This is a short article on how to configure Microsoft Exchange Server 2010 Auto Discover feature. I remember when I initially tried to do this years ago, finding any reliable information on getting it working was a challenge, so I decided to write my own basic how-to for anyone else who is facing this dilemma. These instructions should serve as a good starting point/foundation to get Auto Discover configured in your environment. My instructions (Particularly the portion regarding Certificate installation) are based on GoDaddy Certificate services so the instructions may vary slightly from your Certificate provider but most steps should be applicable.
The most important part of ensuring the autodiscover works properly is making sure that your public DNS is configured properly. You will need a few records created and pointed at your exchange server. Below I will list these records and their types as well as what they do, however, I cannot tell you exactly how to configure them as all DNS providers differ slightly and this is not a DNS tutorial. The information is still applicable and can be applied to your records regardless of DNS provider. Later in this post, there is a utility that allows you to test this and all other configurations for accuracy and functionality.
You will need an ‘A’ record to point to your mail server, such as mail.domain.com:
(A) mail.comain.com 188.8.131.52
You will need a ‘CNAME’ to point to your ‘A’ record:
(CNAME) autodiscover.domain.com mail.domain.com
You will need an ‘SRV’ record to define the service for Autodiscover:
(SRV) _autodiscover _tcp @ 10 10 443 mail.domain.com
Now that you have your DNS records in place, lets move on to the Certificate.
For autodiscover to work (properly) you will need a Trusted Certificate. You can obtain this through any of the many vendors but I prefer GoDaddy because they are priced reasonably and their interface is easy to use. In the instructions that follow, we will create a Certificate Request (I will omit the portion about uploading it to the vendor of your choice as this will vary) and then download and install the new certificate on your Exchange Server. You can find the official documentation to complete this step here, which was used to create the instructions below.
- In the console tree, click Server Configuration.
- In the action pane, click New Exchange Certificate to open the New Exchange Certificate wizard. This wizard helps you determine what type of certificates you need for your Exchange organization.
- On the Introduction page, enter a friendly name for your certificate.
- On the Domain Scope page, select the Enable wildcard certificate check box, and then enter a root domain if you want to apply the certificate to all subdomains automatically by creating a wildcard certificate.
- If you didn’t choose to create a wildcard certificate, use the Exchange Configuration page to select the services and protocols that your certificate will need to support. Choose from the following options:
- Federated Sharing If you will be using this certificate for Federated Sharing, select the Use this certificate for Federated Sharing check box.
- Client Access server (Outlook Web App) If you’ll be using this certificate for Outlook Web App, select the appropriate boxes for Outlook Web App on the Intranet or on the Internet and enter the domain name you use to access Outlook Web App.
- Client Access server (Exchange ActiveSync) If you’ll be using this certificate for Exchange ActiveSync, select the Exchange ActiveSync is enabled check box and enter the domain name you use to access Exchange ActiveSync.
- Client Access server (Exchange Web Services, Outlook Anywhere, and Autodiscover) If you’ll be using this certificate for Exchange Web Services, Outlook Anywhere, or the Autodiscover service, select the applicable check boxes and enter the external host name for your organization. For the Autodiscover service, choose whether you will be using the Long URL format, the Short URL format, or a custom format. In the Autodiscover URL to use box, enter the full URL to the Autodiscover service.
- Client Access server (POP/IMAP) Select the check boxes to specify whether your users will be using POP and IMAP on the Intranet and the Internet. Enter the domain names to use for both POP and IMAP.
- Unified Messaging Server If you’ll be using Unified Messaging, choose whether you’ll use a self-signed certificate or a public certificate. You must use a public certificate if you are using Unified Messaging with Office Communications Server. For either option, enter the fully qualified domain name (FQDN) of your Unified Messaging server.
- Hub Transport Server Enter the FQDN of your Hub Transport server if you’ll be using mutual TLS to help secure Internet mail or if you’ll be using a Hub Transport server for POP and IMAP client submission.
- Legacy Exchange Server Select Use legacy domains and enter the legacy domain name if you’re upgrading from a previous version of Exchange Server and will be operating in a coexistence scenario for a period of time during the upgrade.
- Review the list of domains that will be added to the certificate on the Certificate Domains page. You can click Add to add another domain or click one of the domains listed and then click Edit if you need to make changes. Use the Set as common name option to choose one of the domains to be the common name of the certificate.
