Monday, December 29, 2008

Configuring Autodiscover for Exchange 2007

The Autodiscover service provides a mechanism to automatically configure Exchange 2007 client applications to access the Client Access server.

It is used to set up client applications like Outlook to work with Exchange by returning configuration data that is necessary for applications to function properly without requiring users to know where to fetch the data, such as discovery of the server that hosts a user's mailbox.

Configuring Autodiscover for External Access

Outlook 2007 tries the following two URLs to try to connect to the Autodiscover service:

Step 1: Configuring DNS

We will discuss the two simple and most commonly used scenarios here:

1. Using a SSL Certificate That Supports Multiple DNS Names
There are third-party Certification Authorities (CAs) that currently support Subject Alternative Names. In this you provide all the necessary DNS names like, etc. in the same certificate by using a Unified Communications certificate that supports the Subject Alternative Name field.

For the Autodiscover service to function correctly, you must add an additional host record ( so that Outlook 2007 clients can locate and connect to the Autodiscover Service when they use the Outlook Anywhere feature from the Internet. The host record you create should map to the Public IP Address that will be used as the entry point to your Client Access server.

2. Using One Single-Name Certificate and the Autodiscover SRV Record
This solution is to use one single-name certificate installed on the Default Web Site.
If your DNS provider supports SRV records, this solution is the simplest and least expensive way to deploy Outlook Anywhere in hosted and non-hosted Exchange 2007 environments.

Create an SRV record:
Service: _autodiscoverProtocol: _tcpPort Number: 443 Host:

For more information on Outlook 2007 and Autodiscover SRV records configuration, please read this knowledgebase article:

Step 2: Modify the Service Connection Point (SCP)

By default, the URL for the Autodiscover Service stored in the SCP object in Active Directory will reference the internal FQDN for the Client Access server during Exchange 2007 Setup. You will use the Set-ClientAccessServer cmdlet to modify this URL so that it points to the new location (FQDN) for the Autodiscover service.

In the Exchange Management Shell, run the following command:

Set-ClientAccessServer -identity CAS_servername -AutodiscoverServiceInternalUri

You can point this to if you are using DNS host record for

Step 3: Configuring Exchange Services for Autodiscover

1. Enable Outlook Anywhere for the external host name.

Enable-OutlookAnywhere -Server CAS_servername -ExternalHostname "" -ExternalAuthenticationMethod "Basic" -SSLOffloading:$False

2. Configure the external URL for offline address book for the Autodiscover service.

Set-OABVirtualDirectory -identity "CAS_servername\OAB (Default Web Site)" -externalurl -RequireSSL:$true

3. Configure the external URL for Unified Messaging for the Autodiscover service.

Set-UMVirtualDirectory -identity "CAS_servername\UnifiedMessaging (Default Web Site)" -externalurl -BasicAuthentication:$True

4. Configure the external URL for Exchange Web Services for the Availability service and Out of Office services.

Set-WebServicesVirtualDirectory -identity "CAS_servername\EWS (Default Web Site)" -externalurl -BasicAuthentication:$True