This new service allows customers to easily configure their own client-side connections to Exchange related services, including: Outlook Anywhere (formerly RPC/HTTP), Offline Address Book (OAB), Unified Messaging, Exchange Web Services, and the ever popular ActiveSync for a new generation of mobile devices. If you are a large company and still teetering on whether or not to deploy Exchange 2007 this feature alone makes the business justification.
Using my best movie preview voice…..
“Imagine a world where your customers can configure their own Outlook clients without need of complex instructions or Helpdesk calls. A world where customers just enter their email address and password, seemlessly connecting securely to their Exchange environment from any mobile device.”
Well pass the popcorn because that day is now here! That is the whole point of the Exchange 2007 Autodiscover Service. Interested yet? Good, the bad news is that I have no intention of walking you through how to setup this service. Truthfully, Autodiscovery is a bit complex to setup and has a multitude of scenarios that you need to research to fit your organization. The good news is there has already been a great deal written on the details of setting up Autodiscovery and I have consolidated many of those links at the end of this article. Feel better now?
What I would like to discuss is that a new scenario recently became supported that allows Outlook 2007 to take advantage of DNS SRV records to locate the autodiscover URL that clients must request to connect to Exchange’s Edge or ISA firewall. The beauty of this scenario is your organization can have just one SSL certificate and use it for all of its web based connections, whether it is OWA, Unified Messaging, Active Sync, etc.
Outlook clients by default when attempting to make an autodiscover connection will try
“https://autodiscover.<smtp-address-domain>/autodiscover/autodiscover.xmlhttps://autodiscover.<smtp-address-domain>/autodiscover/autodiscover.xml “
While this creates simplicity out of the box, only requiring a new “A” record called “autodiscover” in your domain’s public DNS zone, it commits your organization to have a second SSL certificate or a certificate that supports Subject-Alternatives. Subject-Alternatives allow a single certificate to respond to multiple host names. This adds additional cost and headache because not everything supports Subject-Alternatives, including some versions of ISA. Plus in my opinion it is just plain ugly.
Microsoft recommends using a Single-Name Certificate to support not only auto configuration, but the entire public side of your organization. This way your customers only need to resolve one DNS name across the Internet regardless of what Exchange service they are trying to connect. The latest version of Outlook 2007 https://support.microsoft.com/?kbid=939184 supports SRV lookups so that your Outlook client can just query your Exchange domain’s SRV records to discover the correct URL for autodiscovery. Customers simply enter their email address and their Outlook client will automatically find the correct URL to connect your customer to your Exchange Organization’s web services and prompt them to authenticate.
I’m always thinking about DR (Disaster Recovery) and there are a lot of benefits in being able to tell customers that the only thing they ever need in a disaster to conduct business, is an email address and password. The more complex an organization the more important this becomes. Many organizations not only leverage OWA, and Outlook Anywhere, but other mobile devices like Blackberry, iphones, and just about everything else you can snag at Best Buy. Customers should not have a flow chart about what to do in a disaster to communicate with their organization, it should just be one URL and it should be the same URL they use for all of the Exchange Web Based services.
For more information on how to setup the Autodiscovery Service in Exchange 2007 check out the following links.
Microsoft’s White Paper on Autodiscovery. I would start here it gives you all the scenarios you will encounter and the Powershell commands to get the job done. I recently setup a client just by using this document.
https://technet.microsoft.com/en-us/library/bb332063.aspx#HowtoConfigureExchangeServices
The Msexchangeteam guys always do a good job with their articles. Review this article and the helpful links at the end for more information on autodiscovery.
https://msexchangeteam.com/archive/2007/04/30/438249.aspx
Everything your DNS admin needs to know to create an SRV record for Exchange in the public domain.