Autodiscover is Hero of Exchange Motherland!

Slides:



Advertisements
Similar presentations
MEC /5/2017 1:13 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Advertisements

Exchange Server 2010 Upgrade and Deployment Meelis Nigols koolitaja IT Koolitus.
Welcome to the Exchange 2013 Webcast Deployment & Coexistence.
Staff Computer Training Exchange 2003: More User Friendly Vicki Hecht Cherry Delaney ITaP Luncheon October 14, 2003.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
1 of 3 Open Outlook On the Tools menu, click Account Settings. 1 Enable Outlook Anywhere 2 Click your Microsoft Exchange account, and then click.
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Domain Name Server © N. Ganesan, Ph.D.. Reference.
IMAP migration Cutover migration Staged migration 2010 Hybrid2013 Hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.
Archiving in the cloud with Exchange Online Archiving Bharat Suneja Sr Technical Writer | Exchange Microsoft Corporation EXL301.
MEC /19/2017 7:51 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Windows Server 2008 Chapter 8 Last Update
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Archiving in the Cloud with Exchange Online Archiving BHARAT SUNEJA SR TECHNICAL WRITER | EXCHANGE MICROSOFT CORPORATION EXL301.
TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Introduction 4 FeatureSimpleHybrid Mail routing between on-premises and cloud (recipients on either side) Mail routing with shared namespace (if desired)
Zbyněk Saloň Exchange 2013 – Autodiscover - Overview.
Exchange 2010 Recipient and Mailbox Management IT:Network:Applications.
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
EXL311: Exchange Server 2013 Architecture Deep Dive Scott Schnoll Microsoft Corporation EXL311.
Chris Goosen Infrastructure Consultant Kloud Solutions.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Securing Microsoft® Exchange Server 2010
User CAS DAG For any given mailbox’s connectivity, the user is always served by the server that hosts the active database copy Each CAS determines.
New | Remove-SearchDocumentFormat New | Remove | Set | Get- IntraOrganizationConnector Get-IntraOrganizationConfiguration.
Copyright 2000 eMation SECURITY - Controlling Data Access with
Exchange Exchange Server Role Architecture in Exchange Server 2013 Server roles in Exchange Server 2013: Client Access Server Mailbox Server Client.
Click to edit Master title style TechNet goes virtual ©2009 Microsoft Corporation. All Rights Reserved. TechNet goes virtual Upgrading and Coexisting with.
RPC Over HTTPS - Mailbox Access Note – OS & Outlook (2007/2010) should be fully patched with latest service pack and patches.
Scott Schnoll m Microsoft Corporation.
Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing.
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Exchang ing. Ex-mail Ex mail is windows base mailing service where With Microsoft Exchange and Users can do more than send and receive. Exchange.
Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.
Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
Module 11 Upgrading to Microsoft ® Exchange Server 2010.
Integrating and Troubleshooting Citrix Access Gateway.
Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Exchange Server versionForest "rangeUpper" attribute of ms-Exch-Schema-Version-Pt Exchange 2000 Server RTM4397 Exchange 2000 Server SP34406 Exchange.
Exchange Hybrid Deployments: Stairway to Heaven or Highway to Hell?
ProductExchange 2013 SP1Exchange 2013 RTMExchange 2010 SP3Exchange 2007 SP3 Outlook 2013 SP1 or later MAPI over HTTP Outlook Anywhere Outlook Anywhere.
EWS Overview Tom Jebo Microsoft Open Specifications.
BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Microsoft Virtual Academy Dean Yamada | Senior Premier Field Engineer, Microsoft Stephen Hall | Cloud Solutions Specialist, District Computers.
Office 365 Migration Challenges Drew St. John 2016 Redmond Summit | Identity Without Boundaries May 24, 2016 Consultant
Configuring a Proper SMTP Relay for Exchange On-Prem and Exchange Online Jeff Guillet, MVP | MCSM | CISSP.
Improving Your Application with IntelliTrace #ITDevConnections.
Architecting Enterprise Workloads on AWS Mike Pfeiffer.
1] MTNL ID user with/without static IP
Planning and Deploying Client Access Servers
Data Virtualization Tutorial… SSL with CIS Web Data Sources
Office 365 Migration – Understanding Migrations Part 1
Microsoft Active Directory Certificate Services and System Center Configuration Manager Internet Based Client Management.
Implementing CRM 2011 Claims-Based Authentication, ADFS and IFD
Azure RMS Deep Dive.
SPS FPDS-NG Integration: System Administration
Internet Applications
7 Steps to Set Up AT&T on MS Outlook | Customer Support Number
INSTALLING AND SETTING UP APACHE2 IN A LINUX ENVIRONMENT
IIS.
Emmanuel Ormancey - Michel Christaller
06 | Planning Exchange Online and Configuring DNS Records
SharePoint Online Hybrid – Configure Outbound Search
Session disclaimer This is a point of time view
INTERNET APPLICATIONS
Securing web applications Externally
Presentation transcript:

Autodiscover is Hero of Exchange Motherland! Jeff Guillet, MVP | MCSM | CISSP

Why is Autodiscover Important? Autodiscover is more than just a convenience Required for EWS, availability, OOF Required by Mac for Outlook Used by scripts and applications Used by auto-mapping #ITDevConnections

What does it do for me? You have no choice – you might get mail to work, but Availability, OOF, EWS, etc. won’t work without it. Autodiscover provides Outlook with several key pieces of information: Outlook Anywhere also includes SSL requirement and Certificate Principal Name Display Name Server/Outlook Anywhere End Point/RPC CAS Alias Availability Service URL OOF URL AOB URL or Location Unified Messaging URL, if appropriate OWA URL ECP URL Authentication Package Alternate Mailboxes Archive Access Public Folder Access #ITDevConnections

How does it work? Autodiscover is a web service Authenticated client posts web request Autodiscover service returns XML response Response comes from mailbox server and is dynamic, based on client and location Configures Outlook or mobile client Configures URLs for each service based on location #ITDevConnections

Autodiscover Requirements Internally, Exchange publishes an SCP during setup Externally, you need the following to get it working: Enable Outlook Anywhere SSL Certificates Configure URLs for each service Publish URLs in external DNS #ITDevConnections

How do Clients Connect to Autodiscover? Authentication Assumes username + @ + domain portion of the user’s primary SMTP address (SMTP domain) Otherwise uses Outlook's Auto Account Setup or prompts for logon ID Domain password Best practice: Match logon ID to email address Password policy implications Denials of Service #ITDevConnections

Autodiscover 2010 Internal Architecture The XML request contains a reference to a schema as the first part of the opening <Autodiscover> XML tag xmlns=https://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006a xmlns=https://schemas.microsoft.com/exchange/autodiscover/mobilesync/requestschema/2006a #ITDevConnections

Autodiscover 2013 Internal Architecture The XML request contains a reference to a schema as the first part of the opening <Autodiscover> XML tag xmlns=https://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006a xmlns=https://schemas.microsoft.com/exchange/autodiscover/mobilesync/requestschema/2006a #ITDevConnections

Anatomy of an Autodiscover Response Schema (outlook or mobilesync) User Information Account Information Alias Protocols: EXCH, EXPR, EXHTTP, WEB and sometimes mapiHttp Encryption Authentication URLs Alternative Mailboxes Public Folder Information Exchange 2007\2010: EXCH = Internal Outlook provider; EXPR = External Outlook provider Exchange 2013\2016: EXCH = EWS; EXPR = EWS; EXHTTP = Both, Internal then External WEB = URL for Outlook Web Access EXPR = Exchange HTTP protocol for OA (web services) EXHTTP = #ITDevConnections

Outlook Anywhere 2010 Response Exchange Availability Service OOF OAB, and below that is UM #ITDevConnections

