Configuring Autodiscover in Exchange 2013

Posted: August 20, 2015 in Exchange

Autodiscover service automatically configures Outlook and some mobile phones automatically.The Autodiscover service returns the following information to the client:

-The user’s display name

-Separate connection settings for internal and external connectivity

-The location of the user’s Mailbox server

-The URLs for various Outlook features such as free/busy information, Unified Messaging, and the offline address book

-Outlook Anywhere server settings

More about Autodiscover:https://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx

For users on internal network,autodiscover service works without any settings,but for users out of corporate network,for autodiscover to configure clients,we must install SAN (Subject alternate name)certificates on Exchange server.In SAN certificates we must specify public name of exchange server, the OWA, Outlook Anywhere, Activesync names,and the Autodiscover name.(http://exchangeserverpro.com/exchange-server-2013-ssl-certificates/).These certificates must be obtained from third party CA’s (Certification Authorities).

I got Exchange up and running in previous blog.In this one i will configure autodiscover for users outside of internal network.I used certificate from https://www.startssl.com.You get free certificate,but for only one domain name.

Requesting a certificate

I created certificate request for mejl.bigfirm.info (public name for my Exchange server)

On Exchange,in IE address type https://servername/ecp,go to server-certificates and click plus signs (+)

Untitled10

choose create a request for a certificate from a certification authority and click next

Untitled10

Choose name and click next

Untitled10

click next again

Untitled10

click browse,choose you Exchange server and click next

Untitled10

Here specify external and internal URL’s for autodiscovery,activesync,OWA (Outlook Web Access),offline address book (OAB),

Untitled10

and on this one,specify domain names which will be seen in certificates,because free certificate i going to issue accepts only one name,i set name for my server,if you are to create request for SAN certificate,here you can add names for OWA,autodiscovery and exchange server itself

Untitled10

Fill these fields to satisfy your needs and click next

Untitled10

Specify location for request file and click finish

Untitled10

Go to https://www.startssl.com sign up,click Certificates wizard tab,from certificates target choose web server and click continue

Untitled10

Click skip (we already created request)

Untitled10

Paste content of 1.req file and click continue

Untitled10

click next,and choose name for certificate

Untitled10

It takes about half an hour for cert to be ready,we get mail info.

In meanwhile,import StartSSL Root CA to Exchange server and all client machines which needs outlook configuration when outside corporate network:

Click toolbox-StartCom CA certificates

Untitled10

click  Server Certificate Bundle with CRLs (PEM encoded) and save it to your computer

Untitled10

On client computers and Exchange server,import these certificates into trusted root certification authorities container

Untitled10

Untitled10

Verify CA are in place:

Untitled10

On Exchange Server,after importing StartSSL’s CA,set internal and external URL’s for all virtual directories (i chose same name for internal and external

Untitled10

Untitled10

Obtaining server certificates

When we got mail that startssl cert is ready,go to Toolbox-retrive certificate and choose certificate from drop-down menu

Untitled10

Untitled10

Copy certificate (From –BEGIN CERTIFICATE —- including –END CERTIFICATE— to Exchange server,to file with .CER extension

Untitled10

Issue the certificate,from ECP,click complete,enter path to file with CER extension

Untitled10

Because autodiscover.bigfirm.info is not in the certificate,i had to create SRV record for autodiscover service on public DNS server

Untitled10

  • Priority:the priority of this target host. A client must attempt to contact the target host with the lowest-numbered priority it can reach.The range is 0-65535.
  • Weight: a load-balancing mechanism. When selecting a target host among those that have the same priority, the chance of trying this one first should be proportional to its weight. Larger weights SHOULD be given a proportionately higher probability of being selected. The range is 0-65535.

Check SRV record:

Untitled10

Testing

First try to access autodiscover.xml file from browser,if you get this page,it means that autodiscover service works.Error code 600 is shown because autodiscover service expects an HTTP POST command from Outlook, and not an HTTP GET  from Internet Explorer.

Untitled10

Untitled10

One nice tool for testing autodiscovery is Microsoft Remote Connectivity analyzer (https://testconnectivity.microsoft.com)

Tool first check https://bigfirm.info/Autodiscover/Autodiscover.xml.

then tries redirect check: GET http://autodiscover.bigfirm.info/Autodiscover/Autodiscover.xml

then tried to locate  DNS SRV lookup for _autodiscover._tcp.bigfirm.info, if it exists, the “mejlovi.bigfirm.info” is returned.Autodiscover posts request to https://mejlovi.bigfirm.info/autodiscover/autodiscover.xml.

Untitled3

Untitled4

Untitled5

Outlook should be able to configure acount automatically now

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s