puryear-it.com/blog/2013/03/18/fixing-certificate-errors-in-outlook-for-exchange-2010/ ...I can't post more till I get more rep. xD
Kevin Keeney
  • 1
  • 2
  • secureserver.net is part of GoDaddy's systems. This suggests that either autodiscover.[domain].org resolves to one of their server IPs (what address does it resolve to?) or you've imported one of GoDaddy's certificates into your IIS SSL config instead of your own (have you?). What test are you using? Outlook's own test? Have you tried https://testconnectivity.microsoft.com/ ? – TessellatingHeckler Nov 21 '15 at 02:42
  • @TessellatingHeckler That is correct, I am using testconnectivity.microsoft.com to test. Interestingly, using MXToolbox's DNS tool I found that the autodiscover resolves to GoDaddy's server's IP (107.180.21.18). Also, the DNS Checker found errors like "Bad Glue", "Serial numbers do not match", and "Local NS list does not match Parent NS list". What do they mean? – Kevin Keeney Nov 22 '15 at 02:29
  • Roughly, they mean that the setup of your domain in the global DNS system is wrong. "Serial number does not match" means the DNS servers handling your domain are out of sync with each other and may be answering with different IP addresses for whatever.yourdomain.com. Glue is a way around "*I need to lookup ns0.example.org, where is its main DNS server? it's ns0.example.org, I need to lookup ns0.example.org ... oh*". If you're willing to post your actual domain name into your question, it might help, otherwise you should sort that out before you sort autodiscover. – TessellatingHeckler Nov 22 '15 at 02:58
  • @TessellatingHeckler lifecarefhdc.org is the domain. – Kevin Keeney Nov 23 '15 at 00:17
  • I run it through http://mxtoolbox.com/SuperTool.aspx?action=dns%3a&run=toolpage and the *dns:domain.com* DNS test, and it says no glue problems, serial numbers match ... ? I tried it in TestConnectivity and none of the Autodiscover options were able to connect - you say "*the tests pass previously.*" - previous to what? I suggest you need to change autodiscover.{domain}.com DNS entry to point to your Exchange server's IP, but there are several possible ways to set it up. – TessellatingHeckler Nov 23 '15 at 01:36
  • @TessellatingHeckler I changed the record in the public DNS to the Exchange Server IP. See if this fixes it. Thank you! – Kevin Keeney Nov 26 '15 at 17:16

0 Answers0