Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How does Autodiscover works for external clients?

Posted on 2010-09-17
8
1,128 Views
Last Modified: 2012-05-10
Hi

We have an Exchange 2007 server published over internet with a public IP and DNS records. Do we need to register a DNS record for Autodiscover in order to make it available for external clients? If yes, what type of DNS record required?

Regards,
0
Comment
Question by:imranrft
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 5

Accepted Solution

by:
OrcaKnight earned 32 total points
ID: 33705627
You do need a DNS record, usually a subdomain, for autodiscover.domainname.org, but in order for Exchange to properly get the Autodiscover settings,et al., you need to purchase an SSL certificate with multiple names in it. The cert needs to have your internal domain name, your external domainname if you host a secure website, your email server internal domain name, your external mail domain name, the hostname of the internal email server and the autodiscover. As an Example:

domainname.org
mail.domainname.org
domainname.local
exchangesvr,domainname.local
autodiscover.domainname.org
exchangesvr

The reason you put in the internal server name is that you use it for authenticating internal Outlook client's easier, and you require it for standard RPC over HTTP proxy.
0
 

Author Comment

by:imranrft
ID: 33705732
So, a wildcard certificate will be OK?

And how can we buy a certificate with many names in it? I mean, do the certificate providers give us the flexibility to add multiple names?

0
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 62 total points
ID: 33705917

There are two ways to make Autodiscover work.

The first (and most common method) is a DNS A or CNAME record - autodiscover - which maps to the public IP/alias of your outward facing Client Access Server/farm.

The second is to use a DNS SRV resource record to reference the location of the autodiscover services - this is a good workaround to the multi-name certificate requirement, but it causes many, many issues particularly down to the fact many DNS providers do not support SRV records. For a minimal expense, you can upgrade to a SAN/UC certificate and save the hassle of ever needing the SRV record approach.

>> how can we buy a certificate with many names in it? I mean, do the certificate providers give us the flexibility to add multiple names

Most major suppliers offer what is known as a SAN (Subject Alternative Name) - also known as UC (Unified Communications) - certificate. These can have multiple names listed and have a "default" name (the common name) used for any device which does not support the SAN format. The common name should always be your main public OWA/Exchange ActiveSync URL - if a mobile device, for example, cannot read SANs, it is less likely to have SSL issues in this set up.

The SAN names noted above are the general recommendation. You do not NEED internal server names on the certificate (I always set mine up without them, so the certificate is not server dependent). However, using internal names makes it easier and eliminates the hassle of playing with URLs in Exchange Powershell.

GoDaddy, and their many affiliates, offer SAN/UC certificates at an affordable price.

>> a wildcard certificate will be OK

Wildcard certificates work to a point. They will cover your back for autodiscover.domain.com and mail.domain.com. They will not be valid for the internal server and domain names, so some URLs on Virtual Directories might need updating if you don't want Outlook 2007+ showing certificate prompts internally. Also, be aware that Windows Mobile 5 devices did not support wildcard certificates, making it a particular sticking point back then. There may be other devices on the market today in a similar position.

-Matt
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 9

Expert Comment

by:Raghuv
ID: 33707790
I would strongly recommend you to read the below Autodiscover Whitepaper as it gives all the options to configure Autodiscover over the Internet and it also explains how to configure the same.

White Paper: Exchange 2007 Autodiscover Service
http://technet.microsoft.com/en-us/library/bb332063%28EXCHG.80%29.aspx
0
 
LVL 9

Assisted Solution

by:Raghuv
Raghuv earned 31 total points
ID: 33707793
And regards to Wild card certificate, Matt has already explained you about it. Also you can refer to the below article,

Wildcard Certificate Causes Client Connectivity Issues for Outlook Anywhere
http://technet.microsoft.com/en-us/library/cc535023%28EXCHG.80%29.aspx
0
 

Author Comment

by:imranrft
ID: 33715468
Thanks for the info guys.

By the way, what is needed to make AutoDiscover work internally in the first place?
0
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 62 total points
ID: 33719841

Autodiscover is a rather complex system, but at a high level you need to ensure the appropriate DNS records are created *and can be accessed* internally.

Also, you must ensure a valid third-party (trusted) SSL certificate is in place on the Exchange Server and that your virtual directory URLs are correct. If the URLs on the VDirs are incorrect, autodiscover will publish incorrect information which will cause issues with the availability service, Out of Office assistant, OAB downloads and many other things.

-Matt
0
 

Author Closing Comment

by:imranrft
ID: 33760643
All of you!

Thank you very much for the help..
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question