1

my setup: Exchange 2016 with multiple domains configured.
My problem:
I configured a http redirect for autodiscover:
autodiscover.example.org redirect to https://autodiscover.foo.org/autodiscover/autodiscover.xml
EWS and Active Sync Clients can connect without problem, but Windows Outlooks (Mapi over HTTP) give me a certificate error (because the redirect webserver has certificate installed).

So my workaround was to create a SRV record:
_autodiscover._tcp.example.org to 0 0 443 autodiscover.foo.org

Now Windows Outlooks (Mapi over HTTP) can access without certificate problems, but EWS and Autodiscover throw a certificate error.

Hoe can I solve this stupidity???

fips123
  • 361
  • 1
  • 5
  • 16

1 Answers1

1

The site which the clients hit for Autodiscover - so Autodiscover.example.com MUST NOT have HTTPS enabled on it. It needs to be a separate site which is using http only. Due to the way that HTTPS is bound, that means a dedicated IP address externally and internally, so that https://autodiscover.example.com/ does not work.

You will not need to have an SRV record.

The SRV record is almost the last method tried by the client, so if the earlier ones work (even incorrectly) you will get an SSL prompt.

Sembee
  • 2,854
  • 1
  • 7
  • 11
  • Yes, this is what I tried next and which worked. But now Autodiscover takes 5 times longer... – fips123 Oct 06 '16 at 08:53
  • It shouldn't do. That suggests that something isn't configured correctly and it is sitting there waiting for a time out. Run a test account through the Microsoft test site at http://exrca.com/ and also run an Outlook Autodiscover test. http://semb.ee/adt – Sembee Oct 06 '16 at 21:33