0

We have an internally hosted Exchange server on the company domain, domain joined clients are able to autodiscover our exchange server with no issues. We have a laptop that will not be joined to the domain but we still require access to the exchange server through outlook.

The issue is our domain is 'MyDomain.local' and the email addresses are '@Corporation.gov' and this non-domain joined machine is failing to autodiscover.

I have tried to override the hosts file to point from 'autodiscover.corporation.gov' directly to the exchange servers address but this does not work.

I have tried to edit the outlook registry settings on the effected machine using any combination of the following keys

ExcludeExplicitO365Endpoint 1
ExcludeHttpRedirect 1
ExcludeHttpsAutodiscoverDomain 1
ExcludeHttpsRootDomain 1

I have used this documentation to verify we do indeed have a SRV record setup https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/verify-srv-dns-records-have-been-created

And my initial troubleshooting was based off this documentation as well.. https://docs.microsoft.com/en-us/outlook/troubleshoot/profiles-and-accounts/unexpected-autodiscover-behavior

Testing autodiscover from within outlook always fails. Outlook AutoDiscover Test Fail Here in the test, the blanked out domain is 'Corporation.gov' which differs from our internal networks domain of 'MyDomain.local'.

I can point the effected machines browser at https://autodiscover.corporation.gov/autodiscover/autodiscover.xml (after doing the hosts redirect) and it pops up with a security certificate error asking me to continue, upon continue it then pops up with a username/password box asking me to login to get access to the page. If I type the username/password combination for the email address in question then it gives me access to the page.

I am wondering if the invalid security certificate and/or the autodiscover.xml page requiring me to login could be giving this issue?

Does anyone have any help/suggestions I've been trying to get this setup for about a week now and am racking my brain on it. Thank you very much for your time.

KKlouzal
  • 81
  • 5
  • Add that unknown cert to the Windows cert store, it sounds like it is related. Also, perhaps you can try to add dns suffice for the domain(s) in your environment to the TCP/IP settings. Those are two quick ideas I have you can test. – Pimp Juice IT Nov 12 '20 at 15:54
  • Hi, it's been a long time, is there any update? If your problem has been fixed, you could mark the best answer or share your solutions. Have a nice day:-) – Ivan_Wang Nov 25 '20 at 01:53

2 Answers2

1

Create a CNAME in your DC's DNS with hostname

mail.Corporation.gov

that refers to your Exchange hostname

exchange.MyDomain.local

than create an MX entry for domain

Corporation.gov

that points to

mail.Corporation.gov

You also have to create a CNAME

autodiscover.Corporation.gov

that points to

exchange.MyDomain.local

Since your Exchange knows to be the final destination for the Corporation.gov domain, it shall correctly serve auodiscover functions to the laptop.
It is althought important that the configured DNS in the laptop is your DC.

user2965433
  • 190
  • 10
  • Corporation.gov is off limits to us and they refuse to make any of our requested changes.. I have verified DHCP is serving the primary and secondary DC to all connected machines, domain joined or not. – KKlouzal Nov 12 '20 at 16:06
  • If you can't control the internal DNS of your company it will be very difficult to manage autodiscover process correctly. The problem you are having is the demonstration of why MS deprecates the use of .local extension domains since Windows Server 2008 – user2965433 Nov 12 '20 at 16:10
  • We have complete control of the internal network, unfortunately the '@corporation.gov' domain is above us at this time and as such we have no rights to make changes, as ridiculous as it is, especially in this case when adding these few records would remedy this issue. There must be a workaround.. – KKlouzal Nov 12 '20 at 16:16
  • Don't you have a local DNS in your branch? Can't you install one? – user2965433 Nov 12 '20 at 16:17
  • Yes we internally host our DNS servers here for the entire network. – KKlouzal Nov 12 '20 at 16:53
  • 1
    That's all you need – user2965433 Nov 12 '20 at 16:54
  • If on our internal DNS servers create the MX and CNAME record for Corporation.gov will users that attempt to hit corporation.gov for non-mail related things bypass our DNS and go up the chain to the next DNS server that holds all the official records for corporation.gov? In other words, I am afraid that if we create a single record for corporation.gov on our DNS servers then it will never reach out past our DNS servers for other things related to that domain? – KKlouzal Nov 12 '20 at 17:54
  • if your local Exchange server is final destination for corporation.gov there are no risks. All other DNS for web and other services not involved in mail is relayed to upper level DNS. You can remove new DNS enteries if something goes wrong with no future effects. – user2965433 Nov 12 '20 at 18:46
  • Even though our DNS server is setup as an authorative server..? – KKlouzal Nov 12 '20 at 19:15
  • If it serves only internal network, I don't see big problems. But cannot swear on it. Please consider using chat if you need to go on with this discussion – user2965433 Nov 12 '20 at 20:05
0

Try to run the following commands to see your server configurations(e.g. Urls of Virtual Directories, Exchange Certificate etc.):

Start-Transcript <Location stored the .txt file>\log.txt
Get-OabVirtualDirectory -Server <Server Name> | fl server, Name, InternalUrl, ExternalUrl
Get-WebServicesVirtualDirectory -Server <Server Name> | fl server, name, InternalUrl, ExternalUrl
Get-EcpVirtualDirectory -Server <Server Name> | fl server, Name, InternalUrl, ExternalUrl
Get-ActiveSyncVirtualDirectory -Server <Server Name> | fl server, Name, InternalUrl, ExternalUrl
Get-OutlookAnywhere -Server <Server Name> | fl server, Name, InternalHostname, ExternalHostname
Get-OwaVirtualDirectory -Server <Server Name> | fl server, Name, InternalUrl, ExternalUrl
Get-ClientAccessService -Identity <Server Name> | fl Name, OutlookAnywhereEnabled, AutodiscoverServiceInternalUri
Get-ExchangeCertificate -Server <Server Name> | fl FriendlyName, CertificateDomains, Services, Issuer, NotAfter
Get-MapiVirtualDirectory -Server <Server Name> | fl server, Name, InternalUrl, ExternalUrl
Get-OrganizationConfig | fl MapiHttpEnabled
Get-OutlookProvider 
Stop-Transcript

You could check out Adam's guide Exchange Autodiscover – A Guide to Making Exchange Work Properly to see if other configurations(e.g. DNS records) of your Exchange server are proper.

Ivan_Wang
  • 1,333
  • 1
  • 4
  • 4