Solved

Autodiscover for Multiple Domains

Posted on 2009-07-16
14
2,848 Views
Last Modified: 2012-05-07
Hi All,

We have a hosted exchange environment where we are providing hosted email service for multiple clients/domain names. Client domain are not hosted with us just their emails.

At present we have to create a autodiscover SRV record on each client's site on their local (internal dns server) and then autodiscover works for them.

Is there a way we can avoid this srv record entry at each client's site (internal DNS Server) and still be able to provide autodiscover service.

I am fairly new to the exchange world and thus struggling :-)

Any help would be appreciated .

Thanks
Ali
0
Comment
Question by:mutahir
14 Comments
 
LVL 8

Assisted Solution

by:XCHExpert
XCHExpert earned 100 total points
ID: 24868887
0
 
LVL 22

Author Comment

by:mutahir
ID: 24869264
Thanks for the links  ; I have already read them weeks ago ;
Is website redirect the only method ? Does that mean that we don't have to add any other records at client or client's domain hosting site ?
I am looking for some Exchange Expert advise and or any other possible ways to achieve this.
 
0
 
LVL 4

Expert Comment

by:Adraenyse
ID: 24869744
If you want to avoid mangling DNS and purchasing extra certificates, then yes, scenario #4 is the way to go. I personally run scenario #4 in our data center.

I have one autodiscover web site setup under IIS on the Exchange 2007 machine, and then all I need is an A record for autodiscover.domain.com on the client's side. It doesn't matter if we host the domain, or they do, as long as that one A record gets created, it works. Since all the clients are pointing to the same Exchange server, they can all use the same autodiscover website as the autodiscover.xml will be the same.

The only one item that appears to the client is the first time connecting when using Outlook 2007 (doesn't happen with 2000/2003) is a warning will appear saying a different website than expected is atttempting to configure the account. As long as you click the check box for bugger off and press Allow, it will never come back and will function properly.

I just finished setting up two union halls with this method and was very pleased with the results. The only certificate I had to buy was for the server as a whole.

Caveat: Using older Windows Mobile phones or other active sync devices may cause you issues with this method. For example, iPhone mail version 2 attempts to use Autodiscover to find the server itself and doesn't let you specify it, then complains like mad about the "bad certificate" and won't let you proceed. Mail version 3 however lets you specify the server and gets around this issue, as we just added two new iPhones this week to our shared Exchange and they are going great.

Hope that helps
Adrae
0
 
LVL 22

Author Comment

by:mutahir
ID: 24873361
Thanks Adraenyse for your detailed guidance.
I will try your suggestion ;
I am starting to dig deep into Exchange, my understanding is :
If one has outlook 2007 installed, if exchange server 2007 is configured correctly with rpc over https (outlook anywhere) and outlook autodiscover is setup properly (one domain only)
then all I would need is to type the email address of the user and password and it would automatically discover the server name and rest off the OA autodiscover settings ?
so, on a client machine I would go into control panel > Mail > create a new profile and that would be it.
also, the instructions at technet scenario 4 (for hosted services) doesn't tells to create A record at client's internal dns for outlook autodiscover ?
Much appreciated
Kind Regards
0
 
LVL 4

Accepted Solution

by:
Adraenyse earned 400 total points
ID: 24873836
then all I would need is to type the email address of the user and password and it would automatically discover the server name and rest off the OA autodiscover settings ?
If you have the appropriate UPN setup as the email address for the user yes, otherwise you have to use their active directory account name.

so, on a client machine I would go into control panel > Mail > create a new profile and that would be it.

Here's the steps I need to make mine work

DNS Side

If this is a brand new organization to my Exchange server, then I add

autodiscover.domain.com A 199.xx.xx.xxx
to the domain's DNS zone. Sometimes this is controlled by the client, sometimes it's controlled by us -- but it is required to be there.

(where 199. is the IP of the subsite I have setup in IIS to answer for the autodiscovery queries)

Server side
Add a new user using the Exchange MMC, putting them into the correct mail store and setting their account and UPN information appropriately

Set that user to a custom attribute group #1 which matches their oraganization configuration and address books

Add the user to the security group for the organization

Client side
Mail control panel, add new profile
 Choose Exchange Server
 Supply the internal server name, which is nodexyz.exmail.ourcompany.local
 Supply the mailbox name
 Press More..., and the error appears saying can't connect, dismiss it
 Choose Connection tab
 Turn on Outlook Anywhere proxy, and go into the details button
 Enter in the external facing URL for the Exchange server, which is exchange.ourcompany.net
 Check on Fast networks over TCP/IP
 Leave Slow networks over TCP/IP checked
 Leave authentication as NTLM
 Go back to the Mailbox screen and press Check Name
 Dialog appears to authenticate, I use the email address as I have the UPN's setup
 Check remember
 Server and mailbox underline
 Finish mail control panel
 Launch Outlook
 
Wait for "Allow this site to have it's settings configured by" window to appear (Outlook 2007+ only)
 
Check "Don't ask again" and push Allow. If you don't check "Don't ask again" you will be prompted three times and every time you launch Outlook. If you push Deny, you'll break functionality.
 
