Internal autodiscover not working
Hi all,
I have an exchange 2007 server, with a UCC certificate (mail.extdomain.com and autodiscover.extdomain.com)
Everything working properly from the outside but from the inside, if I type mail.extdomain.com it brings me to the router login page. So internal OOF fails as well (it can't find autodiscover.extdomain.com). What are my options?
September 7th, 2011 3:41pm
You could consider using Split DNS and host a copy of your external domain DNS zone internally, substituting IP addressing for the external IP addresses.
Alternatively, as it sounds like your router is performing NAT and port forwarding from a single external IP (just a guess), check if your router can be configured to port forward internal requests on port 80 and 443 to the external IP back to your Exchange
server in the same way the external requests are.
SteveSteve Goodman
Check out my Blog for more Exchange info or find me on
Twitter
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2011 5:04pm
You just hit the nail on the head. Yes the router is performing NAT and port forwarding from a single ext. IP.
Ok a few questions:
- is there any way of setting the internal EWS to the netbios name of the CAS without getting a certificate error?
- if I do split DNS, is there any of way of avoiding the need to configure the WWW and the rest of the external records and just make sure they are forwarded outside?
- The router has a simple port forwarding option, what feature that will achieve what you're describing is missing on it?
Thanks for your helpful answers.
September 7th, 2011 5:39pm
Hiya,
- is there any way of setting the internal EWS to the netbios name of the CAS without getting a certificate error?
Only if you disabled the requirement for SSL, which isn't a great idea.
- if I do split DNS, is there any of way of avoiding the need to configure the WWW and the rest of the external records and just make sure they are forwarded outside?
Not easily, unfortunately, you end up managing two DNS setups in parallel when you do it this way. If it's a small number (under ~50?) then any solution will be more complicated than just updating the occasional record in both places.
- The router has a simple port forwarding option, what feature that will achieve what you're describing is missing on it?
It depends on your router, it might not even do it. For example, at home on my DD-WRT based router I use the following iptables command to do this, though I doubt this will help much as it's pretty specific:
iptables -t nat -A POSTROUTING -j MASQUERADE
SteveSteve Goodman
Check out my Blog for more Exchange info or find me on
Twitter
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2011 5:56pm
So there is no way of adding an internal CERT to the current one?
September 8th, 2011 1:17pm