Updating record in random access file
Taking a close look at the URLs, we will utilize https.This means that we will need the autodiscover.name in our certificate.Therefore, you must update the Internal URLs, External URLs, and Autodiscover Service Internal URI to match the certificate FQDN. This issue is that when you are trying to make a connection to Autodiscover via https://autodiscover.domain.com, the Outlook client does not successfully make a connection to it and you get a certificate error.The certificate you see pop up in Outlook during the error isn’t even the certificate that is located on Exchange.To have multiple names in our certificate, we will need a Unified Communications Certificate that is provided by various vendors.So let’s say we want our Net BIOS name on our certificate, FQDN of CAS, our OWA FQDN, and our Autodiscover name, we’d have the following FQDNs on our certificate.What happens if we are on the corporate network and are not domain joined or we are external to the network and don’t have AD connectivity?
Again, don’t forget that it’ll get a list of all SCPs for all CAS servers in your environment and use one at random.
are a very tricky subject which depends a lot on your environment.
I will provide general information while also providing real world guidance.
Essentially, what happens when we don’t have access to Active Directory?
Because our Outlook clients don’t have access to Active Directory, we cannot obtain the Autodiscover Serviceinternal URI since the client can’t get to the SCP record.
Every time a CAS Server is installed, it will register this SCP record within Active Directory in the following location: CN=Autodiscover, CN=Protocols, CN=, CN=Servers, CN=Exchange Administrative Group, CN=Administrative Groups, CN=First Organization, CN=Microsoft Exchange, CN=Services When an Outlook client has the ability to find this record because they are domain joined and on the internal network, they will locate all SCP records and will choose the oldest SCP.