Exchange 2010 autodiscover url2/17/2022 Would changing this to .uk fix my Outlook certificate errors? When I run Get-ClientAccessServer | fl *uri*, I get (Further down, under ‘Protocol Exchange HTTP’ all FQDN’s are .uk)įollowing the steps in your blog, I see ServiceBindingInformation = When I run ‘test email auto-configuration’ from Outlook internally, I get the following I am now trying to figure out what is referencing as I believe solving that will remove the certificate warnings. Since applying the certificate, domain-joined Outlook users receive warnings saying the certificate name does not match the server name. Instead, the certificate just contained .uk and .uk The renewal could no longer contain the FQDN of our internal Exchange server () as this was not permitted. I recently renewed our Exchange UCC SSL certificate. Within EMC 2010 > Server Configuration > Client Access > All URL’s appear the same for external and internal access. We have a single Exchange 2010 server with all roles and no TMG or reverse proxy. Our internal name is company.local and externally it is .uk We have split-DNS working well internally. I found your blog whilst trying to better understand the autodiscover feature, particularly in a split-DNS environment as we have. After the client obtains and enumerates the instances of the Autodiscover service, it connects to the first Client Access server in the enumerated list and obtains the profile information in the form of XML data that is needed to connect to the user’s mailbox and available Exchange features. When using a domain joined client, Outlook 2007+ client authenticates to Active Directory and tries to locate the SCP objects by using the user’s credentials. By default, this attribute specifies the Active Directory site to which the Client Access server belongs. The “keywords” attribute specifies the Active Directory sites to which this SCP record is associated. It is this url which internal Outlook client uses to connect to the mailbox and other Exchange features published using autodiscover. This url is mostly changed to one that is covered by the SAN/UCC certificate. The “serviceBindingInformation” attribute has the Fully Qualified Domain Name (FQDN) of the Client Access server in the form of, where is the FQDN of the CAS server. If you right click and take the properties of the SCP object (Attribute Editor tab), it contains two two pieces of information which is of interest, the “serviceBindingInformation” attribute and the “keywords” attribute. You will have a list of SCPs if you have more than one CAS server in your environment. Where can I find SCP? You can view the SCP object using Active Directory Sites and Services, after you have enabled the “View Services Node” option from the “View” tab. The SCP object is used by domain joined clients to locate the Autodiscover service. Whenever a client access server is installed, a new service connection point (SCP) Active Directory object is created for that server. What is SCP and where can I find it? What is it used for? These are some of the questions that need clarification. Every Exchange administrator will have heard the term “Service Connection Point” or SCP when autodiscover is mentioned.
0 Comments
Leave a Reply.AuthorNicole ArchivesCategories |