 The fact that the redirected settings window appears confirms that Autodiscover is working properly. There is a delay from the time Outlook launches to the window coming up because the redirect is the LAST method Outlook will try, so the first three have to time out.

For reference, my Exchange Hosting setup was done following the guide at http://www.kortekservices.com/lyle/

Hope that helps
Adrae
0
 
LVL 22

Author Comment

by:mutahir
ID: 24878538
Hi Adrae,

Thank you so much for your detailed response ;

For Autodiscover in a hosted environment I would :

Create a new autodiscover website for every new organization (clients) in our IIS7 and then redirect it to the original autodiscover website ?

Hope I am getting it right

Kind Regards
0
 
LVL 4

Expert Comment

by:Adraenyse
ID: 24881354
Create one for clients yes, but not one for every single client. It's not necessary unless you intend to point that pariticular client to a different exchange server.

if all the clients are on the same exchange server then all you need is a site that answers for autodiscover.domain.com and have it's autodiscover/autodisover.xml file work as a redirect to the main one under the Exchange app pool.

Just gott back from the dentist and I'm very sedated, if that didn't make sense I'll clarify later
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 22

Author Comment

by:mutahir
ID: 24885671
Hi Adrae,
Thank you for your replies and hope you get well soon ;
I think I have understood but I will lay out the scenario again for your confirmation :
our domain is hosterdomain.com
we have several clients with their own email domains for e.g. companya.com and companyb.com
Now, to implement the solution I would :
a)  Create one autodiscover redirect on hosterdomain.com webserver (One time configuration server side)
b) Now for every new client , we would just create a "A" record in the client's local DNS server to point to autodiscover.hosterdomain.com/autodiscover.xml
Hope I am right.
Thanks and Regards
0
 
LVL 4

Expert Comment

by:Adraenyse
ID: 24887050
Yes, but you don't put the /autodiscover bit in your A record.

I think you've got it, but I'll be real explicit here:

Your A record would be
autodiscover.companya.com A xx.xx.xx.xx
where the xx is the IP that matches your one-time autodiscover setup

Then inside of IIS you would create a folder called autodiscover
Then inside of that folder you'd create a redirect for the file autodiscover.xml to point to
www.hosterdomain.com/autodiscover/autodiscover.xml
back on your exchange server

Hope that helps
Adrae
0
 
LVL 22

Author Comment

by:mutahir
ID: 24887089
Thank you so much Adrae ;
The IIS Redirect is a one time server side configuration (Got that clealry - Thank you)
---------------------------------------------------------------------------------------------------
"Your A record would be
autodiscover.companya.com A xx.xx.xx.xx
where the xx is the IP that matches your one-time autodiscover setup"
---------------------------------------------------------------------------------------------------
DNS A Record :
Would that be created on the client's internal DNS Server or in our DNS Server ?
Would we have to create this DNS record every time a client/company is added ?
Kind Regards
 
0
 
LVL 4

Expert Comment

by:Adraenyse
ID: 24887296
It would be created wherever the zone file is for that domain. If you're hosting the domain on your DNS, then you'd create it. If they have it with a third party, then they would need to add the A record to that zone file with the third party.

No different than MX records for email, or the main domain.com A record for the web site.
0
 
LVL 4

Expert Comment

by:Adraenyse
ID: 24887303
And yes, you'd have to create an autodiscover.companyname.com A record for every domain you accept in Exchange. So if one company expected you to answer email for companya.com, companya.net and companya.org, you'd have to create autodiscover.company.com, net and org A records.
0
 

Expert Comment

by:GYeoh
ID: 26502525
I'd like to ask a clarification question regarding this solution.

Lets say I have an A record called "autdiscover.client1.com" that points to the HTTP redirection page on "autodiscover.hoster1.com", and the page redirects to "https://exch1.hoster1.com/".

Every time you open the Outlook client after being successfully configured using the above, I still get a SSL certificate name mismatch prompt.  ie it's still looking for "autodiscover.client1.com" and not "exch1.hoster1.com",  you accept the name mismatch and Outlook works fine from that point onwards.

Is this the way it's meant to happen, and if it is, is there another change that can fix the name mismatch.

Having a client deal with a password prompt is acceptable, but seeing an error in a SSL certificate can make some client nervous.

Thanks in Advance.
0
 

Expert Comment

by:VCSLI
ID: 35073700
I have this same issue and am anxious for a response...
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now