• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 536
  • Last Modified:

Exchange 2007 autodiscovery


Ive just realized that our Exchange 2007 clients environments, those using outlook 2007 and higher (inside the lan) are getting their proxy settings automatically set. Even if I uncheck the option and restart outlook same thing happens.

Ive now found this is related to outlook-provider and outlook anywhere.

What are the downsides of disabling the outlook provider ?

btw, they get a certificate error but I dont know why. there's a certificate for mail.domain.com  I dont even understand what's the reason for that error. proxy settings pint to remote.domain.com but there's no remote A record for remote. So where's outlook actually looking for that certificate ? I mean, it shouldnt even look for domain.com from inside the network !!!

Thanks for any help.
Diego
0
reliantcorp
Asked:
reliantcorp
  • 4
  • 4
  • 3
  • +2
2 Solutions
 
thecomputerdocsCommented:
Sounds like you might have a Group Policy set. Check out this article.
http://www.bictt.com/blogs/bictt.php/2011/01/09/outlook-anywhere-automatically-changes-proxy-settings

Re: the certificate error, you'll need to install your untrusted certificate to not have the cert error from coming up. http://support.microsoft.com/kb/940726
0
 
Cris HannaCommented:
Are you running SBS 2008 or SBS 2011?
0
 
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
You need a third party cert with mail.domain,com and autodiscover.domain.com as the entires. Buy a SAN/UCC certificate.

Then, re-configure Exchange web services urls including autodiscover.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
reliantcorpAuthor Commented:
We have SBS 2008 running

The cert with the entiers is ok. But the thing is I dont want any internal outlook profile/user to look for autodiscover.domain.com . Or to get their proxy settings autoconfigured for that matter.
0
 
praveenkumare_spCommented:
inside the network clints try to go to SCP to get their autodiscover settings

type get-clientaccessserver | fl *autodiscover*

to see your scp value
0
 
Cris HannaCommented:
in order to assist you better, it would help to understand your environment better
It would seem from your comments that you are not using Exchange for email, yet you are using Outlook but want it to point somewhere else for mail and thus you don't want the auto setup?
0
 
reliantcorpAuthor Commented:

Yes, we are using Exchange for email. The thing is I don't see the point in using autodiscovery (and having the proxy settings autoconfigured) for internal users.

I now know I can remove the EXPR outlook provider. Question is, can I disabel that only for internal users and not external ?
0
 
Cris HannaCommented:
Actually the purpose (and benefit) is to all user to setup Outlook for the first time without IT help.
That alone should be huge

I understand you would like to stop the behavior but I'm not clear on what issue it's causing by being enabled.

It also sounds like you have a certificate mismatch?   you say you have a cert for mail.domain.com ?
Did you install the cert using the trusted third part cert wizard?   Is the cert from Go Daddy?

When you ran the "Setup my Internet Address Wizard", when you got to the box to enter your domain name, did you click on the advanced link below the box where you entered the domain name and change remote to mail?
0
 
praveenkumare_spCommented:
u can go ahead and modify because
 
•The EXCH setting references the Exchange RPC protocol that is used internally. This setting includes port settings and the internal URLs for the Exchange services that you have enabled.

•The EXPR setting references the Exchange HTTP protocol that is used by Outlook Anywhere. This setting includes the external URLs for the Exchange services that you have enabled, which are used by clients that access Exchange from the Internet.
0
 
praveenkumare_spCommented:
but remeber modifying EXPR will affect ur external users
0
 
reliantcorpAuthor Commented:
Chris:

I guess I can fix the cert problem just by doing the following:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://correctexternaldomain.com/autodiscover/autodiscover.xml 

Let me correct my previous words. What I meant is I don't see the point about having internal users to use the "EXPR outlook connector" (proxy) from autodiscovery. But like "praveenkumare_sp" said it looks like there's no way to disable it just for internal users.

The published proxy address is not even correct so I don't know how those internal clients are even working.

To make it short, by getting rid of the EXPR outlook provider I'll fix the problem but external users will have to manually configure their exchange settings.

Another strange thing I've seen is that not all of our clients (using outlook 2007 and exchange 2007) are getting proxy settings. And I have not disabled the EXPR outlook provider so far on any server.
0
 
Cris HannaCommented:
I'm providing some links regarding SBS and Autodiscover which may give you greater insite and help you through the issues you're having

First, if this is your first experience with SBS...there is one rule to live by...Use the Wizards...if they exist...use them.  SBS because of it's integrated nature doesn't always respond well to using some of the standard methods for doing things.   I would suggest running the wizard again as I pointed out to fix the cert and IIS setup

Secondly a blog from Sean Daniels on using Autodiscover and SBS http://sbs.seandaniel.com/2008/10/autodiscover-and-outlook-anywhere.html

If you want lots of detail on Autodiscover - Heres the technet library article http://technet.microsoft.com/en-us/library/bb232838(EXCHG.80).aspx

Susan Bradley, another SBS MVP and affectionately known as the SBS Diva has a blog post on SBS and Autodiscover  http://msmvps.com/blogs/bradley/archive/2008/12/18/autodiscover-and-dns.aspx

Finally Third Tier. net which is staffed by a number of SBS and other MVPs also has a blog post on Autodiscover and SBS found here http://www.thirdtier.net/2009/02/setting-up-an-external-autodiscover-record-for-sbs-2008/
0
 
praveenkumare_spCommented:
you got it right reliantcorp: :)
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 4
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now