Exchange 2007 Autodiscover and certificates

With Exchange 2007 we introduce the idea of the Autodiscover service. This service allows your Outlook 2007 clients to retrieve the URLs that it needs to gain access to the new web services offered by Exchange 2007. These web services (OAB, UM, OOF, and Availability) provide a good portion of the new functionality available to […]

With Exchange 2007 we introduce the idea of the Autodiscover service. This service allows your Outlook 2007 clients to retrieve the URLs that it needs to gain access to the new web services offered by Exchange 2007. These web services (OAB, UM, OOF, and Availability) provide a good portion of the new functionality available to Outlook 2007. Please see this blog post for more details on Outlook 2007 feature matrix based on the Exchange server version.

For domain joined clients Outlook is able to find the Autodiscover service using a service connection point (SCP). The SCP is an AD entry specific to each client access server. When Outlook 2007 is able to securely connect to the domain and read this entry from AD, it can connect directly to this URL. Once connected to the Autodiscover end point, the Autodiscover service provides the client with the URLs of the other exchange web services.

For non domain joined clients or clients that are not able to directly access the domain, Outlook is hard coded to find the Autodiscover end point by looking up either https://company.com/Autodiscover/Autodiscover.xml or https://Autodiscover.company.com/Autodiscover/Autodiscover.xml (where company.com is the portion of the users SMTP address following the @ sign). This means that to service clients in this scenario we must provide connectivity to one of these URLs. On the surface this should not be hard; but this connection is made over SSL and requires a valid certificate.

The communication to Autodiscover end point and subsequent communications to the services all occur over SSL. This requires that we have valid certificates (trusted, matching the name of the URL we are connecting to, and not expired) for the Autodiscover connection point and the services URLs. By default the services URLs are all variations of https://serversname.

View: Full post

Microsoft, Exchange, Server, Outlook Web Access, Outlook,Exchange 2007, Security, Autodiscover, Certificates