If you have Exchange server 2010 or newer, and have multiple domains active on your Exchange infrastructure (maybe you are hosting company with hosted Exchange service), you must be wondering how to properly configure Autodiscover. At the first place, quick explanation what is Autodiscover.
The Autodiscover service provide easier configuration Outlook clients (2007 or newer) and some mobile phones. Through the Autodiscover service, Outlook finds a new connection point made up of the user’s mailbox GUID + @domain portion of the user’s primary SMTP address. The Autodiscover service returns the client user’s display name, separate connection settings for internal and external connectivity, location of the user’s mailbox server, URLs for various Outlook features and Outlook Anywhere server settings. When a user’s Exchange information is changed, Outlook automatically reconfigure the user’s profile using the Autodiscover service.
Autodiscover service relies on HTTPS and SSL certificate and because that is very important to properly configure the Autodiscover service. FQDN which you want to use for Autodiscover need to be added to DNS zone and included in the certificate, and same name must be configured on Exchange server. How does Outlook check for Autodiscover functionality?
- Autodiscover check https://<smtpdomain>/Autodiscover/Autodiscover.xml
- Autodiscover check https://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml
- Autodiscover check http://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml
- Autodiscover check for SRV lookup for _autodiscover._tcp.<smtpdomain>.
Now we can back to subject of this post :).
If you have only one (or two) domain(s), easiest way for properly configuration is use SAN certificate, which will include FQDN autodiscover.domain.com. But if you have many domains, this option in not good for you. Although you can buy SAN certificate with many domain names, that option have two downsides. Certificate is very expensive, and if you want to add additional domain, you need to buy new certificate. In that situation, the best way is use one certificate with one FQDN and configuring SRV DNS records for each domain. When user start Autodiscover configuration, first 3 steps will be skipped but on 4th step Outlook will find SRV record and will be redirected to correct Autodiscover address.
Autodiscover SRV record must be configured:
Port Number: 443
Host: autodiscover.<primairy smtp domain>
My company has two domains, technicaltrainer.info and tech-trainer.info. Certificate is issued for autodiscover.technicaltrainer.info, but I want to configure Autodiscover for tech-trainer.info domain with existing certificate. I will create SRV record in tech-trainer.info DNZ zone, and all Autodiscover queries for tech-trainer.info domain will be redirected to autodiscover.technicaltrainer.info.
Port Number: 443