Wildcard Autodiscover Outlook Client Warnings

If in your setup your external email domain is customer.com but your internal domain is customer.net for example unless the wildcard certificate contains the internal *.customer.net as well the clients will warn that the server cannot be trusted this is due to the fact that the certificate does not have the relevant information. But before you go away and purchase the additonal SAN’s on the wildcard certificate there is a work around for this using Exchange PowerShell:

Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri https://cas.customer.com/Autodiscover/Autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “CASServer\EWS (Default Web Site)” -InternalURL https://cas.customer.com/EWS/Exchange.asmx -BasicAuthentication:$true

Set-OABVirtualDirectory -Identity “CASServer\OAB (Default Web Site)” -InternalURL https://cas.customer.com/OAB

Note: You must ensure that you enable SSL on the OAB directory in IIS which is not on by default. The above command will only enable SSL, but will not ensure 128-bit SSL is required.

Enable-OutlookAnywhere -Server CASServer -ExternalHostname “cas.customer.com” -ClientAuthenticationMethod “Basic”-SSLOffloading:$False

As by default the URL’s will be the server names with the .net or .local whichever you have internally.

This will resolve those issues for you!

2 thoughts on “Wildcard Autodiscover Outlook Client Warnings

  1. Nice post. I used to be checking continuously this blog and I am impressed!
    Very useful info specially the ultimate section 🙂 I deal with
    such info a lot. I was looking for this certain info for a long time.
    Thanks and good luck.

  2. Very great post. I just stumbled upon your blog and wished to mention that I’ve truly enjoyed browsing your weblog posts. In any case I’ll be subscribing in your feed
    and I’m hoping you write again soon!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.