Solved

How do you stop auto discovery in selected domains.

Posted on 2010-11-24
7
2,929 Views
Last Modified: 2012-05-10
We have just upgraded our MS Exchange Server from 2003 to 2010 (running Hub Transport, CAS and Mailbox roles).  Our AD forest has the root domain (we’ll call Domain A) plus three sub domains (let’s call them B,C,D).  Our clients are running Windows XP and Office 2007.  Only one domain (domain D) currently has exchange server installed however at least domain C did have exchange 2003 at one point in time.  Since the upgrade computers in domain B and C are now asking users for logon credentials to the Exchange server in domain D.  My issue is that users in domain B and C are configured to use exchange servers located in completely separate forest that have one way trust between either domain B or C and the local customer they support.  If the users hit cancel outlook works properly but they are prompted to log into domain D’s Exchange once an hour.  I’m looking for the best way to stop this from occurring while not disrupting the auto discovery/configuration features domain D.   I hope this make sense and I realize it’s confusing but that’s the way this project was setup for various reason.  
0
Comment
Question by:nkean
  • 4
  • 3
7 Comments
 
LVL 10

Expert Comment

by:dhruvarajp
ID: 34214109
all you can do is disable outlook clients to use auto discover

download group plolicies templetes
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=92d8519a-e143-4aee-8f7a-e4bbaeba13e7&displaylang=en

use the Outlk12.adm  file for outlook 2007 and

Take a look at Automatic Profile Configuration:

1.Expand Microsoft Office Outlook 2007
2.Expand Tools | Account Settings
3.Click on Exchange
4.Double click on Automatically configure profile based on Active Directory Primary SMTP Address item
5.The possible values are Not Configured, Enabled and Disabled.

you chose "disabled" . apply this policy on the domain you want to disable autodiscovery

you can not do anything else as the configuration information for exchange is sotred on configuration partition
that is common accross forest.




0
 

Author Comment

by:nkean
ID: 34218677
I tried that and it didn't seem to work.  The users are still getting prompted for username and password.  The hit cancel and everything works again until they get prompted again.  

Are there some logs I should / could be looking at that may give me clues to what's going on?
0
 
LVL 10

Accepted Solution

by:
dhruvarajp earned 500 total points
ID: 34218749
ok.. i thouht so..
here is what you do ..


When Outlook 2007 attempts to contact the Autodiscover service it can use different methods to reach the service, depending on the topology. The currently implemented methods used by Outlook are:

l  SCP lookup

l  HTTPS root domain query

l  HTTPS Autodiscover domain query

l  HTTP redirect method

l  SRV record query

 

To disable each of the above Autodiscover connection methods used by Outlook, please modify the Outlk12.adm file by using the following steps:

a.      Open the Outlk12.adm file in Notepad

b.      Locate the following line in the template

POLICY !!L_AutomaticallyconfigurerofilebasedonActive

c.       Insert a blank-line above this line, and then paste the content below

 

POLICY !!L_Excludeautodiscoverscplookup

KEYNAME Software\Policies\Microsoft\Office\12.0\Outlook\AutoDiscover

VALUENAME ExcludeScpLookup

VALUEON NUMERIC 1

VALUEOFF NUMERIC 0

EXPLAIN !!L_ExcludeautodiscoverscplookupExplain

END POLICY

 

POLICY !!L_Excludeautodiscoverhttpsqueryforrootdomain

KEYNAME Software\Policies\Microsoft\Office\12.0\Outlook\AutoDiscover

VALUENAME ExcludeHttpsRootDomain

VALUEON NUMERIC 1

VALUEOFF NUMERIC 0

EXPLAIN !!L_ExcludeautodiscoverhttpsqueryforrootdomainExplain

END POLICY

 

POLICY !!L_Excludeautodiscoverhttpsqueryforautodiscoverdomain

KEYNAME Software\Policies\Microsoft\Office\12.0\Outlook\AutoDiscover

VALUENAME ExcludeHttpsAutoDiscoverDomain

VALUEON NUMERIC 1

VALUEOFF NUMERIC 0

EXPLAIN !!L_ExcludeautodiscoverhttpsqueryforautodiscoverdomainExplain

END POLICY

 

