Exchange Autodiscover and Multiple Domains

This entry was posted by on Tuesday, 18 May, 2010 at

The Autodiscover service makes it easier to configure Outlook 2007 or Outlook 2010 and some mobile phones. You can’t use the Autodiscover service with earlier versions of Outlook, including Outlook 2003. In earlier versions of Microsoft Exchange (Exchange 2003 SP2 or earlier) and Outlook (Outlook 2003 or earlier), you had to configure all user profiles manually to access Exchange.

The Autodiscover service does the following:

  • Automatically configures user profile settings for clients running Microsoft Office Outlook 2007 or Outlook 2010, as well as supported mobile phones. Phones running Windows Mobile 6.1 or a later version are supported. If your phone isn’t a Windows Mobile phone, check your mobile phone documentation to see if it’s supported.
  • Provides access to Exchange features for Outlook 2007 or Outlook 2010 clients that are connected to your Exchange messaging environment. (Offline Addressbook, Out Of Office, ect)
  • Uses a user’s e-mail address and password to provide profile settings to Outlook 2007 or Outlook 2010 clients and supported mobile phones. If the Outlook client is joined to a domain, the user’s domain account is used.

How does Outlook/Entourage check for autodiscover functionality?

  1. Autodiscover check https://<smtpdomain>/Autodiscover/Autodiscover.xml.
  2. Autodiscover check https://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml.
  3. Autodiscover check http://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml.
  4. Autodiscover check for SRV lookup for _autodiscover._tcp.<smtpdomain>.

When you have multiple domains configured for your users. You must redirect your autodiscover functionality to your primary SMTP domain. You can use these different methods:

Method Pros Cons
1) 1 Single-name SSL Certificate with DNS SRV Lookup. – Simple configuration- Requires only 1 website and 1 public IP.- Only requires 1 single-name SSL certificate – Not all DNS hosting providers support DNS SRV records.- Additional dialog is displayed to the Outlook users asking if they trust the redirected URL. It ask you to don’t display it anymore if you want.  – Requires Outlook 2007 client-side hotfix.
2) 1 SSL Certificate that is valid for multiple DNS names (or Subject Alternative Names) – Simple configuration- Requires only one Certificate.- Requires only 1 website and 1 public IP. – Cost of additional DNS names for SSL Certificates can be more expensive.
3) 2 single-name SSL Certificates (one specifically for autodiscover). – 2 single-name certificates may be less costly than a certificate with multiple names. – Complex configuration. – Requires 2 websites and 2 Public IP’s.- Difficult to load balance 2 sites.
4) 1 single-name SSL Certificate with a second HTTP redirection website. – Only requires 1 single-name SSL certificate. – Complex configuration. – Requires 2 websites and 2 Public IP’s.- Difficult to load balance 2 sites.

– Additional dialog is displayed to the Outlook users asking if they trust the redirected URL. It ask you to don’t display it anymore if you want.  

I will explain how you can use a srv record.

1. DNS SRV Record (Service record)

 When you use a SRV record your clients must have update 939184 installed for office 2007 clients. ((http://support.microsoft.com/kb/939184/ ) Description of the update rollup for Outlook 2007: June 27, 2007). It’s included in Service pack 1.

In your srv record you can redirect your autodicover srv record from your subdomain to your primairy domain. To do this you don’t need difficult certificate constructions. One certificate for your primaire domain is needed.

How configure a SRV record to redirect:

If you are using Windows DNS, the steps to create an SRV Record are as follows:

  1. Open the DNS Management MMC snap-in.
  2. Expand Forward Lookup Zones.
  3. Locate and right-click the external DNS zone, and then click Other New Records.
  4. Click Service Location (SRV).
  5. Enter the parameters by using the required values.
  6. Click OK.

SRV record

1.  Service: _autodiscover

2.  Protocol: _tcp

3.  Port Number: 443

4.  Host: autodiscover.<primairy smtp domain>.

Example

Redirect smtp domain contoso.nl to contoso.com

Make a new srv record: _autodiscover._tcp.contoso.nl. with these settings:

_autodiscover._tcp.contoso.nl. 0  0 443 autodiscover.contoso.com.

Remember that it must end with the .

Check your settings with nslookup

Nslookup->

Set type=all

_autodiscover._tcp.contoso.nl

_autodiscover._tcp.contoso.nl SRV service location:

 priority       = 0

weight         = 0

port           = 443

svr hostname   = autodiscover.contoso.com  

Tags: , , ,
Category: Autodiscover
You can follow any responses to this entry via RSS.
You can leave a comment or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.