Outlook Address Book and non domain computers
We had to add another accepted email domain to our server, which all worked good. The issue is the users who use this domain, their computers are not currently joined to the domain. They have Domain User accounts and are setup fine there, but
any time they try to send and receive they get 0X80004005 errors. They also get certificate popups for autodiscover for their domain. This happens with them on the subnet of the server and when connected to vpn as well.
We have a single exchange server with Hub Transport, Client Access, and Mailbox roles active. We currently only use self-signed certificates.
I don't know how I should fix this, do I need to recreate the self signed certificate with the added autodiscover? Can I add another SSC with the added autodiscover?
Thanks in advance.
May 1st, 2012 12:29pm
domain joined computers use the AD SCP value for autodiscover (e.g. Get-ClientAccessServer | select *uri). Non-domain joined computers use DNS to find autodiscover (e.g. autodiscover.domain.com, domain.com/autodiscover). Its
likley your autodiscover.domain.com dns records dont point to the right place or dont have the correct name in the certificate, or its not trusted.
Mike Crowley | MVP
My Blog --
Planet Technologies
Free Windows Admin Tool Kit Click here and download it now
May 1st, 2012 5:29pm
Okay, so I need to add dns records...here is my question....
The main email setup is under domain1 and all users of that domain, use domain joined pcs...
The new email domain we just added (domain2) is only used by 3 non-domain joined pcs...when Outlook is fired up, it looks for autodiscover.domain1.org....if i put the autodiscover dns record in my dns and point it to my exchange server...will that fix it?
May 1st, 2012 5:33pm
You could create a cname so that autodiscover.domain2 points to autodiscover.domain1, but you'd also need a subject alternate name on your SSL certificate to support this. If you don't want to use multiple SSL certificates, you can configure autodiscover
redirection, but it's probably not worth it for 3 users.
I might just edit the host file on those 3 computers to ensure they never find autodiscover.domain2.
Mike Crowley | MVP
My Blog --
Planet Technologies
Free Windows Admin Tool Kit Click here and download it now
May 1st, 2012 6:01pm
So if I understand you correctly......I could create another SSL cert with the autodiscover.domain2 on it and put it on my server to go along with the cname part to make that work? Or would I have to remake the Self Signed Cert I have on file already
to add that subject alternate name to it? (As I can't seem to find a way to add an alternate name to an already existing exchange cert)
May 1st, 2012 6:05pm
You would need a new cert with multiple names, such as:
owa.domain1.comautodiscover.domain1.comautodiscover.domain2.com
Also if it's not trusted by the computers that's a problem too. You should purchase a certificate from godaddy, entrust, digicert, etc
Mike Crowley | MVP
My Blog --
Planet Technologies
Free Windows Admin Tool Kit Click here and download it now
May 1st, 2012 6:45pm
Thanks Mike!
May 3rd, 2012 11:28am