POLICY !!L_Excludeautodiscoverhttpredirectquery

KEYNAME Software\Policies\Microsoft\Office\12.0\Outlook\AutoDiscover

VALUENAME ExcludeHttpRedirect

VALUEON NUMERIC 1

VALUEOFF NUMERIC 0

EXPLAIN !!L_ExcludeautodiscoverhttpredirectqueryExplain

END POLICY

 

POLICY !!L_Excludeautodiscoversrvrecordquery

KEYNAME Software\Policies\Microsoft\Office\12.0\Outlook\AutoDiscover

VALUENAME ExcludeSrvRecord

VALUEON NUMERIC 1

VALUEOFF NUMERIC 0

EXPLAIN !!L_ExcludeautodiscoversrvrecordqueryExplain

END POLICY

 

d.      Locate the following line in the template

L_AutomaticallyconfigurerofilebasedonActiveExplain="By default, if a user is joined to a domain ...

e.      Insert a blank-line above this line, and then paste the content below

 

L_Excludeautodiscoverscplookup="Exclude the SCP object lookup for Autodiscover"

L_ExcludeautodiscoverscplookupExplain="Enable this policy to stop Outlook from performing an Active Directory query for Service Connection Point (SCP) objects with Autodiscover information."

 

L_Excludeautodiscoverhttpsqueryforrootdomain="Exclude the Autodiscover lookup using a query for the root domain of your primary SMTP address"

L_ExcludeautodiscoverhttpsqueryforrootdomainExplain="Enable this policy to stop Outlook from using the root domain of your primary SMTP address to locate the Autodiscover service. For example, if this policy is enabled, Outlook does not use the following URL:\n\nhttps://<smtp-address-domain>/autodiscover/autodiscover.xml."

 

L_Excludeautodiscoverhttpsqueryforautodiscoverdomain="Exclude the Autodiscover lookup using a query for the Autodiscover domain"

L_ExcludeautodiscoverhttpsqueryforautodiscoverdomainExplain="Enable this policy to stop Outlook from using the Autodiscover domain to locate the Autodiscover service. For example, if this policy is enabled, Outlook does not use the following URL:\n\nhttps://autodiscover.<smtp-address-domain>/autodiscover/autodiscover.xml."

 

L_Excludeautodiscoverhttpredirectquery="Exclude the Autodiscover lookup using the HTTP redirect method"

L_ExcludeautodiscoverhttpredirectqueryExplain="Enable this policy to stop Outlook from using the HTTP redirect method in the event it is unable to reach the Autodiscover service via either of the HTTPS URLs\n\nhttps://<smtp-address-domain>/autodiscover/autodiscover.xml\n\nhttps://autodiscover.<smtp-address-domain>/autodiscover/autodiscover.xml."

 

L_Excludeautodiscoversrvrecordquery="Exclude the Autodiscover query for an SRV record in DNS"

L_ExcludeautodiscoversrvrecordqueryExplain="Enable this policy to stop Outlook from using an SRV record lookup in DNS to locate the Autodiscover service."

 

Notes: When you paste the lines above into the notepad, please remove all the blank-line among them. Otherwise, it’ll cause problems in the GPO Editor

f.        Save and close .adm file

g.      Add the updated .adm file to the GPO Editor

h.      To configure the new policy setting, please go to “Tools | Account Settings - Exchange” node

 

Resources:

Outlook Automatic Account Configuration
0
Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 

Author Comment

by:nkean
ID: 34222748
I got word back today that even after this change the users are still getting prompted.  I guess I may be missing something here still because the clients are already configured users.  Is there a reason Outlook would still be running the auto discovery if the client is configured?

I've also verified that the new GPO is being applied although I'm not sure how to verify that the settings are truly being applied.  That's to say when I do a gpresult it say it's applied but were would I go to verify that the settings in the GPO took inside of outlook?
0
 

Author Comment

by:nkean
ID: 34223388
Looks like I mis-configured the GPO.  I misread what it said and disabled the settings instead of enabling them to stop the auto discovery feature.  Let me see if this does indeed correct our issue and get back to you.
0
 
LVL 10

Expert Comment

by:dhruvarajp
ID: 34223531
ok good luck. i am sure it will work
0
 

Author Comment

by:nkean
ID: 34227154
It worked.  Thanks again for the help.
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Outlook Free & Paid Tools
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now