For Internet Outlook 2007 users, the basics of this service are that they enter their email domain (name@emaildomain.tld) and Outlook automatically tries to connect to:

  • https://emaildomain.tld/autodiscover/autodiscover.xml
  • https://autodiscover.emaildomain.tld/autodiscover/autodiscover.xml

When retrieving settings from one of these URLs, HTTPS (SSL) is required — which means there must be a valid security certificate installed for that web site that matches the site name.

This, of course, poses an interesting problem for Exchange-based messaging hosters who do not want to have to buy a unique SSL certificate and set up a new web site for each new hosted domain.  (If they are hosting mail for, they don’t want to have to buy a valid certificate for  This also may be an issue for corporate environments that host multiple email domains but do not wish to purchase a certificate for each one.

We have a solution for this — that you can try out once Office 2007 Beta 2 Technical Refresh is released.  (Check here, I think, for when it is released).

There are a set of “one-time” configuration steps for hosters to get going, and then a set of steps for each new email domain that you host:

One-time configuration steps for multi-domain hosting & AutoDiscover:

  1. Create a new virtual web site (on a new IP) that is Internet-facing.  Call it something like “autodiscoverredirect.[hosterdomain.tld]” where [hosterdomain.tld] is your ‘main’ domain name.  {The actual name of this virtual web site isn’t really important}.  No certificate is required for this web site.
  2. Create an /autodiscover/ virtual directory on that web site.
  3. Create an empty file in this directory called “autodiscover.xml”
  4. Through IIS manager, configure that file to be a redirect to https://autodiscover.[hosterdomain.tld]/autodiscover/autodiscover.xml.  (This can be set on the properties page of the file through IIS manager).

Per-domain configuration steps:

For each new hosted email domain

  1. The DNS configuration of that email domain must be changed to add a CNAME record for “autodiscover.[emaildomain.tld]” pointed to “autodiscoverredirect.[hosterdomain.tld]”.

Given that you already have to make DNS changes to host a new email domain (i.e., configure the MX record), this should just be one small additional step in that existing process.

Client experience

Now, what happens when a user types in emailaddress@[emaildomain.tld] into Outlook 2007?  This isn’t the complete list, but Outlook will:

  • Attempt to connect to https://emaildomain.tld/autodiscover/autodiscover.xml & fail.
  • Attempt to connect to https://autodiscover.emaildomain.tld/autodiscover/autodiscover.xml & fail.
  • Attempt to connect to http://autodiscover.emaildomain.tld/autodiscover/autodiscover.xml & succeed — but receive an HTTP-level redirect to https://autodiscover.[hosterdomain.tld]/autodiscover/.
  • Warn the user about this redirect and ask them if they trust getting their settings from [hosterdomain.tld].  (The warning can be turned off by the user after the first time).  It says:  “Allow this website to configure user@domain.tld server settings?” followed by the URL of autodiscover at the hoster domain.  If the user does not recognize the hoster domain, then they should cancel.
  • If the user accepts, Outlook will then connect to https://autodiscover.[hosterdomain.tld]/autodiscover/ and retreive profile settings.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts


Azure Password Reset – The Password you’ve selected does not meet your Active Directory password policy

This is a common error message when you try to reset a password from Azure management port or Self service portal.  The error message is very clear here – “The Password you’ve selected does not Read more…


Azure – Your account is temporarily locked to prevent unauthorized use

Here is the another common error message when dealing with directory and password synchronization.  Error Message: Your account is temporarily locked to prevent unauthorized use. Try again later. Contact Customer Support if the problem persists Read more…


Verify Service Status Remotely Using Local Account – PowerShell Script

I have modified one of my previously published script – Stop, Start, Disable Service Remotely–PowerShell Script ( to use Local account (instead of a domain account) to verify the status of the service.   Input Read more…