Hi,
First apologies because I am half-reposting here.
I'm trying to find the correct way to configure our internal Outlook 2010 clients with our SBS 2011 server. Outlook began giving security alerts to users about the certificate it was receiving. I had created an SRV record that pointed to the public name
for our SBS server, remote.mydomain.com. Our SSL certificate refers to that host and so OWA and ActiveSync users can connect without a problem from outside. The issue we're experiencing is that our firewall is not going to allow clients from inside our network
to route out and back in again. It flashes this warning if I try to connect to https://remote.mydomain.com
Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
The certificate that the client receives is completely wrong, it doesn't come from our SBS server.
What's more, I'd rather not have traffic, SSL or otherwise, route out of the network and back in again. It's hardly efficient. So the question what is the correct practise in this case?
If I change the SRV record to the internal hostname the users get a certificate errors because the certificate was created for it's remote CNAME alias.
If I create a self-signed certificate and, following the instructions given inKB 940726, assign just to the AutodiscoverServiceInternalUri, will it cause issues for the external users? Is autodiscover just for internal usage?
Thanks in advance,
Dermot.
