Exchange Server 2010 SP1 Beta Hosting Deployment... Part #9 - Autodiscover

How should I really start this post? Conceptually, the way Outlook uses Autodiscover in Exchange 2010 SP1 beta hosting deployment hasn't changed compared to HMC. I blogged how Autodiscover work in HMC back in early 2009. It is here for those who are interested, HMC 4.5 and Exchange 2007 SP1 - Part #5 - Autodiscover in the Multi-tenancy environment (http://blogs.technet.com/b/provtest/archive/2009/01/01/hmc-4-5-and-exchange-2007-sp1-part-5-autodiscover-in-the-multi-tenancy-environment.aspx)

So, what has changed? Really not much at all. So, I am going to keep it short and I will just provide a summary of how Autodiscover work in a Hosted Exchange environment.

 Outlook 2007 or Outlook 2010 will attempt to locate and connect to an Autodiscover service based on the e-mail domain of the user. For example, for the user johnc@alpineskihouse.com, Outlook 2007/2010 will automatically try to connect to the following URLs in this sequence,

It looks like the following, actually,

As you can see above, the first two will fail. The 3rd one is a HTTP instead of HTTPS and each of the tenant needs to configure in their domain an Autodiscover entry and point it to the AutodiscoverRedirection web site you created as per the Hosting Deployment (this could be an A record or CNAME record. Of course, if it is an A record, it will need the IP address). The AutodiscoverRedirection site will then redirect it to your actual Autodiscover HTTPS site. And the rest, you know it is where the Outlook Provider will query the Service Discovery and etc. etc. You can take a look at here if you need more information (http://msexchangeteam.com/archive/2008/09/26/449908.aspx).

Why do we need to do all these DNS pointing, HTTP redirection and etc. etc.? Well, it is needed because Autodiscover happens in HTTPS or SSL and to ease the configuration, Outlook automatically pick up from the email address as the domain and attempt to connect through SSL using the user's email domain. As a hoster, you may host many many domains and it is impossible for you to host all the certificates for all the domain you are hosting and hence the need to redirect them appropriately so that we do not have issues like certificate not matching to name error.

Now, I also took the Exchange 2007 SDK, one of their Autodiscover code and enhance it a little bit and compile it to help my own testing when I need to. I also attaching here it here. As you can see, this tool actually sort of walk through the Autodiscover process and that you can see what's wrong with it. You don't need to have Outlook in order to see if your Autodiscover is working and you can use it in lab or to test forest to forest autodiscover scenario (not in hosting, of course). You can also specify the specific autodiscover url and etc. if you need to.

C:\Tools>AutodiscoverTest.exe -email:administrator@provtest.com -username:administrator@provtest.com

Autodiscover Testing Utility:

AutodiscoverTest.exe -email:<emailaddress> [-allowselfsigned:{true|false}] [-username:<username>] [-password:<password>] [-url:<autdiscover url>]

where:

  emailAddress - smtp address to autodiscover
true|false - allow self signed certificates, default - false
username - user name for https: requests authentication, eg. <domain\user> or UPN
password - user password for https: requestsauthentication
url - specify a specific url for autodiscover test

 If username/password/domain are not specified, default credentials are used.

----------------------------

Password not defined!
Please enter your password: **********

..starting Autodiscover test for 'administrator@provtest.com'
..using the specified credentials for HTTPS
..username:
administrator@provtest.com
..domain:

..verifying E-mail address.

..starting SCP Lookup for domainName=provtest.com
..info: SCP Lookup failed and skipped.
..message source: System.DirectoryServices
..message: The specified domain either does not exist or could not be contacted.

..trying 'administrator@provtest.com' at 'https://provtest.com/autodiscover/autodiscover.xml'..info: failed and skipped.
..message: The remote name could not be resolved: 'provtest.com' status code: NameResolutionFailure

..trying 'administrator@provtest.com' at 'https://autodiscover.provtest.com/autodiscover/autodiscover.xml'..info: failed and skipped.
..message: The underlying connection was closed: An unexpected error occurred on a send. status code: SendFailure

..trying GET redirect URL on non-SSL URL 'http://autodiscover.provtest.com/autodiscover/autodiscover.xml'..redirection found:
https://autodiscover.consolidatedmessenger.com/autodiscover /autodiscover.xml
..trying
'administrator@provtest.com' at 'https://autodiscover.consolidatedmessenger.com/autodiscover/autodiscover.xml'

