Monday, October 27, 2008

Autodiscover and Outlook Anywhere

[This post comes courtesy of Steven Goddard]

The Autodiscover service is new feature of Exchange 2007 and Outlook 2007. The goal of the new Autodiscover service is to reduce the time spent configuring clients. Autodiscover aids in profile creation and passing the URL’s back to the client for the Offline Address Book (OAB), free/busy, and Out of Office settings. You will see a number of new virtual Directories (vdir’s for short) in IIS, including Autodiscover, OAB, EWS.

Note: During SBS setup, all Exchange vdir’s are “moved” form the “Default Web Site” to the “SBS Web Applications” site.

Outlook Anywhere used to be known as RPC over HTTP in the SBS 2003 timeframe. It has been renamed, but in general, it is the same. It allows an Outlook client to communicate to the Exchange Server over HTTPS. No special ports need to be opened up, just the standard 443. Exchange builds upon the Windows 2008 feature “RPC over HTTP Proxy”. It works with both Outlook 2003 and Outlook 2007. Outlook Anywhere is automatically configured when you run the Internet Address Management wizard.

Here is some more info for Autodiscover and more info for Outlook Anywhere.

What does this all mean?

With Outlook 20007 and Exchange 2007 in SBS 2008, profile creation and ongoing maintenance is greatly simplified thanks to Autodiscover. Setting up Outlook Anywhere is automatic as well.

On domain joined machines, when a user starts Outlook 2007 for the first time, they no longer have to specify any information if their computer is joined to the domain. Outlook 2007 will start, gather the information automatically, log the user on to their mailbox, and begin retrieving information from your Exchange deployment.

On remote/non domain joined machines, you will have to do a few extra steps, but a lot less than the manual configurations with Outlook 2003 for RPC/HTTP. Basically, you will need your email address and password and you are ready to go. First, fill in the info below:

image

Outlook 2007 will try to use find the Autodiscover XML at:

  • https://contoso.com/autodiscover/autodiscover.xml
  • If above fails, outlook will try https://autodiscover.contoso.com/autodiscover/autodiscover.xml

Both of those will fail in the default SBS case as the info is actually at https://remote.contoso.com/autodiscover. With Outlook 2007 SP1 and above, outlook adds a third check. It checks a SRV record, or service. When you run the Internet Address Management wizard with a partner, this SRV record is automatically set. It looks like:

  • _autodiscover._tcp IN SRV 0 0 443 remote.contoso.com

Outlook will pop up the following informational popup:

image

After selecting allow, Outlook will receive the XML information from the SBS/Exchange server, and automatically create your profile including your Outlook Anywhere settings.

image

What about Outlook 2003?

Outlook 2003 story is similar to SBS 2003. For domain joined machines, we push a PRF file down to aid in first time profile creation to the Exchange server. Outlook Anywhere must be configured manually for domain joined machines (i.e. laptops) and non domain joined remote machines. Instructions are on Remote Web Workplace.

image

So make sure those Service (SRV) records are configured correctly!

Make sure you continue reading to the Windows Mobile and Gotchas with Self-Issued Certs!


10 comments:

Anonymous said...

Sean,

I have done a test install using the MAPS media, and the first production deployment last week, and have found no autodiscover stuff setup at all in dns, or srv records, so it didnt work at all. It also didnt push the prf file to the Outlook 2003 clients, so they didnt get any config done either. What have I missed here?

Regards
Daryl

Sean Daniel said...

They key peice you are missing is that Autodiscover is a 2007 only feature. Sorry, you'll have to upgrade to take advantage of that feature.

Sean

Daryl Maunder said...

Sorry, that wasnt very clear. Server is SBS2008, mixture of OL2007 and OL2003 clients, all on WinXP.

I was meaning that the OL2007 clients didnt get profiles setup automatically via AutoDiscover, and in fact Autodiscover didnt seem to be setup at all, ie no autodiscover A or SRV records in the internal DNS.

I also meant that the OL2003 clients also didnt get the PRF file pushed to them like you said they would.

Sean Daniel said...

Hi Daryl,

Are you sure the clients are domain joined? they only get things pushed to them if they are properly domain joined.

When you say the SRV or A records weren't set up, are you using one of our domain name partners? is the Dynamic DNS client running?

Iain Fogg said...

I have the same issue as Daryl. I have a clean build of SBS 2008 and have no auto-discover records in the locally defined DNS for remote.mydomain.com (which I understand are just for Outlook 2007).

Also, I have Outlook 2003 and when I start it on a PC which was added with the ConnectComputer method to the domain (and which also was a clean build of Vista), nothing is auto-configured as it should be. Where should the automatically created PRF be to get pushed down to the client?

In SBS 2003 this worked automatically - why would it not work now?

Thanks

Iain

Sean Daniel said...

Hi Iain,

A few questions for you:
(1) is the user a local admin on that machine. I believe to do PRF installations, you need to be one

(2)Can you run powershell from the server in an elevated mode and run get-clientaccessserver and let us know what the output is? This will help us to understand what's wrong with Autodiscover.

Thanks!

Anonymous said...

Sean

When I follow your instructions above and paste the request file in for a UCC certificate from Comodo I see the request file actually contains 3 domains : company.com, remote.company.com, servername.internal.local. So if I was to paste the request in to a standard, in Comodo's case, InstantSSL, certificate request which domain would be used? I'm confused about all of this autodiscovery stuff - do we really need to care? Does your method mean that Outlook 2007 clients should work without the certificate error message?

Thanks

Sean Daniel said...

What do you use for remote web workplace? I presume remote.company.com, at least that's the default. This is the instant SSL cert you should request. You only need one to get all the SBS functionality working.

You should care about autodiscover, because if you have any Outlook 2007 clients, they will call the autodiscover setting about once every 5 minutes, causing havok for your users if it's not set up correctly. If you are using the remote.company.com, you will need a service record (or SRV record) that points the autodiscover service to the appropriate A record, the remote A record.

The official SBS blog has a good write-up on this.

Good luck!

Anonymous said...

I guess when I start playing with it I will begin to understand! As remote.company.com is the default in SBS2008, I guess I will just create an A record for that.

From what you are saying, I can still get away with the standard SSL cert that I have been use to with Exchange 2003 / SBS 2003, but with SBS2008 specifically a SRV record should be created automatically for internal Outlook 2007 (domain registered) clients (I see a forward lookup zone has been created), but for external access e.g. OWA we need to create a SRV record via our DNS managing company, providing they can create these types of records?

Thanks
Adrian

Sean Daniel said...

that's correct. with the SRV record, you can use a single name SSL certificate.