In the context of the Autodiscover feature in Outlook, this feature set includes policy settings and behavior that ensures the service endpoints used for Autodiscover adhere to sovereign cloud requirements.
Exchange 2010 – Setup Auto Discover for Outlook
Specifically, in the Office specific steps that are listed in Autodiscover process step 4 and step 11policy control is available to ensure that appropriate service endpoints are used during the Autodiscover process. The existing policy to bypass this step is still valid and can be used to go to Step 5 without trying the endpoint. Alternatively, there's a new policy that directs Outlook to query a central Office Config Service to retrieve appropriate URLs from which to retrieve the Autodiscover payload.
Conceptually, the process works as follows:. Outlook provides several additional registry-based configuration options that might affect the Autodiscover process:. Use the Office Config Service. Legacy information about autodiscover can be found in the following article in the Microsoft Knowledge Base:.
For more information about Autodiscover, see the following Microsoft articles:. Skip to main content. Select Product Version. All Products. 1sz engine is the feature that Outlook uses to obtain configuration information for servers to which it connects.
In Outlook with Exchange servers, Autodiscover is considered the single point of truth for configuration information and must be configured and working correctly for Outlook to be fully functional.
This article describes the implementation of Autodiscover in the current channel Click-to-Run release of Outlook Office client update channel releases. More information. Autodiscover timing Autodiscover runs at the following times: During account creation. If this process is successful, another try is made one hour later. If the attempt isn't successful, the next try is made 5 minutes later. In response to certain connectivity failures. In various scenarios, when a connection attempt fails, Outlook starts an Autodiscover task to retrieve new settings in any attempt to correct the connection problem.
On a domain-joined computer, Outlook needs to know the UPN for a user in order to initiate the Autodiscover process. In order to get the UPN, Outlook must first look the user up in the directory. Outlook will request that this lookup should chase referrals. In some cases, such as when you add a second account while Outlook is running, the Autodiscover payload is cached to a local file to be used during a restart of the Outlook client.
This is a rare case and typically not the cause of generic Autodiscover issues. For this step, if Outlook decides you are in this special boot scenario and the attempt to retrieve the Autodiscover XML data fails, the whole Autodiscover attempt fails. No additional steps are attempted. If the administrator has deployed this registry value and seeded an autodiscover. This again is an uncommon case and typically not the cause of generic Autodiscover issues. If this step does not retrieve a payload, Outlook moves to step 3.
However, it is still relevant for later versions of Outlook.The questions are usually along the lines of:. Put simply, Autodiscover is a service hosted on Client Access servers that Outlook and clients can use to automatically discover information about the Exchange environment.
This is configurable and is known as Autodiscover site scope. This URL will be one of the Client Access servers in the organization, and will look something like this:.
Autodiscover service in Exchange Server
So for an internal, domain-joined computer the SSL certificate must include the name or names, if more than one exists for the Client Access servers in the organization that a client will be discovering via that SCP lookup.
Externally connected clients are different, because they can't lookup the SCP in Active Directory from outside of the network.
These clients might be roaming laptop users with Outlook, or they might be ActiveSync capable smartphones such as iPhones. For example an iPhone user setting up their Exchange mailbox will enter their email address eg john exchangeserverpro. So for an externally connected client the SSL certificate must include the autodiscover.
Naturally that name must also be in your public DNS zone. The answer is that you will only need an autodiscover name for each SMTP domain that a user is likely to enter as their email address eg in the iPhone example above.
So for most organizations this means any domain names that are used as primary email addresses for mailboxes. Any additional domains that may be legacy names from a previous company name or a merger can probably be left out of the certificate. He works as a consultant, writer, and trainer specializing in Office and Exchange Server. Hi Paul, Thanks for the great article. Quick question If we are using split dns then where should the dns record point to Load balancer to cas array or to any of the cas servers in the site?
I am jst confused to where should I point these dns records to? Hey Paul, lots of great info. I have a simple question maybe you can answer. As of November 1st all. Everything works fine. However our website which is hosted in another state has a section where you can enter in email submissions.
It doesnt send to us at alli dont see it even hitting our filter which is hosted. Could this have anything to do with the SSL? The company which hosts it says its working fine on their end…of course. Get them to send it to you. It might reveal what the problem is on your end. First of all, great work Paul!
Understanding and Setting Up AutoDiscover for Exchange 2010 / 2013
I have my exhange server setup as; External DNS for mail server: mail. Can you please confirm if they are correct. Given that only one certificate can be bounded to IIS, how then do I solve my case, I have 2 acceptable domains, contoso. I have tried to use load balancer KEMP and install both certificate in there, still I receive the same results.
Tried to create a separate IIS server for contoso, the OWA there works internally and externally with the rights certificates but still when configuring outlook with the other one it fails and when configured with the one working it will give errors regarding the other domain certificate.Autodiscover is a feature in Exchange Server and higher which is being used by Outlook or higher. Autodiscover is a very useful feature in Exchange and Exchange that makes it possible to automatically create Outlook and Outlook profiles.
The first time Outlook is started you only have to enter your name, E-mail address and password and the rest is configured automatically. For the external facing domain name the FQDN webmail. Autodiscover is not a one off action performed by the Outlook client. Outlook will try to autodiscover the Client Access Server every hour to check for changes in the infrastructure.
If found the Outlook profile will be changed accordingly. During the installation of the Client Access Server a self-signed certificate is created.
The self-signed certificate is meant primarily for testing purposes and will not be accepted by default by any client. Figure 5. The security certificate presented was not issued by a trusted certificate authority.
