how to setup autodiscover in hosting scenario with different internal and external namespace
-
Thursday, June 21, 2012 5:35 AM
Hello Guys,
I am in a doubt when planning for autodiscover for external users in a hosting scenario and with different internal and external namespace.
My internal domain name is = corp.mydomain.com
External domain name = mydomain.com
I already configured OWA and activesync and they are working fine - my OWA and activesync URLs are as follows-
OWA and Active Sync: webmail.mydomain.com
Now i need to configure autodiscover and my questions are-
1) how to configure autodiscover in this splitted namespace scenario? As the external users will be accessing autodiscover.mydomain.com as a autodiscover service. Can i add autodiscover.mydomain.com as another FQDN in SCP ?
2) another problem is, as we are a hosting company thus in future we'll be having multiple SMTP domains, so practically how the clients will access autodiscover service using their domain's email address?
3) Also i don't want to configure certificates for every SMTP domains, I just want that all clients should get redirected to autodiscover.mydomain.com.
Thanks in advance for your help.
Regards..
San
All Replies
-
Thursday, June 21, 2012 5:50 AM
hi SAN
Lets answer yous question now ...!!!
1) how to configure autodiscover in this splitted namespace scenario? As the external users will be accessing autodiscover.mydomain.com as a autodiscover service. Can i add autodiscover.mydomain.com as another FQDN in SCP ?
you can have separate name for internal and external autodiscover, all will depend on how you are configuring your SRV record as from there only it will point to your IP.
2) another problem is, as we are a hosting company thus in future we'll be having multiple SMTP domains, so practically how the clients will access autodiscover service using their domain's email address?
for each client / tenent domain their SRV will have your mail srvr FQDN (Preffered) or public ip of your mail srvr.
3) Also i don't want to configure certificates for every SMTP domains, I just want that all clients should get redirected to autodiscover.mydomain.com.
Thanks in advance for your help.
ok you have both the options either to go for seperate cert for each tenant or to have one cert ... depends if client agrees, the way to do it is ... when the SRV of client will point to your mail srvr name .. the request will come to your srvr and then becoz it is not redirected to your domain the certificate from your domain will go on client machine and client will get an warning about cert that this domain is trying to configure your account ... and if agreed client will be able to configure his outlook.
HTH, let me know if there are doubts
MARK AS USEFUL/ANSWER IF IT DID
Thanks
Happiness Always
Jatin -
Thursday, June 21, 2012 8:00 AM
Thanks..
What should I enter in "Internal Domain Name" in TMG, when publishing the autodiscover? ....i tried to enter internal name of the CAS and autodiscover.mydomain.com as external Domain Name, but the rule test is failing.
regards..
-
Thursday, June 21, 2012 8:08 AM
ok you didnt mentioned that you publishing it on TMg ...
internal domain name is not required for external clients... in case of TMG you will publish RPC service and it will automatically try to find your autodicover service with https://domainname/autodiscover
if possible post the screen shot of TMG
MARK AS USEFUL/ANSWER IF IT DID
Thanks
Happiness Always
Jatin -
Thursday, June 21, 2012 8:13 AM
Thanks for quick reply..
Is it possible to use RPC, as the external clients are not domain members, they'll use their email address to locate autodiscover service.
- Edited by sanhogg Thursday, June 21, 2012 8:13 AM
-
Thursday, June 21, 2012 8:15 AMyes ... your RPC publishing on TMg will have autodiscover which will manage your client outlook connections ...
MARK AS USEFUL/ANSWER IF IT DID
Thanks
Happiness Always
Jatin -
Friday, June 22, 2012 5:35 AM
I fixed the issue by publishing the autodiscover and fixing the SCP and other web services URLs to match the names in the certificates. Then I created a host record in public DNS for autodiscover pointing to listner IP in TMG.
Everything seems fine now.....but when clients are connecting using outlook, they need to pass their credentials in a basic authentication POP UP box.....which is obvious as i have split namespace. My question is that, is there any such configuration that they don't get this Basic authentication POP UP box, because from the point of end user, they are feeding credentials two times. Please see the screenshot below-
This is where user put his email address and password and normally in a domain environment after entering creds here user directly gets into his inbox. But situation is different here, users are external users on a non domain machine and internal domain name is subdomain of "mydomain.com"., thats why they are getting another prompt for creds.
Can you help me in this ?
Thanks..
-
Friday, June 22, 2012 5:47 AM
hi san ...
see for the first time this will happen .. the way it works is .. it first check your authentication and connects to the server .. so when you configure the account you fill as that time outlook is not sure weather you are from same domain or not or about the certificate but once the connection is made it gets a different cert and the domain info which is different .. so the credentials is again asked .. which is normal .. butu after initial setup it will not be the same .. only when starting the outlook it will ask for password that too is the password store option is not checked
MARK AS USEFUL/ANSWER IF IT DID
Thanks
Happiness Always
Jatin- Marked As Answer by sanhogg Friday, June 22, 2012 6:43 AM
-
Friday, June 22, 2012 5:56 AM
Great!....so i am going gud. One more question-
I have setup basic authentication on autodiscover publishing rule in TMG and also enabled basic authentication on virtual directories in CAS. Although my rule in TMG is configured to accept HTTPS traffic and then communicate with CAS over HTTPS. So I guess setting up basic authentication is not a security risk here?