- On the Organization and Location page, enter information about your Exchange organization. You’ll need to enter the name of your Organization, the Organization unit, and location information including the Country/region, City/locality, and State/province. Under the Certificate Request File Path section, click Browse to select a location for the certificate request file, and then enter the file name you want to use.
- On the Certificate Completion page, verify that all the information you’ve entered is correct. If it is, click New.
- On the Completion page, follow the steps listed to complete your request. This page also contains the cmdlet syntax necessary to create a new certificate.
Once you have created your certificate request, you would upload this request to your certificate provider and they confirm and generate your certificate, which you then download and install. The installation process is outlined below and is based on the instructions from GoDaddy. These instructions may vary slightly depending on the certificate issuer but should be applicable to get you up and running.
- To install the intermediate certificate, click Start, and then click Run. Type mmc, and then click OK. The Microsoft Management Console1 window opens.
- In the Console1 window, click File, and then select Add/Remove Snap-in. The Add or Remove Snap-ins window displays.
- In the Add or Remove Snap-ins window, select Certificates, and then click Add.
- In the Computer Account window, select Computer Account, and then click Next.
- In the Select Computer window, select Local Computer, and then click Finish.
- In the Add or Remove Snap-ins window, click OK.
- In the Console1 window, click + to expand the Certificates (Local Computer) folder on the left.
- Right-click Intermediate Certification Authorities, mouse over All Tasks, and then click Import.
- In the Certificate Import Wizard window, click Next.
- Click Browse to find the intermediate certificate file.
- In the Open window, change the file extension filter to PKCS #7 Certificates (*.spc;*.p7b), select the *_iis_intermediates.p7bfile, and then click Open.
- In the Certificate Import Wizard window, click Next.
- Select Place all certificates in the following store, and then click Browse.
- In the Select Certificate Store window, select Intermediate Certification Authorities, and then click OK.
- In the Certificate Import Wizard window, click Next. Click Finish. Click OK.
- Close the Console1 window, and then click No to remove the console settings.
- To install the primary certificate, click Start, click All Programs, Microsoft Exchange Server 2010, and then click Exchange Management Console.
- On the Left, Click Server Configuration.
- In Exchange Certificates, select your certificate, and then, from the Actions panel on the right, click Complete Pending Request.
- In the Complete Pending Request window, click Browse to locate the certificate file.
- In the Open window, select All Files(*.*) as your file name extension, select your certificate (it might be saved as a .txt, .cer, or .crt), and then click Open. Click Complete. Click Finish.
- In the Exchange Management Console, select your certificate in Exchange Certificates.
- From the Actions menu, click Assign Services to Certificate.
- In the Assign Services to Certificate window, select the server(s) you want to assign services to, and then click Next.
- Select services you want to assign to the certificate, and then click Next. Click Assign. Click Finish.
CONFIGURING EXCHANGE COMPONENTS:
There a few final steps in making sure that auto discover is going to work properly for your exchange server. the commands below will configure external URL’s as well as the Offline Address Book and web service URL’s. These commands should be ran at the Exchange Management Shell and your server/domain name should replace MAIL and domain.com respectively.
Configure outlook Anywhere external host name:
Enable-OutlookAnywhere -Server MAIL -ExternalHostname “mail.domain.com” -DefaultAuthenticationMethod “Basic” -SSLOffloading:$false
Configure OAB external URL:
Set-OABVirtualDirectory -identity “MAIL\OAB” (Default Web Site)” -externalurl https://mail.domain.com/OAB -RequireSSL:$true
Configure Exchange Web Service external URL:
Set-WebServiceVirtualDirectory -identity “MAIL\EWS (Default Web Site)” -externalurl https://mail.domain.com/EWS/Exchange.asmx -BasicAuthentication:$true
Now that you have your certificate installed and your external URL’s set, it is a good idea to run the Microsoft connectivity Analyzer tool against your configuration to make sure everything is configured properly. You can find this tool here. Remember, DNS propagation times apply and you may need to wait up to 24 hours for this to occur. Another essential test is to setup an account in your own outlook (outside of the perimeter firewall of the exchange server) to ensure proper functionality. This will ensure that you do not get calls from users when they are setting up their own Outlook once you provide them with instructions.
If all of your tests are successful, you have just configured Auto Discover services for your Exchange 2010 server. If the tests did not come back successful, I suggest that you use the information in this article to review your configuration and use Google to search for any caveats that may apply to your particular application (Such as exact instructions from your Certificate Provider or DNS host). if nothing else, these instructions should have given you a great starting point to configure Auto Discover.