One very useful feature of Exchange server is that of the Autodiscover service. Microsoft Exchange Server 2010 provides a feature known as the Autodiscover service which is used to configure the user profiles of Outlook 2007 or Outlook 2010 clients. Additionally it is also supported on phones running Windows Mobile 6.1 or later versions.
The Autodiscover service also allows clients to get access to the various features of Exchange server while connected. Using the user’s email address and password profile the Autodiscover service provides profile settings for Outlook 2007 and Outlook 2010. It can also leverage the domain accounts of clients that are joined to domains.
Some of the benefits of using the Autodiscover service include the time savings and often cumbersome process that email Administrators had to go through when configuring user profiles manually for Exchange 2003 SP2 (or earlier) and Outloook 2003 (or earlier). Further adding to the sometimes moribund tasks that administrators have to periodically perform was also the fact that if changes or updates were made to any of the users’ profiles then the process would have to be repeated manually to reconfigure those profiles. Without these manual changes administrators would run the risk of Outlook clients no longer working in their normal manner.
Another benefit of the Autodiscover service is to reduce the downtime associated with a disaster recovery scenario. Downtime can be reduced to minutes when the time required for reconfiguring user profiles after a disaster could take much longer when done manually as opposed to letting the Autodiscover service handle it.
Some of the profile settings that are presented to the clients by the Autodiscover service include:
- Users’ display names
- Connection settings for internal and external connectivity
- Locations of Mailbox servers for each user
- URLs of Outlook features that give access to free/busy information, Unified Messaging, and the offline address book
- Outlook Anywhere server settings
One of the problems with Autodiscover service that some email administrators have complained about is that they are unable to stop the Autodiscover redirect warning messages in Outlook 2007. The Autodiscover redirect warning messages are displayed for HTTP and DNS Service Location (SRV) records redirections. The Autodiscover redirect warning message will be displayed as:
“Allow this website to configure firstname.lastname@example.org server settings?
Your account was redirected to this website for settings.
You should only allow settings from sources you know and trust.”
This new feature which allows Outlook 2007 to use the DNS Service Location (SRV) records to locate the Exchange Autodiscover service was discussed in article 940881 that can be found in the Microsoft Knowledge Base.
However, this problem was fixed in the Outlook 2007 post-Service Pack 1 (SP1) hotfix package (dated September 24, 2008). The hotfix is described in the Microsoft Knowledge Base article 957909.Once the hotfix has been downloaded and installed it still needs to be enabled which requires some changes made to the registry. Those changes include modifications to the following registry subkeys:
As always only administrators should be making changes to the registries and they should always make backup copies prior to making changes in the event that changes are inadvertently made while typing new settings.
Another problem that an administrator may encounter is during the process of configuring Outlook 2007 Autodiscover service to be able to use a remote domain. When configuring the service they may receive a “certificate mismatch error”. Other administrators have already noted this error and a hotfix is available to correct this problem. Administrators can download and install the hotfix package 939184. Once applied, the AutoDiscover service will then use DNS Service Location (SRV) records to locate the appropriate AutoDiscover URL. This will result in Outlook 2007 being enabled to use DNS Service Location (SRV) records to locate the Exchange AutoDiscover service
Another issue related to using the Autodiscover service with Outlook 2007 and Exchange server 2007 can be indicated if the following error message is received:
“Information you exchange with this site cannot be viewed or changed by others.”
This error message often indicates that there is a problem with the security certificate associated with that web site. This can be explained when the client and the Exchange server are on different subnets and the router that is used to connect from the subnet listens to TCP Port 443 (HTTPS). The result is that the Autodiscover mode of Outlook 2007 and Exchange 2007 may fail. If there is a problem with DNS name resolution or the socket cannot support a Secure Socket Layer (SSL) connection then the above mentioned error message may be produced.
Outlook would attempt to use a secure channel (socket) to communicate between the client and the server which could lead to a certificate mismatch condition.
A workaround that can be used on Cisco routers is to disable them from listening to TCP Port 443. A network administrator can use the following command to disable listening on this port:
“no ip http secure-server”
Another diagnostic step an administrator can take is to use the “NSLOOKUP” command to verify that the correct DNS settings have been configured for the particular DNS Service Location (SRV) record:
In summary, there are many benefits to using the Autodiscover service the most important of which is the ease and automation of configuring user email profile settings.