AutoDiscover (Internal & External)
The Autodiscover service automatically configures and maintains server settings for client computers that are running Microsoft Office Outlook 2007.
This Service allows your Outlook 2007 clients to retrieve the URLs that it needs to gain access to the new web services offered by Exchange server 2007.
Autodiscover service is automatically installed and configured when the CAS (Client Access Server) role is added to any Exchange 2007 server. During the configuration ,a virtual directory is created named Autodiscover under the Default Web Site (SBS Web Applications in SBS) and a Service Connection Point (SCP) object is created in the Active Directory, allowing the Outlook 2007 clients to find and communicate with the Exchange 2007 server
SCP in Active Directory - ADSI Edit - Configuration - CN=Configuration,DC=Server,DC=local - CN=Services-CN=Microsoft Exchange-CN=First Organization-CN=Administrative Groups-CN=Exchange Administrative Group (FYDIBOHF23SPDLT)-CN=Servers-CN=SBS-CN=Protocols-CN=Autodiscover
What is SCP?
The SCP object is used by domain-connected clients to locate the Autodiscover service. The SCP object contains two pieces of information, the serviceBindingInformation attribute and the keywords attribute. The serviceBindingInformation attribute has the Fully Qualified Domain Name (FQDN) of the Client Access server in the form of https://sbs.Server.com/autodiscover/autodiscover.xml, where cas01.contoso.com is the fully qualified domain name (FQDN) for the Client Access server. The keywords attribute specifies the Active Directory sites to which this SCP record is associated. By default, this attribute specifies the Active Directory site to which the Client Access server belongs.
Can get more information About SCP from: http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx
EXCHANGE SERVICES FOR AUTODISCOVER
- Web Based Offline Address Book
- Unified Messaging
- Out of Office Assistant
- Availability Services
Web Based Offlines Address Book :- Microsoft’s Exchange Server 2007 introduces a new method of Offline Address Book (OAB) distribution that does not involve Public Folders (the required method in previous versions of Exchange). The new implementation is an HTTP mechanism that allows the OAB to be downloaded via the web.
Unified Messaging :-
Availability Services :-
How to find the URL's for Availability Service, OOF, OAB, Unified Message Service from outlook client ?
You can test the Autodiscovery configuration service by right clicking the Outlook button while holding the CTRL key. Now you can select the test e-mail auto-configuration , it will launch Test E-mail AutoConfiguration window. Put in the Email Address and the Password, Enable Use AutoDiscover and click the Test Button.
In the results pane you can see the URL's:-
>Availability Service URL
>Unified Message Service URL
HOW AUTODISCOVER WORKS - DOMAIN JOINED CLIENTS
The Outlook 2007 client looks for a SCP (Service connection point) object in Active Directory (Path mentioned above in the blog). The SCP points to an Exchange Server 2007 with the Client Access Server role. The Client Access Server returns the URL for the Autodiscover file (Autodiscover.xml).
The Outlook client establishes a connection via HTTPS to the Client Access Server.
It is possible to disable the HTTPS authentication process for Autodiscover if you want. To disable HTTPS for Autodiscovery modify the following registry key:
HKEY_Current_User\Software\Microsoft\Office\12.0\Outlook\AutoConfiguration – REG_DWORD - UseSSL – change the value to 0.
The Client Access Server returns addresses of Exchange 2007 availability services like Free+Busy and OAB.
HOW AUTODISCOVER WORKS - NON-DOMAIN JOINED/EXTERNAL CLIENTS
For external access, the client locates the Autodiscover service on the Internet by using the primary Simple Mail Transfer Protocol (SMTP) domain address from the user's e-mail address. Because the client is not connected to the domain so AD is not located, it tries to locate the Autodiscover service by using DNS.
External clients will go through a number steps :-
_autodiscover._tcp.<smtpdomain> SRV record
A new feature is available that enables Outlook 2007 to use DNS Service Location (SRV) records to locate the Exchange Autodiscover service.
How to Query fir the SRV Record:-Open CMD
It should show the SRV record with an svr hostname = remote.smtpdomain
- Outlook Test-Email Auto Configuration
Common Issues Autodiscover :
Mutiple Autentication prompts on Outlook 2007
Certificate Warning on outlook 2007
Unable to download Offline Address Book (OAB)
Unable to configure Out-Of-Office (OOF)
RPC over Tunnel problems
Make sure you have SP1 UR9 or SP2+
-They will disable Kernel Mode authentication at the global level in IIS.
In applicationHost.config you should see:
<location path="" overrideMode="Allow">
<windowsAuthentication enabled="false" useKernelMode="false">
Verify the URL we are trying to connect to
-Test E-mail autoconfiguration (Outlook)
-Get-ClientAccessServer | fl *uri* (EMS)
-Get-OABVirtualDirectory | fl *url* (EMS)
-Get-WebServicesVirtualDirectory | fl *url* (EMS)
Make sure the URL is in the Local Intranet zone in IE
Test from IE
Expectation should be no prompts for domain machines that are in the network.
- Non-domain joined machines should get at least 1 prompt if using RPC over HTTP.
-The certificate was replaced in IIS but the Exchange CAS services were not reconfigured.
-Outlook is unexpectedly resolving an autodiscover.domain.com record
- Wildcard domain name resolution
- Can happen to Internal clients failing to connect to /autodiscover/autodiscover.xml.
OFFLINE ADDRESS BOOK ISSUE
-Verify generation on the Exchange server is working as expected.
-Outlook 2007 has to connect to the autodiscover service to learn where to get the OAB from.
-The default e-mail address of the user will determine where Outlook 2007 looks for the autodiscover information.
OUT OF OFFICE ISSUE
-Mostly the same problems as with the OAB
-Can you connect to /ews/exchange.asmx ?
-- Entourage clients with the EWS update will use this too.
RPC OVER HTTP TUNNEL
-Is TS Gateway working?
-Do you trust the certificate?
-Are the authentication settings in /RPC right?
-Is the IAS/NPS service running?
-Does it work for one user and then it stops working?