I have a single public address.
Port 443 is mapped on the firewall to the direct access server. Port 8443 is mapped to the exchange client access server.
The direct access server presents a certificate with the subject name of "connect.domain.com". I have created a new website on the exchange client access server on port 8443 and have created the exchange virtual directories on the new website. The exchange services present a certificate with the subject name of "mail.domain.com"
I have created a SRV record of _autodiscover._tcp.domain.com in the external DNS. the SRV record resolves to a host called mail.domain.com and port 8443. mail.domain.com resolves to the external address of the firewall. I do not have a autodiscover.domain.com record in the external DNS.
My expectation is that Outlook anywhere clients should connect to my firewall at port 8443 because of the SRV record. However I can see it connecting at port 443, as the client warns about a name mismatch because it receives the direct access certificate and does not connect.
Is the port number from the SRV record ignored by clients?
thanks,
-Ravi