It is a best practice not to use server FQDNs or NetBIOS names on a cert. So please be sure to update all InternalURLs, ExternalURLs, and the AutodiscoverServiceInternalURI to use an FQDN other than the server FQDN and other than the NetBIOS names of the servers. Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri īy default, the SCP is configured with the following URL (Uses NetBIOS instead of FQDN). You can modify this FQDN by using the following command: This SCP will return the AutodiscoverInternalURI FQDN in which this client should contact the Autodiscover service. If you have slow links or want to scope what SCPs are available to users in various sites, Autodiscover Site Affinity can be used. When an Outlook client has the ability to find this record because they are domain joined and on the internal network, they will locate all SCP records and will choose the oldest SCP. Every time a CAS Server is installed, it will register this SCP record within Active Directory in the following location:ĬN=Autodiscover,CN=Protocols,CN=,CN=Servers,CN=Exchange Administrative Group,CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services When you first launch your Outlook client (Outlook 2007 or above required for Autodiscover access), it will search Active Directory for a Service Connection Point (SCP) record. Provides URLs to Web Services for Outlook 2007/2010/2013.Redirects Outlook 2007/2010/2013 clients to point to the correct server in which their mailbox is located.The Autodiscover service is a mechanism that can do several things. Internal Autodiscover and the Service Connection Point
Well first, let’s explore a little on the steps External Autodiscover goes through in order to find Exchange. So the million dollar question? Why the error and why is it showing the company’s public website’s certificate. The certificate error that pops up shows you that it is finding the certificate on your company’s public website. The certificate you see pop up in Outlook during the error isn’t even the certificate that is located on Exchange. This issue is that when you are trying to make a connection to Autodiscover via, the Outlook client does not successfully make a connection to it and you get a certificate error. Therefore, you must update the InternalURLs, ExternalURLs, and AutodiscoverServiceInternalURI to match the certificate FQDN. For example, you make a connection to Exchange and your InternalURLs, ExternalURLs, and AutodiscoverServiceInternalURI FQDN is not defined on the certificate.
That blog post describes an incorrect certificate on Exchange itself. I have a blog post on Outlook Certificate Errors which applies to Outlook 2007, Outlook 2010, and Outlook 2013.
0 kommentar(er)
