Clicky

In this Exchange 2010, when I view cert, on the General tab, in front of Issued To, I see only one name -- internal FQDN of server.

How may I view other names, if any, for which this cert may be valid?

Is autodiscover.domainname.com a requirement for Exchange 2010? We sure are having Connectivity Issues with Outlook 2010. Thanks.

asked 12/16/2011 09:26

Akulsh's gravatar image

Akulsh ♦♦


6 Answers:
Click the Details tab and then you will see more information.  It could be under Subject, or Subject Alternative Names area probably.
The autodiscover name should be there.  I think you can setup a DNS SRV record too if you don't have the autodiscover name.
link

answered

chakko's gravatar image

chakko

you can use powershell to get the certificate details:

'Get-ExchangeCertificate' command to view all certificates in local store of the server.

Then copy the thumbprint of each of above listed certificate to get the detailed properties of each certificate where information regarding subject name, date, status, issuing authority, expire date and status and service attached are listed.

Get-ExchangeCertificate <thumbprint of the certificate> | fl

For you to use autodiscover, you need to have ceritificate issued to that service (autodiscover.domain.com) in SAN
link

answered 2011-12-16 at 21:04:15

kpa2011's gravatar image

kpa2011

You both helped me make progress:
-- In GUI, in Details, under SUBJECT ALTERNATE NAME, I could see all names.
-- in PowerShell, with Get-ExchangeCertificate command, I could see names under CertificateDomains.

Thank you both.

Now, about the 2nd half of my question, which was:
Is cert for autodiscover.domainname.com a requirement for Exchange 2010 to work properly with Outlook 2010? Thanks.

link

answered 2011-12-16 at 21:10:05

Akulsh's gravatar image

Akulsh

yes.  you should have that name

If the autodiscover name is not in your SSL then you can use a DNS SRV record.

Take a look at this

http://support.microsoft.com/kb/940881

link

answered 2011-12-16 at 22:23:18

chakko's gravatar image

chakko

Thanks.

I read that article. It keeps saying - The autodiscover record must be created in the contoso.com external DNS zone.

Not sure what "external' means here. This company does have different SMTP domain name (after @ in email address) than AD domain name. Does 'external" mean SMTP domain name that needs to be modifed in internal AD DNS servers, OR does 'external' mean SMTP domain name that needs to be modified only on external (public) non-AD DNS servers?

BTW, the internal users of Outlook 2010 are having problems. Thanks.
link

answered 2011-12-16 at 22:31:44

Akulsh's gravatar image

Akulsh

If your outlook is outside of your Office (like a user at home) then it would access Public DNS servers, so you would need to create the DNS record on the Public DNS server for your domain.

Inside your office you should be accessing the Internal LAN DNS server so you should try to create the record on your Internal DNS server.

Of course, your public DNS and private LAN DNS servers could  be the same server, but it probably is not.
link

answered 2011-12-16 at 23:55:01

chakko's gravatar image

chakko

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×1

Asked: 12/16/2011 09:26

Seen: 230 times

Last updated: 12/16/2011 05:51