question

phuongnguyenvan avatar image
0 Votes"
phuongnguyenvan asked phuongnguyenvan commented

SCP-Autodiscover for two exchange Server

Hi MS, I just installed 2 EXchange 2016 CU20
Domain local: nvp.lab
Domain Public: nvp.vn
EX1.nvp.lab: 10.10.10.1 (Databases: DB1)
EX2.nvp.lab: 10.10.10.2 (Database: DB2)
I configured Ex1, SCP:
Get-ClientAccessService -identity EX1 | Set-ClientAccessService -AutoDiscoverServiceInternalUri https://autodiscover.nvp.vn/Autodiscover/Autodiscover.xml
Get-ClientAccessService -identity EX2 | Set-ClientAccessService -AutoDiscoverServiceInternalUri https://autodiscover.nvp.vn/Autodiscover/Autodiscover.xml
DNS local config : Autodiscover-> 10.10.10.1
I have user U1-> Belongs to DB1 of EX01 currently I am configuring only 1 server ex01, virtual Directory, owa, SCP,.. ex02 not yet
My CA public configuration ok My problem with domain local join machine when running MS outlook user u1 pop up CA SSL connection of Server EX02.nvp.lab saying do not trust. Apparently u1 on DB01 of Ex01 but reported server Ex02. As shown below.
105615-2021-06-15-9-00-31.jpg
My question is how to configure SCP, Autodiscover for 2 servers ex01, ex02 so that there is no error.
1/ SCP both Ex01, ex02 are audiscover.nvp.vn and point to 2 ips of 2 hosts (autodiscover.nvp.vn -> 10.10.10.1/2) and has the form https://autodiscover.nvp.vn/Autodiscover/Autodiscover.xml
2/ SCP Ex01: https://autodiscover-ex1.nvp.vn/Autodiscover/Autodiscover.xml and SCP Ex02: https://autodiscover-ex2.nvp.vn/Autodiscover/Autodiscover.xml
Should I configure to 1 or 2 and Mail also created 2 records because of preparing more classes for the upcoming DAG
mail.nvp.vn-> ip1 EX01
mail.nvp.vn->ip2 EX02
or mail1.nvp.vn->ip1 EX01
mail2.nvp.vn->ip2 EX02
Thanks


office-exchange-server-connectivity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ZhengqiLou-MSFT avatar image
0 Votes"
ZhengqiLou-MSFT answered phuongnguyenvan commented

Hi @phuongnguyenvan ,

To solve the certificate warning, you can buy a third-party business certificate or import this cert to the Trusted Root: click View Certificate > Install Certificate > Local Machine > Manually Choose the Certificate store > Trusted Root Certification Authorities.
Well I guess that's not what you want.

The most import question I think, is what the Domain public and Domain local are, what's the difference, and also where you installed the Exchange server.

You can open the EAC and check other Virtual Directory's internal URL:
105923-image.png

So my AutodiscoverInternalURI should be like this:

 Get-ClientAccessService -identity EX1 | Set-ClientAccessService -AutoDiscoverServiceInternalUri https://ex1.contoso.com/Autodiscover/Autodiscover.xml

Replace ex1.contoso.com with your FQDN.

To check if the URL is available or not, you could copy it to a browser to see if you could login and get a 600 error like:
105977-image.png

For your other questions, I'm sorry that I don't clearly understand what 's the point. If you wanna use both of these URLs, use the command again

 Get-ClientAccessService -identity EX1 | Set-ClientAccessService -AutoDiscoverServiceInternalUri https://ex1.nvp.lab/Autodiscover/Autodiscover.xml
 Get-ClientAccessService -identity EX2 | Set-ClientAccessService -AutoDiscoverServiceInternalUri https://ex2.nvp.lab/Autodiscover/Autodiscover.xml

Actually it's a default setting of SCP, and you don't have to modify.

For the DNS question, I think I should first make sure the above question.
As you are going to use the DAG, I think you could deploy the Round robin:

Public DNS:
A: Mail.domain.com -> Public IP (If you have multiple Public IPs for these servers, add corresponding A records)
CNAME: Autodiscover.domain.com : Mail.domain.com
MX: Domain.com -> Mail.domain.com

Internal DNS:
A: Mail.domain.com -> Internal IP EX1
A: Mail.domain.com -> Internal IP EX2
A: Autodiscover.domain.com -> Internal IP EX1
A: Autodiscover.domain.com -> Internal IP EX2

Best regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


image.png (52.3 KiB)
image.png (22.6 KiB)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @phuongnguyenvan

Do the suggestions above help? If the issue has been resolved, please click “Accept as answer” to mark helpful reply as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well.

Regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·

@ZhengqiLou-MSFT,
Thanks for Advise
I have config ok about autodiscover
Currently my 2 servers have scp both pointing to the same domain https://autodiscover.nvp.vn/Autodiscover/Autodiscover.xml
If you want to scp each exchange server 01, 02 default like you
local users who join the domain will report an error about CA issues when they use MS Outlook

I have configured Split-DNS single name base nvp.vn on internal DNS (Autodiscover->A, Mail.nvp.vn->ip email)
Do I need to create an additional SRV nvp.lab _autodiscover.tcp. port 443=> mail.nvp.vn
Thanks

0 Votes 0 ·

Hi @phuongnguyenvan ,

Glad to know the issue was resolved :)

And as the autodiscover is now working correctly and you have set the DNS record Autodiscover -> A, I think you don't have to create a SRV record for autodiscover.

Best regards,
Lou

1 Vote 1 ·

Hi @ZhengqiLou-MSFT,
Thanks so much again,

1 Vote 1 ·