The auto discover feature is really cool but it will give you this error
Why?, Simple, the FQDN is in the certificate that is installed by default. So if you want this to work without any errors you need to replace the certificate with a certificate that also have that name.
In the default certificate Microsoft includes the following name by default, externaldomain.com, remote.externaldomain.com and server.internaldomain.local and we need to put the back in again plus the new name autodiscover.externaldomain.com
So this is how you do
- On the SBS server run MMC.EXE and add the snap-in for Certificates and for certificate templates.
- Change the permission on the “Web Server” certificate template and allow the SBS server to “Enroll”
- Click on Certificates (Local Computer) and open “Personal – Certificates”
- Right click “All Tasks – Request New Certificate”
- Select “Web Server”
- Select Subject Name: as Common name with the value of the external name (remote.externaldomain.com)
- Select Alternative name: as DNS and add all the names you would like to have.
plus others if you would like to have…
- Hit OK and select Enroll
Now you can open IIS Admin, open the SBS Web Application site, and change the certificate by opening “Bindings” and look for 443. Select Edit and change the certificate. You will se at least two certificates with the same name. With the view function you can see the names in the certificates.
Note. This will not destroy or delete your existing certificate, if you want you can always switch back.
There is of course one other way to fix this issue and that is to change in the external DNS. The SBS Diva has a really nice post about this if you prefer to do it in DNS instead
MCT, MVP Windows Server – Setup/Deployment
Leave a Reply