Thanks for ur help!- Edited by sanhogg Friday, June 22, 2012 5:56 AM
-
Friday, June 22, 2012 6:05 AMdont worry u r doing great ... let me know if there is other thing .. and dont forget to mark the answers as helpfull / answered if it helped solving ur questions
MARK AS USEFUL/ANSWER IF IT DID
Thanks
Happiness Always
Jatin -
Friday, June 22, 2012 6:12 AM
Appreciated your help! Thanks,
well now i don't have any questions for now, but as i am progressing with my setup.....if there'll be any doubts.....i'll screem for ur help :)
thanks and regards..
SAN
-
Friday, June 22, 2012 6:37 AMno worries any time .. mark this answered and close the thread...!!!
MARK AS USEFUL/ANSWER IF IT DID
Thanks
Happiness Always
Jatin -
Sunday, June 24, 2012 3:34 PM
hi jatin,
can you please guide me how to setup autodiscover for multiple smtp domains? What would be best practice from a hosting point of view?
regards..
San
-
Sunday, June 24, 2012 3:55 PM
Dear San,
i would suggest please check the below tool if you are new to this .. and fix the current issue... for any questions for your understanding point of view do get back here.. we would be happy to help you...
This below tool can setup your whole environment for SP1 in hosting mode including autodicover also ...
http://www.yusufozturk.info/exchange-server/hosted-exchange-2010-sp1-configuration-tool.html
MARK AS USEFUL/ANSWER IF IT DID
Thanks
Happiness Always
Jatin -
Tuesday, June 26, 2012 6:58 AM
Thanks Jatin,
but that didn't solved my purpose.
If you have exchange hosting experience, can you please suggest me one of the method in the article which would be ideal to configure autodisover for multiple smtp domains.
http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx#Scenario4HowTo
Do you know what method other hosters uses, like Microsoft?
Thanks..
san
-
Tuesday, June 26, 2012 7:42 AM
ok the way it works in my case is ... i have external and internal url set on my CAS ...and for the same autodiscover directory is configured... you can folllow the link who you gave .. i dont use the redirect thing becoz it didnt worked out well in my case so .. i have https://domainname.com/autodiscover or may be https://autodiscover.domainname.com
now once this is done .. i have publishing on TMg ... which we already discussed above .. at last when setting for client you dont have to do any thing .. make sure you not chanign any thing .. the way it will work is ... client domain has to do a srv entry for autodiscover service on their domain registrar web site ... which will point to the mail name of your service .. please see the screen shot below for one of my client domain ..
so the bottom line is ... all client will have their autodiscover redirected to your mail service url .. and when the request will come on your server its already changed to your server name frmo the client dns registrar web site so now autodiscover will be used for your domain .. your client outlook will get an warning that some other domain (parent domain of provider) is trying to config your outlook.
and i guess as far as i read and did my research .. ppl doing this way only.
MARK AS USEFUL/ANSWER IF IT DID
Thanks
Happiness Always
Jatin -
Tuesday, June 26, 2012 11:28 AM
thanks,
thats what i want to do, and i did the same thing, but instead of warninig clients are receiving certificate error - Is this because i am using a different smtp domain (not a child)?
when I click yes.....it ask to continue without SSL ....and then it fails.
What i am doing.....is ...I created a host record name autodiscover.mydomain.com in public dns (it works well for mydomain.com users), for another smtp domain i created a CNAME record for autodiscover which maps to autodiscover.mydomain.com.....and i can see that redirection is happening properly, but users getting the above error.
I want to know what wrong i am doing?
-
Tuesday, June 26, 2012 11:55 AM
i am not sure about what CNAMe has to do here.. infact for proper working no CNAME is to be used.. secondly client domain needs to have its own SRV record.. so look for SRV field in domain registrar web site and make a SRV entry as shown ... above
MARK AS USEFUL/ANSWER IF IT DID
Thanks
Happiness Always
Jatin
- Edited by 'Jatin' Wednesday, June 27, 2012 4:58 AM
-
Friday, June 29, 2012 4:58 AM
hi jatin,
sorry for late reply.........i was busy in other stuff.......well.....i am configuring CAS ARRAY with a linux load balancer ....then i'll check the autodiscover thing.
will come back soon.
thanks
san
-
Tuesday, July 03, 2012 11:27 AM
Hi Jatin,
I have a question for you, as in this hosting scenario users will be using exchange, lync and sharepoint as a service, so these external users will be having accounts in Active directory.....right?
regards..
San
-
Tuesday, July 03, 2012 2:27 PMcorrect .. for authentication .. but i wld end with some more complex questions here.. anyways let me knw if i can help
MARK AS USEFUL/ANSWER IF IT DID
Thanks
Happiness Always
Jatin
.png)