The next step is to start Outlook. As you can see this is an SSL connection so the certificate on the CAS server is going to play an important role in this step. Outlook is going to contact this URL, but since a self-signed certificate is installed Outlook will generate an error message.
This error message is only shown in OutlookOutlook will ignore the error and continue with the next step. Figure 7. Certificate error message shown during autodiscover process in Outlook The Outlook provider passes the request to the Services Discovery Service which retrieves the information from Active Directory.
But during this restart a certificate warning will still be shown:. When you click the Test button Outlook will test the Autodiscover functionality and show the results after approx.
To setup a connection with the Exchange server Outlook will use the MAPI protocol and this will only be used for e-mail information. Unfortunately this will not work straight away: the operating system where the Outlook client is running Windows 7 in our example will not allow the HTTPS traffic based on the wrong certificate security is not guaranteed and show an error message:.
Figure Can someone please explain what is the process you need to do to get Autodiscover to work in Microsoft Exchange server ? Have you installed trusted certs for these urls?
Is it not working from inside the network or outside the network or both? Check your autodiscover configuration using "Remote Connectivity Analyzer" tool. Additionally, you must correctly configure external url for the availability service and autodiscover service. Our autodiscover is working only inside the domain - but not outside. We have an SSL certificate, and if we check autodiscover. But if we check the certificate of company. In-order for the autodiscover to work, does company. Because our emails are person company.
If not, what else could be causing the issue that the autodiscover is not working outside the domain? By default windows,Basic,Anonymous are enabled. Second, is this server published via SSL to the outside world? Are your clients issuing a warning or not performing Autodiscover at all?
However, as a side note, I avoid this because it does generate warning messages at the very least.Verify and Configure Autodiscover
Not an IT pro? Sign in. United States English. Ask a question. Quick access. Search related threads. Remove From My Forums. Answered by:. Previous Versions of Exchange. Exchange Server This forum provides a place for you to discuss the Exchange You are welcome to come and post questions and comments about your experience with this software. Sign in to vote. I want to know because I have Exchange server and autodiscover isn't working for me.
I have the address autodiscover. Wednesday, January 30, PM. Hi How did you configure your URL's? Thursday, January 31, AM. Run outlook any where using RCA and see what it returns.Exchange works fine for all current clients, but the autodiscover does not work - internally or externally, so I cannot add any new clients.
Setting up as IMAP does work, but requires manual setup whenever they log into a new machine. Went EMC, Server configuration, client access, reset virtual directory.
Maybe it helps to reproduce tue Setup Process. If there's a problem with the source I'd check if the website files are all ok in the webfolder. Thank you for the reply. The video skips over autodiscover and focuses on outlook anywhere.
I can't even get local domain clients to connect! To continue this discussion, please ask a new question. Adam CodeTwo. Get answers from your peers along with millions of IT pros who visit Spiceworks. Another Monday disaster! Best Answer. Popular Topics in Microsoft Exchange. Which of the following retains the information it's storing when the system power is turned off? Is the windows server and Exchange service up to date? Not sure what this is supposed to have in it. This topic has been locked by an administrator and is no longer open for commenting.
Read these nextAt the first place, quick explanation what is Autodiscover. How does Outlook check for Autodiscover functionality? If you have only one or two domain seasiest way for properly configuration is use SAN certificate, which will include FQDN autodiscover. But if you have many domains, this option in not good for you. Although you can buy SAN certificate with many domain names, that option have two downsides.
Certificate is very expensive, and if you want to add additional domain, you need to buy new certificate. When user start Autodiscover configuration, first 3 steps will be skipped but on 4th step Outlook will find SRV record and will be redirected to correct Autodiscover address.
My company has two domains, technicaltrainer. Certificate is issued for autodiscover. I will create SRV record in tech-trainer. Outlook still tries to use the domain of the email address in the auto-discover request.
So even if using a simple A name record, or even a PTR record, the original request from Outlook still has the original domain name… am I missing something?
In internal network this points to your DC, and if it happens to have www services with a certificate it will cause the wrong cert error. Your email address will not be published. This site uses Akismet to reduce spam. Learn how your comment data is processed. Who is Tech Trainer? Skip to content Search for:. Now we can back to subject of this post :. Does the warning show only you domain name?
IE, company. Leave a Reply Cancel reply Your email address will not be published. Social Share Buttons and Icons powered by Ultimatelysocial.I'm in the process off setting up Exchange in our organization and have a question on the AutoDiscovery service.
I would like to supply all clients with the external name of the Client access server instead of the internal. The internal is exhub1 and the external exchange. If client's get the internal address they won't be able to connect from the outside. Where can I find settings to do this.
Preferably the internal name would not be used in any scenario. Through the Autodiscover, it retrieves the name of the CAS which associated with Mailbox Database to connect the mailbox server. We are currently not using ISA.
The certificate will be a UC certificate. The request is still pending. What do you mean by split brain? We alread have a externaldomain. This will ofcourse be a problem for a laptop moving out of the office, so instead I'd like the reply to be exchange. To much work in the last few days. What you are saying is I should add records in my internal DNS for the external.
Point my Exchange users to it and they will use it on the inside and the outside. So I access my CA server and changed every CA roles internal address to the same as the external one. Is there anything else I need to do or will this eventually just replicate out in the domain? Ok got it. I had to create a CAS cluster even if it is only one frontend server for now. Outlook is now connecting to the server.
Not an IT pro? Sign in. United States English. Ask a question. Quick access. Search related threads.