We have an external domain name that our "parent" company location created and controls for us. We are upgrading to Exch 2010 and need to get a SAN cert . My concern is the names to use. our domain name https://webmail.abc.theotherco.com gets forwarded to us from the parent co. We don't own an external domain name ourselves. Can I get a cert that uses our current webmail domain name: webmail.abc.theotherco.com name and then for autodiscover and the legacy name have something internally configured that redirects the traffic for autodiscover and legacy? Since they use the abc.theotherco.com already for their location I can not use that name. Our internal domain name is our own we created but is only accessible internally and not from the outside. Any help would be appreciated. FYI we will have a CAS server array and load balancer.

So the parent domain has delegated "ABC" to you? Then yes SAN cert for webmail.abc.theotherco.com and autodiscover.abc.theotherco.com. For legacy it does need an external DNS record as well as an internal DNS record because when proxy redirection happens the user will hit the webmail.abc.theotherco.com first and will get back a 451 error code and tell the client to connect using the externalURL which would be the legacy.abc.theotherco.com. James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

I think I should clarify..I don't know why I can't get this .......but we do not have an external domain name we control the webmail domain accessible from the outside is not controlled by us. They just have a forwarder in place that forwards anything that goes to webmail.abc.theotherco.com to us. I want to know what to put for the autodiscover entry on the cert. Does we have to have a have them setup autodiscover.abc.theothercompany.com or can I configure a redirect internally that anything from webmail.abc.theotherco.com gets redirected to an internal url we setup? Also to confirm you are saying that if we use a legacy name on our cert we will need to have that be valid both internally and externally so it would be legacy.abc.theothercompany.com? What if they are already using that name would we have to get a domain name of our own or can we also use it? Hope this makes sense.

So basically you don't manage your own DNS that's ok. Have the provider add autodiscover.abc.theothercompany.com. You can't set up anything internally to get autodiscover to work outside your network; they need external DNS resolution for autodiscover.abc.theothercompany.com or using a srv record for abc.theothercompany.com. Yes you will need a legacy.abc.theotehrcompany.com. You don't necessarily need to name it legacy it can be test.abc.theothercompany.com it just needs to be different from webmail.abc.theothercompany.com, if they are already using legacy then use a different name. Now if this company that's hosting abc.theothercompany.com already has an exchange infrastructure then you will obviously run into issues because they will already be likely using autodiscover.abc.theothercompany.com. James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

The provider has set up a external DNS name for us autodiscover.abc.theothercompany.com. I am having issues with using autodiscover and I believe the reason why is that our internal email address is myname@mycompany.com. The other company has external DNS setup for the domain @theothercompany.com and basically forwards anything that comes in with @theothercompany.com to us. Our domain is myname@mydomain.theothercompany.com and has an alias for my email myname@mydomain.com which has a DNS record set up . I have asked and and they said they can't set up the autodiscover.mydomain.com in external DNS because then it would make mydomain a subdomain. they said they could use an autodiscover-mydomain.theothercompany.com but I don't know if you can use a - in the autodiscover url. I asked them to create a SRV record for autodiscover.abc.theothercompany.com would this work? I would think the external DNS would work but I get errors. It would be so much easier if we took care of our domain :) 2 other questions: The cert only has the autodiscover.abc.theothercompany.com name in it. I know that autodiscover uses anything after the @ on the address to try to resolve the name automatically. Would I have use my email myname@theothercompany.com to configure Outlook with autodiscover externally? If I get a srv record created do I have to change my cert to reflect myname@mydomain.com or would the srv record take care of this and I could leave the cert as is? I am almost done and this is my last hurdle :) thank you so much for any help.

The provider has set up a external DNS name for us autodiscover.abc.theothercompany.com. I am having issues with using autodiscover and I believe the reason why is that our internal email address is myname@mycompany.com. The other company has external DNS setup for the domain @theothercompany.com and basically forwards anything that comes in with @theothercompany.com to us. Our domain is a subdomain which has a DNS record set up and I don't know, although I have asked and am awaiting a reply, if they can set up the autodiscover.mydomain.com in external DNS. If they can't I asked them to create a SRV record would this work? 2 other questions: The cert only has the autodiscover.abc.theothercompany.com name in it. I know that autodiscover uses anything after the @ on the address to try to resolve the name automatically. Would I have use my email myname@theothercompany.com to configure Outlook with autodiscover externally? If I get a srv record created do I have to change my cert to reflect myname@mydomain.com or would the srv record take care of this and I could leave the cert as is? I am almost done and this is my last hurdle :) thank you so much for any help.