For Internet Outlook 2007 users, the basics of this service are that they enter their email domain (name@emaildomain.tld) and Outlook automatically tries to connect to:

  • https://emaildomain.tld/autodiscover/autodiscover.xml
  • https://autodiscover.emaildomain.tld/autodiscover/autodiscover.xml

When retrieving settings from one of these URLs, HTTPS (SSL) is required — which means there must be a valid security certificate installed for that web site that matches the site name.

This, of course, poses an interesting problem for Exchange-based messaging hosters who do not want to have to buy a unique SSL certificate and set up a new web site for each new hosted domain.  (If they are hosting mail for mycrazywidgets.org, they don’t want to have to buy a valid certificate for autodiscover.mycrazywidgets.org).  This also may be an issue for corporate environments that host multiple email domains but do not wish to purchase a certificate for each one.


We have a solution for this — that you can try out once Office 2007 Beta 2 Technical Refresh is released.  (Check here, I think, for when it is released).

There are a set of “one-time” configuration steps for hosters to get going, and then a set of steps for each new email domain that you host:

One-time configuration steps for multi-domain hosting & AutoDiscover:

  1. Create a new virtual web site (on a new IP) that is Internet-facing.  Call it something like “autodiscoverredirect.[hosterdomain.tld]” where [hosterdomain.tld] is your ‘main’ domain name.  {The actual name of this virtual web site isn’t really important}.  No certificate is required for this web site.
  2. Create an /autodiscover/ virtual directory on that web site.
  3. Create an empty file in this directory called “autodiscover.xml”
  4. Through IIS manager, configure that file to be a redirect to https://autodiscover.[hosterdomain.tld]/autodiscover/autodiscover.xml.  (This can be set on the properties page of the file through IIS manager).

Per-domain configuration steps:

For each new hosted email domain

  1. The DNS configuration of that email domain must be changed to add a CNAME record for “autodiscover.[emaildomain.tld]” pointed to “autodiscoverredirect.[hosterdomain.tld]”.

Given that you already have to make DNS changes to host a new email domain (i.e., configure the MX record), this should just be one small additional step in that existing process.

Client experience

Now, what happens when a user types in emailaddress@[emaildomain.tld] into Outlook 2007?  This isn’t the complete list, but Outlook will:

  • Attempt to connect to https://emaildomain.tld/autodiscover/autodiscover.xml & fail.
  • Attempt to connect to https://autodiscover.emaildomain.tld/autodiscover/autodiscover.xml & fail.
  • Attempt to connect to http://autodiscover.emaildomain.tld/autodiscover/autodiscover.xml & succeed — but receive an HTTP-level redirect to https://autodiscover.[hosterdomain.tld]/autodiscover/.
  • Warn the user about this redirect and ask them if they trust getting their settings from [hosterdomain.tld].  (The warning can be turned off by the user after the first time).  It says:  “Allow this website to configure user@domain.tld server settings?” followed by the URL of autodiscover at the hoster domain.  If the user does not recognize the hoster domain, then they should cancel.
  • If the user accepts, Outlook will then connect to https://autodiscover.[hosterdomain.tld]/autodiscover/ and retreive profile settings.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Microsoft

Azure – Your account is temporarily locked to prevent unauthorized use

Here is the another common error message when dealing with directory and password synchronization.  Error Message: Your account is temporarily locked to prevent unauthorized use. Try again later. Contact Customer Support if the problem persists Read more…

Microsoft

Verify Service Status Remotely Using Local Account – PowerShell Script

I have modified one of my previously published script – Stop, Start, Disable Service Remotely–PowerShell Script (http://portal.sivarajan.com/2011/05/stop-start-disable-service.html) to use Local account (instead of a domain account) to verify the status of the service.   Input Read more…

Microsoft

Collect Computer Information From Active Directory– PowerShell Script

This PowerShell script can be used to collect computer information from Active Directory.   I am searching only Windows XP and Windows 7 machines.  You can update these values  by modifying $OS1 and $OS2 variables. $OS1 Read more…