Autodiscover for Multiple Domains

Hi All,

We have a hosted exchange environment where we are providing hosted email service for multiple clients/domain names. Client domain are not hosted with us just their emails.

At present we have to create a autodiscover SRV record on each client's site on their local (internal dns server) and then autodiscover works for them.

Is there a way we can avoid this srv record entry at each client's site (internal DNS Server) and still be able to provide autodiscover service.

I am fairly new to the exchange world and thus struggling :-)

Any help would be appreciated .

LVL 22
Syed Mutahir AliTechnology ConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Syed Mutahir AliTechnology ConsultantAuthor Commented:
Thanks for the links  ; I have already read them weeks ago ;
Is website redirect the only method ? Does that mean that we don't have to add any other records at client or client's domain hosting site ?
I am looking for some Exchange Expert advise and or any other possible ways to achieve this.
If you want to avoid mangling DNS and purchasing extra certificates, then yes, scenario #4 is the way to go. I personally run scenario #4 in our data center.

I have one autodiscover web site setup under IIS on the Exchange 2007 machine, and then all I need is an A record for on the client's side. It doesn't matter if we host the domain, or they do, as long as that one A record gets created, it works. Since all the clients are pointing to the same Exchange server, they can all use the same autodiscover website as the autodiscover.xml will be the same.

The only one item that appears to the client is the first time connecting when using Outlook 2007 (doesn't happen with 2000/2003) is a warning will appear saying a different website than expected is atttempting to configure the account. As long as you click the check box for bugger off and press Allow, it will never come back and will function properly.

I just finished setting up two union halls with this method and was very pleased with the results. The only certificate I had to buy was for the server as a whole.

Caveat: Using older Windows Mobile phones or other active sync devices may cause you issues with this method. For example, iPhone mail version 2 attempts to use Autodiscover to find the server itself and doesn't let you specify it, then complains like mad about the "bad certificate" and won't let you proceed. Mail version 3 however lets you specify the server and gets around this issue, as we just added two new iPhones this week to our shared Exchange and they are going great.

Hope that helps
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Syed Mutahir AliTechnology ConsultantAuthor Commented:
Thanks Adraenyse for your detailed guidance.
I will try your suggestion ;
I am starting to dig deep into Exchange, my understanding is :
If one has outlook 2007 installed, if exchange server 2007 is configured correctly with rpc over https (outlook anywhere) and outlook autodiscover is setup properly (one domain only)
then all I would need is to type the email address of the user and password and it would automatically discover the server name and rest off the OA autodiscover settings ?
so, on a client machine I would go into control panel > Mail > create a new profile and that would be it.
also, the instructions at technet scenario 4 (for hosted services) doesn't tells to create A record at client's internal dns for outlook autodiscover ?
Much appreciated
Kind Regards
then all I would need is to type the email address of the user and password and it would automatically discover the server name and rest off the OA autodiscover settings ?
If you have the appropriate UPN setup as the email address for the user yes, otherwise you have to use their active directory account name.

so, on a client machine I would go into control panel > Mail > create a new profile and that would be it.

Here's the steps I need to make mine work

DNS Side

If this is a brand new organization to my Exchange server, then I add A
to the domain's DNS zone. Sometimes this is controlled by the client, sometimes it's controlled by us -- but it is required to be there.

(where 199. is the IP of the subsite I have setup in IIS to answer for the autodiscovery queries)

Server side
Add a new user using the Exchange MMC, putting them into the correct mail store and setting their account and UPN information appropriately

Set that user to a custom attribute group #1 which matches their oraganization configuration and address books

