Resolving Outlook Certificate Errors

How to solve problems with Exchange Autodiscover. Certificate Error issues in particular.

Continue Reading →

Hardening Microsoft Solutions from Attacks

Take a minute to go over this post from Dirk-jan Mollema. Go ahead and read it. I’ll wait…

Did you realize how scary that kind of attack is? As an IT guy who specializes in Exchange server and loves studying security, that article scared the snot out of me. Based on my experience with organizations of all sizes I can say with a good bit of authority that almost every Exchange organization out there is probably vulnerable to this attack.…

Continue Reading →

Resolving the Internal and External DNS zone Dilemma with Pinpoint DNS

Here’s an interesting trick that might help you resolve some of your DNS management woes, particularly if you have a different Public and Private DNS zone in your environment. For instance, you have a domain name of whatever.com externally, but use whatever.local internally. When your DNS is set up like that, all attempts to access systems using the whatever.com domain name will default to using the external, Public IP addresses assigned in that DNS zone.…

Continue Reading →

ADFS or Password Sync: Which one do you use?

I’ve run into a number of people who get confused about this subject when trying to determine how to get their On-Prem accounts and Office 365 synced and working properly. Most often, people are making a comment somewhere that says, “Just use Password sync, it’s just as good and doesn’t require a server,” or something similar.…

Continue Reading →

Exchange Autodiscover – The Active Directory SCP

In a previous post I explained how you can use a SRV record to resolve certificate issues with Autodiscover when your Internal domain isn’t the same as your Email domain. This time, I’m going to explain how to fix things by making changes to Exchange and Active Directory that will allow things to function normally without having to use a SRV record or any DNS records at all, for that matter.…

Continue Reading →

Office 365, ADFS, and SQL

He’s an issue I’ve just run into that there doesn’t seem to be a good answer to on the Internet. When you are building a highly available ADFS farm to enable Single Sign On for Office 365, should you use the Windows Integrated Database (WID) that comes with Windows Server or store the ADFS Configuration on a SQL server?…

Continue Reading →

Configuring Autodiscover for Internal DNS

The Issue

Ever since Outlook 2016 was released, Autodiscover has been a necessity, rather than an option.

Autodiscover allows any Mail Client that connects to Exchange server to configure the appropriate settings for communication so you don’t have to input everything manually. It’s very handy, but can cause certificate errors if not configured correctly. One issue you may run into occurs most often with Exchange Organizations with non public DNS domains like domain.local.…

Continue Reading →