I'm absorbing a company into our exchange and added them as an accepted domain.  There current certificate is pretty standard mail and autodiscover SAN names.  Currently RPC over http is not working correctly and that is to be expected since I pointed there DNS record for autodiscover to my server.  I don't have autodiscover.theircompany.com in my certificate, so it's trying to resolve a name that doesn't exist.  My question is should I add a SAN name for autodiscover.theircompany.com to get RPC over HTTP to work correctly?

My SAN names would then look like this: 

mail.mycompany.com

autodiscover.mycompany.com

legacy.mycompany.com

autodiscover.theircompany.com

Would this be accurate or is there a better method?

Thanks!

Hi minor,

you do not need to worry about SAN if you used the SRV record for autodiscover.

http://blogs.technet.com/b/rmilne/archive/2014/10/02/how-to-check-exchange-autodiscover-srv-record-using-nslookup.aspx

So if you already had

mail.mycompany.com
autodiscover.mycompany.com
legacy.mycompany.com

on your certificate I suggest to not add another  SAN entry, just create a new SRV record _autodiscover._tcp.theirdomain.com in your DNS zone with the following information:

• Service_autodiscover

• Protocol_tcp

• Name   theirdomain.com

• priority 10

• Port443

• Targetmail.mycompany.com


• TTL   10

Priority and TTL need to be adjusted to your needs. So you can use your existing certificate also for the new domain.

Regards,
Martin