Wildcard Autodiscover Outlook Client Warnings

If in your setup your external email domain is customer.com but your internal domain is customer.net for example unless the wildcard certificate contains the internal *.customer.net as well the clients will warn that the server cannot be trusted this is due to the fact that the certificate does not have the relevant information. But before you go away and purchase the additonal SAN’s on the wildcard certificate there is a work around for this using Exchange PowerShell:

Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri https://cas.customer.com/Autodiscover/Autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “CASServer\EWS (Default Web Site)” -InternalURL https://cas.customer.com/EWS/Exchange.asmx -BasicAuthentication:$true

Set-OABVirtualDirectory -Identity “CASServer\OAB (Default Web Site)” -InternalURL https://cas.customer.com/OAB

Note: You must ensure that you enable SSL on the OAB directory in IIS which is not on by default. The above command will only enable SSL, but will not ensure 128-bit SSL is required.

Enable-OutlookAnywhere -Server CASServer -ExternalHostname “cas.customer.com” -ClientAuthenticationMethod “Basic”-SSLOffloading:$False

As by default the URL’s will be the server names with the .net or .local whichever you have internally.

This will resolve those issues for you!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.