User/DisplayName=Administrator
User/LegacyDN=/o=ConsolidatedMessenger/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Administratorb811ff42
User/DeploymentId=d1a11f8e-4824-470e-b675-8638878c49e2
Account/AccountType=email
Account/Action=settings
Account/Protocol/Type=EXCH
Account/Protocol/ASUrl=https://casht01.fabrikam.com/EWS/Exchange.asmx
Account/Protocol/DirectoryPort=0
Account/Protocol/MdbDN=/o=ConsolidatedMessenger/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=CASHT01/cn=Microsoft Private MDB
Account/Protocol/OABUrl=http://casht01.fabrikam.com/OAB/4a39620e-a49b-4d40-a083-c199de40cbad/
Account/Protocol/OOFUrl=https://casht01.fabrikam.com/EWS/Exchange.asmx
Account/Protocol/Port=0
Account/Protocol/ReferralPort=0
Account/Protocol/Server=CASHT01.fabrikam.com
Account/Protocol/ServerDN=/o=ConsolidatedMessenger/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=CASHT01
Account/Protocol/ServerVersion=738180A0
Account/Protocol/UMUrl=https://casht01.fabrikam.com/EWS/UM2007Legacy.asmx
Account/Protocol/AD=AD01.fabrikam.com
Account/Protocol/EwsUrl=https://casht01.fabrikam.com/EWS/Exchange.asmx
Account/Protocol/EcpUrl=https://casht01.fabrikam.com/ecp/
Account/Protocol/EcpUrl-um=?p=customize/voicemail.aspx&exsvurl=1
Account/Protocol/EcpUrl-aggr=?p=personalsettings/EmailSubscriptions.slab&exsvurl=1
Account/Protocol/EcpUrl-mt=PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>
Account/Protocol/EcpUrl-ret=?p=organize/retentionpolicytags.slab&exsvurl=1
Account/Protocol/EcpUrl-sms=?p=sms/textmessaging.slab&exsvurl=1

Account/Protocol/Type=EXPR
Account/Protocol/ASUrl=https://mail.consolidatedmessenger.com/EWS/Exchange.asmx
Account/Protocol/AuthPackage=Basic
Account/Protocol/DirectoryPort=0
Account/Protocol/OABUrl=https://mail.consolidatedmessenger.com/OAB/4a39620e-a49b-4d40-a083-c199de40cbad/
Account/Protocol/OOFUrl=https://mail.consolidatedmessenger.com/EWS/Exchange.asmx

Account/Protocol/Port=0
Account/Protocol/ReferralPort=0
Account/Protocol/Server=mail.consolidatedmessenger.com
Account/Protocol/SSL=On
Account/Protocol/UMUrl=https://mail.consolidatedmessenger.com/EWS/UM2007Legacy.asmx
Account/Protocol/EwsUrl=https://mail.consolidatedmessenger.com/EWS/Exchange.asmx

Account/Protocol/EcpUrl=https://mail.consolidatedmessenger.com/ecp/
Account/Protocol/EcpUrl-um=?p=customize/voicemail.aspx&exsvurl=1
Account/Protocol/EcpUrl-aggr=?p=personalsettings/EmailSubscriptions.slab&exsvurl=1
Account/Protocol/EcpUrl-mt=PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>
Account/Protocol/EcpUrl-ret=?p=organize/retentionpolicytags.slab&exsvurl=1
Account/Protocol/EcpUrl-sms=?p=sms/textmessaging.slab&exsvurl=1

Account/Protocol/Type=WEB
Account/Protocol/DirectoryPort=0
Account/Protocol/Port=0
Account/Protocol/ReferralPort=0
Account/Protocol/Internal/OWAUrl[@AuthenticationMethod="Basic, Fba"]=https://casht01.fabrikam.com/owa/
Account/Protocol/Internal/Protocol/Type=EXCH
Account/Protocol/Internal/Protocol/ASUrl=https://casht01.fabrikam.com/EWS/Exchange.asmx

So, that's it for today, folks. Hope you find this helpful.

 Read More...

http://blogs.technet.com/b/provtest/archive/tags/exchange+2010+sp1+hosting/

AutodiscoverTest.zip