Hello,

Here is me with certificate question again 

Outlook 2007 autodiscover feature works, but I always get Security Alert for autodiscover.alpineskihouse.com "The name on the security certificate is invalid or does not match the name of the site". This is public single certificate issued to webmail.consolidatedmessenger.com.

Thank you for your help

Alex

I tested autodiscover and this is what I got:

[PS] C:\>Test-OutlookWebServices -identity:user@alpineshihouse.com | ft * -AutoSize -Wrap

  Id        Type             Message
  --         ----               -------
1003      Information   About to test AutoDiscover with the e-mail address user@alpineshihouse.com
1005      Error            When accessing https://excas07.consolidatedmessenger.local/Autodiscover/Autodiscover.xml the error "RemoteCertificateNameMismatch:CN=webmail.consolidatedmessenger.com, OU=Domain Control Validated, O=webmail.consolidatedmessenger.com" was reported.
1013      Error            When contacting https://excas07.consolidatedmessenger.local/Autodiscover/Autodiscover.xml received the error The remote server returned an error: (404) Not Found.
1006      Error            Failed to contact AutoDiscover

This is exactly what is happening with Outlook 2007 autodiscovery. I don't undertand why it is going to https://excas07.consolidatedmessennger.local and not to https://autodiscover.consolidatedmessenger.local

Thank you

Alex

 

Hello,

Check that:

• 1. Autodiscover.alpineskihouse.com is a CNAME to autodiscoverredirect.consolidatedmessenger.com (see Procedure RUN.33 in HMC 4 documentation)
• 2. The redirection on the XML file is pointing to autodiscover.consolidatedmessenger.com (see Procedure DWHE.82)

HTH,

Samuel

That is all in place. It looks like Exchnage is looking at the wrong place for AutoDiscover virtual directory

Thank you

Alex

Alex,

    you need at least 2 certificates. One for OWA/Outlook Anywhere, one for Autodiscover service.

So you have to request and import another SSL certificate for the AutoDiscover Web Site(autodiscover.consolidatedmessenger.com for the Common name).  For default exchange installation, autodiscover virtual directory is under the "Default Web Site" ,  HMC4 guide moved Autodiscover subweb to a new website called "Autodiscover" and a redirect site named "Autodiscoverredirect"

For each hosted e-mail domain, you should set up a site together with its corresponding DNS entries. For example, the domain named for example alpineskihouse.com should be called autodiscover.alpineskihouse.com,but you do not have to set up SSL certificate for this domain name.

The autodiscover.alpineskihouse.com is a CNAME DNS record and redirect to autodiscoverredirect.consolidatedmessenger.com. Make sure that you do not configure other options such as The exact URL entered above and A permanent redirection for this resource. Configuring redirection in this manner ensures that the Outlook 2007 client receives an HTTP 302 response. 

After you configure redirection, Outlook 2007 clients will try to connect to https://alpineskihouse.com/autodiscover/ and https://autodiscover.alpineskihouse.com/autodiscover/ by using an HTTP POST request. Because these sites are unavailable, Outlook will try an HTTP GET request to http://autodiscover.alpineskihouse.com/autodiscover. Finally, it will point to https://autodiscover.consolidatedmessenger.com/autodiscover/autodiscover.xml

Regards,
Randy  

Try run Get-AutodiscoverVirtualDirectory 

check Identity Line.

 

Randy 

Randy, thank you very much for your help.

I have 2 public certificate, one of them assigned to autodiscover.consolidatedmessenger.com.

Hosted email domains have CNAME record:
autodiscover.alpineskihouse.com CNAME autodiscoverredirect.consolidatedmessenger.com

http://autodiscover.alpineskihouse.com/autodiscover/autodiscover.xml is redirecting to https://autodiscover.consolidatedmessenger.com/autodiscover/autodiscover.xml with no certificate warning and shows:

https://autodiscover.alpineskihouse.com/autodiscover/autodiscover.xml doesn't work

Identity                      : EXCAS07\Autodiscover (AutoDiscover)

 

One more note, Outlook 2007 autodiscovery is working but during the autodiscovery and every time Outlook is started again there is security alert for autodiscover.alpineskihouse.com sying that name on the certificate is invalid. View Certificate shows webmail.consolidatedmessenger.com (?) I can't understand where is webmail.consolidatedmessenger.com coming from, when it should be autodiscover.consolidatedmessenger.com

Thank you

Alex

I think your settings are correct.

Test-OutlookWebServices cmdlet will use internal URI to test the AutoDiscover service connection.

you can use Get-ClientAccessServer |fl
you may get
AutoDiscoverServiceInternalUri : https://excas07.consolidatedmessenger.local/Autodiscover/Autodiscover.xml

In HMC4.0, we configure a separate site on the CAS server to host the Autodiscover service, and there is no autodiscover.xml file under Default Web Site\Autodiscover , so you may get a 404 not found error. That means we should not use Test-OutlookWebServices to verify the autodiscover service (it will use the internal URI which was removed). On client side, outlook use external URI to connect to Autodiscover service (https://autodiscover.consolidatedmessenger.com/autodiscover/autodiscover.xml).

 Because redirection is configured on this site, IIS will return a 302 redirection response for https://autodiscover.consolidatedmessenger.com. The client will receive the response and prompt the user to accept or reject the request. The user must accept this request. After this occurs, the client will then be redirected by using an HTTPS POST request. Then there will be no security alert. Finally, the client will receive the necessary Autodiscover service response.

 

On your CAS server, open IIS Manager, right click "Autodiscover" site to open the properties window, then goto "Directory Security" tab, click "View Certificate..", make sure this certificate is issued to autodiscover.consolidatedmessenger.com, and the status of it is OK.

Regards,
Randy
 

I am sorry for being a problematic, but for some reason my Outlook is not working that way, and I can't find why. After Outlook 2007 configuration is completed (with Security Alert) every time Outlook is started I have the same Security Alert - autodiscover.alpineskihouse.com, the name on the security certificate is invalid, question "Do you want to proceed?" Yes/No/View Certificate. View Certificate shows Issued to: webmail.consolidatedmessenger.com.

In IIS I have 3 web sites - Default Web Site (cert webmail.consolidatedmessenger.com), AutoDiscover (cert autodiscover.consolidatedmessenger.com) and AutoDiscoverRedirect (no cert)

Thank you

Alex

Not sure if this is important, but Get-OutlookProvider shows no servers:

[PS] C:\>get-outlookprovider

Name                       Server                     SSL
----                           ------                        ---
EXCH
EXPR
WEB

Alex

 Press Ctrl key, then click Outlook icon in the systray, select "Test-Email AutoConfiguration", type a user's email address and password, check Use AutoDiscover and clear other 2 options, click Test.

See you log window 

Last 2 lines:

Autodiscover to https://autodiscover.alpineskihouse.com/autodiscover/autodiscover.xml succeeded (0x00000000)
Redirect check to https://autodiscover.alpineskihouse.com/autodiscover/autodiscover.xml succeeded (0x00000000)

Thank you

Alex

One more thing. Even if I don't use Outlook's 2007 autodiscover feature and configure mailbox manually, I am receiving the same security alert message each time Outlook is started

Thank you

Alex