Outlook Anywhere 2010 Response 4. Protocol – in this case Outlook Anywhere 5. RPC Proxy server 6. Encryption requirement 7. Type of authentication – mutual means AutoD service uses cert, and user uses password 8. Certificate Principal Name (msstd) – server name (5) must match #ITDevConnections

MAPI over HTTP Response #ITDevConnections

MAPI over HTTP Response #ITDevConnections

How Does Internal Outlook Connect to Autodiscover? Internal Autodiscover (domain-based) Service Connection Point (SCP) AD site-based First server in AD site SSL encrypted, so FQDNs and certs matter! #ITDevConnections

How Does External Outlook Connect to Autodiscover? External Autodiscover (everywhere else) Publish Autodiscover URL in DNS A record CNAME record SRV record SSL encrypted, so FQDNs and certs matter! #ITDevConnections

Outlook Order of Operations SCP lookup HTTPS root domain query HTTPS Autodiscover domain query Local XML file HTTP redirect method SRV record query Cached URL in the Outlook profile (new for Outlook 2010 version 14.0.7140.5001 and later versions) Direct Connect to Office 365 (new for Outlook 2016 version 16.0.6741.2017 and later versions) #ITDevConnections

Mobile Devices Only once (usually) during initial config Different customized response HTTP Error 451 redirect does not use Autodiscover #ITDevConnections

What Makes Outlook Contact Autodiscover? On Outlook startup Periodically on a background thread Default every 1 hour TTL setting (in hours) using Set-OutlookProvider If connection to Exchange server fails (failover or migration) Outlook for Mac requires Autodiscover for normal operation #ITDevConnections

Publishing Autodiscover Internal Publishing SCP Edit with Set-ClientAccessServer -AutoDiscoverServiceInternalUri Best practice is to use the load balanced namespace for all servers External Publishing A records CNAME records SRV records #ITDevConnections

Autodiscover Coexistence Autodiscover URL should always point to latest version 2013 CAS can up-level proxy to 2016 Exchange 2007 coexistence Client  CAS2013/16  MBX2013/16 EX2013/16 delivers Exchange 2007 XML for the correct AD site. Exchange 2010 coexistence Client  CAS2013 (proxy)  CAS2010  MBX2010 Hybrid autodiscover should always point on-prem #ITDevConnections

Autodiscover Testing Exchange Remote Connectivity Analyzer (ExRCA) Microsoft Connectivity Analyzer Outlook Test Email AutoConfiguration #ITDevConnections

Demo Outlook Test Autodiscover, ExRCA, Connectivity tool. Show local logs in C:\Users\Jeff\AppData\Local\Microsoft\Outlook\16

Autodiscover Gotchas Registry or GPO settings cause Autodiscover to misbehave https://support.microsoft.com/en-us/kb/2212902 Ensure autodiscover.domain.com is on your certificate or use a wildcard Set each SCP to the load balanced name on your certificate #ITDevConnections

Set-AutodiscoverSCP Script Prevents Outlook security warnings when building new Exchange servers Copies the SCP to the new AD object Copies all virtual directory URLs to the new server http://bit.ly/autodiscoverscp #ITDevConnections

Autodiscover Tips Beware of bare domain lookups in hosted environments Use Set-AutodiscoverSCP.ps1 for new servers Match UPNs to email addresses Reconfigure automapping Troubleshooting from Outlook (logs) Only use A records, but if you have to use SRV make sure they're consistent Bare domain lookups may be problematic if it has a cert on it. (expired, android). #ITDevConnections

WIN Rate This Session Now! Tell Us What You Thought of This Session Rate with Mobile App: Be Entered to WIN Prizes! Tell Us What You Thought of This Session Select the session from the Agenda or Speakers menus Select the Actions tab Click Rate Session Rate with Website: Register at www.devconnections.com/logintoratesession Go to www.devconnections.com/ratesession Select this session from the list and rate it #ITDevConnections