Add the user to the security group for the organization

Client side
Mail control panel, add new profile
 Choose Exchange Server
 Supply the internal server name, which is nodexyz.exmail.ourcompany.local
 Supply the mailbox name
 Press More..., and the error appears saying can't connect, dismiss it
 Choose Connection tab
 Turn on Outlook Anywhere proxy, and go into the details button
 Enter in the external facing URL for the Exchange server, which is
 Check on Fast networks over TCP/IP
 Leave Slow networks over TCP/IP checked
 Leave authentication as NTLM
 Go back to the Mailbox screen and press Check Name
 Dialog appears to authenticate, I use the email address as I have the UPN's setup
 Check remember
 Server and mailbox underline
 Finish mail control panel
 Launch Outlook
Wait for "Allow this site to have it's settings configured by" window to appear (Outlook 2007+ only)
Check "Don't ask again" and push Allow. If you don't check "Don't ask again" you will be prompted three times and every time you launch Outlook. If you push Deny, you'll break functionality.
 The fact that the redirected settings window appears confirms that Autodiscover is working properly. There is a delay from the time Outlook launches to the window coming up because the redirect is the LAST method Outlook will try, so the first three have to time out.

For reference, my Exchange Hosting setup was done following the guide at

Hope that helps

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Syed Mutahir AliTechnology ConsultantAuthor Commented:
Hi Adrae,

Thank you so much for your detailed response ;

For Autodiscover in a hosted environment I would :

Create a new autodiscover website for every new organization (clients) in our IIS7 and then redirect it to the original autodiscover website ?

Hope I am getting it right

Kind Regards
Create one for clients yes, but not one for every single client. It's not necessary unless you intend to point that pariticular client to a different exchange server.

if all the clients are on the same exchange server then all you need is a site that answers for and have it's autodiscover/autodisover.xml file work as a redirect to the main one under the Exchange app pool.

Just gott back from the dentist and I'm very sedated, if that didn't make sense I'll clarify later
Syed Mutahir AliTechnology ConsultantAuthor Commented:
Hi Adrae,
Thank you for your replies and hope you get well soon ;
I think I have understood but I will lay out the scenario again for your confirmation :
our domain is
we have several clients with their own email domains for e.g. and
Now, to implement the solution I would :
a)  Create one autodiscover redirect on webserver (One time configuration server side)
b) Now for every new client , we would just create a "A" record in the client's local DNS server to point to
Hope I am right.
Thanks and Regards
Yes, but you don't put the /autodiscover bit in your A record.

I think you've got it, but I'll be real explicit here:

Your A record would be A xx.xx.xx.xx
where the xx is the IP that matches your one-time autodiscover setup

Then inside of IIS you would create a folder called autodiscover
Then inside of that folder you'd create a redirect for the file autodiscover.xml to point to
back on your exchange server

Hope that helps
Syed Mutahir AliTechnology ConsultantAuthor Commented:
Thank you so much Adrae ;
The IIS Redirect is a one time server side configuration (Got that clealry - Thank you)
"Your A record would be A xx.xx.xx.xx
where the xx is the IP that matches your one-time autodiscover setup"
DNS A Record :
Would that be created on the client's internal DNS Server or in our DNS Server ?
Would we have to create this DNS record every time a client/company is added ?
Kind Regards
It would be created wherever the zone file is for that domain. If you're hosting the domain on your DNS, then you'd create it. If they have it with a third party, then they would need to add the A record to that zone file with the third party.

No different than MX records for email, or the main A record for the web site.
And yes, you'd have to create an A record for every domain you accept in Exchange. So if one company expected you to answer email for, and, you'd have to create, net and org A records.
I'd like to ask a clarification question regarding this solution.

Lets say I have an A record called "" that points to the HTTP redirection page on "", and the page redirects to "".

Every time you open the Outlook client after being successfully configured using the above, I still get a SSL certificate name mismatch prompt.  ie it's still looking for "" and not "",  you accept the name mismatch and Outlook works fine from that point onwards.

Is this the way it's meant to happen, and if it is, is there another change that can fix the name mismatch.

Having a client deal with a password prompt is acceptable, but seeing an error in a SSL certificate can make some client nervous.

Thanks in Advance.
I have this same issue and am anxious for a response...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.