KB ID 0000036
Problem
Seen in Outlook when connecting to a mailbox on an Exchange Server, its caused by using a self signed certificate OR a purchased certificate, where the internal and external names are different.
The name of the security certificate is invalid or does not match the name of the site.
Solution
Before proceeding if you have an A or CNAME record in your DNS for autodiscover then DELETE it and setup an SRV record!
Exchange AutoDiscover Errors – Creating an AutoDiscover SRV Record
1. On the Exchange Server > Start > All Programs > Microsoft Exchange Server {version} > Exchange Management Console. Issue the following four commands;
Exchange 2019 and 2016 (change the values in red)
Note: This uses the new Set-ClientAccessService commandlet, for older versions of Exchange use Set-ClientAccessServer.
Get-WebServicesVirtualDirectory -Server EXCHANGE-MAIL | Set-WebServicesVirtualDirectory -InternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx -ExternalURL https://mail.publicdomain.co.uk/ews/exchange.asmx Set-OWAVirtualDirectory -identity "EXCHANGE-MAIL\owa (Default Web Site)" -InternalURL https://mail.publicdomain.co.uk/owa -ExternalURL https://mail.publicdomain.co.uk/owa Get-OABVirtualDirectory -Server EXCHANGE-MAIL | Set-OABVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/OAB -ExternalURL https://mail.publicdomain.co.uk/OAB Get-ECPVirtualDirectory -Server EXCHANGE-MAIL | Set-ECPVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/ECP -ExternalURL https://mail.publicdomain.co.uk/ECP Get-MAPIVirtualDirectory -Server EXCHANGE-MAIL | Set-MAPIVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/MAPI -ExternalURL https://mail.publicdomain.co.uk/MAPI -IISAuthenticationMethods NTLM,Negotiate Get-ActiveSyncVirtualDirectory -Server EXCHANGE-MAIL | Set-ActiveSyncVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/Microsoft-Server-ActiveSync -ExternalURL https://mail.publicdomain.co.uk/Microsoft-Server-ActiveSync Set-OutlookAnywhere -identity "EXCHANGE-MAIL\RPC (Default Web Site)" -ExternalHostname mail.publicdomain.co.uk -InternalHostname mail.publicdomain.co.uk -InternalClientsRequireSSL $true -ExternalClientsRequireSsl $true -ExternalClientAuthenticationMethod:NTLM Set-ClientAccessService -Identity EXCHANGE-MAIL -AutoDiscoverServiceInternalUri https://mail.publicdomain.co.uk/Autodiscover/Autodiscover.xml
Exchange 2013 (change the values in red)
Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri https://mail.publicdomain.co.uk/autodiscover/autodiscover.xml Get-WebServicesVirtualDirectory -Server EXCHANGE-MAIL | Set-WebServicesVirtualDirectory -InternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx -ExternalURL https://mail.publicdomain.co.uk/ews/exchange.asmx Set-OWAVirtualDirectory -identity "EXCHANGE-MAIL\owa (Default Web Site)" -InternalURL https://mail.publicdomain.co.uk/owa -ExternalURL https://mail.publicdomain.co.uk/owa Get-OABVirtualDirectory -Server EXCHANGE-MAIL | Set-OABVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/OAB -ExternalURL https://mail.publicdomain.co.uk/OAB Get-ECPVirtualDirectory -Server EXCHANGE-MAIL | Set-ECPVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/ECP -ExternalURL https://mail.publicdomain.co.uk/ECP Get-MAPIVirtualDirectory -Server EXCHANGE-MAIL | Set-MAPIVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/MAPI -ExternalURL https://mail.publicdomain.co.uk/MAPI -IISAuthenticationMethods NTLM,Negotiate Get-ActiveSyncVirtualDirectory -Server EXCHANGE-MAIL | Set-ActiveSyncVirtualDirectory -InternalURL https://mail.publicdomain.co.uk/Microsoft-Server-ActiveSync -ExternalURL https://mail.publicdomain.co.uk/Microsoft-Server-ActiveSync Set-OutlookAnywhere -identity "EXCHANGE-MAIL\RPC (Default Web Site)" -ExternalHostname mail.publicdomain.co.uk -InternalHostname mail.publicdomain.co.uk -InternalClientsRequireSSL $true -ExternalClientsRequireSsl $true -ExternalClientAuthenticationMethod:NTLM
Exchange 2010 and SBS 2011 (change the values in red)
Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri https://mail.publicdomain.co.uk/autodiscover/autodiscover.xml Set-WebServicesVirtualDirectory -Identity "EXCHANGE-MAIL/EWS (Default Web Site)" –InternalUrl https://mail.publicdomain.co.uk/EWS/Exchange.asmx Set-OABVirtualDirectory -Identity “EXCHANGE-MAIL/OAB (Default Web Site)” -InternalURL https://mail.publicdomain.co.uk/OAB Set-ActiveSyncVirtualDirectory -Identity “EXCHANGE-MAIL/Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://mail.publicdomain.co.uk/Microsoft-Server-Activesync
Note:If you get repeated certificate prompts for ‘autodiscover.domain.com’ that should be from ‘mail.domain.com’, create an SRV record (_autodiscover) to redirect to mail.domain.con
Outlook Anywhere Note
If you intend to use Outlook Anywhere, you may also want to execute the following command. Particularly if you use SBS, which has a habit of setting remote.publicdomain.com as the default outside name.
Exchange 2007 (change the values in red)
Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri https://mail.publicdomain.co.uk/autodiscover/autodiscover.xml Set-WebServicesVirtualDirectory -Identity "EXCHANGE-MAIL/EWS (Default Web Site)" -InternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx Set-OABVirtualDirectory -Identity "EXCHANGE-MAIL/oab (Default Web Site)" -InternalUrl https://mail.publicdomain.co.uk/oab Set-UMVirtualDirectory -Identity "EXCHANGE-MAIL/unifiedmessaging (Default Web Site)" -InternalUrl https://mail.publicdomain.co.uk/unifiedmessaging/service.asmx
For Small Business Server 2008
For SBS 2008 the commands are Different! (the following commands are for Exchange 2007 on SBS 2008 ONLY;
Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri https://mail.publicdomain.co.uk/autodiscover/autodiscover.xml Set-WebServicesVirtualDirectory -Identity "EXCHANGE-MAIL/EWS (SBS Web Applications)" -InternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx Set-OABVirtualDirectory -Identity "EXCHANGE-MAIL/oab (SBS Web Applications)" -InternalUrl https://mail.publicdomain.co.uk/oab et-UMVirtualDirectory -Identity "EXCHANGE-MAIL/unifiedmessaging (SBS Web Applications)" -InternalUrl https://mail.publicdomain.co.uk/unifiedmessaging/service.asmx
Note: where EXCHANGE-MAIL is internal and mail.publicdomain.co.uk is external name
2. Then open the IIS Manager Expand Application Pools > MSExchangeAutodiscoverAppPool > Right Click > Recycle.
Note: You may have to enter the FQDN of the server rather than its Netbios name!!
Related Articles, References, Credits, or External Links
Original article written 04/11/11 – Updated 07/03/13
