none
Disabling autodiscovery

    Question

  • When will we be able to disable autodiscovery in Outlook 2007? This morning I got a delightful scare from Outlook informing me of an SSL certificate name mismatch. Long story short, our local DNS crapped out and it went looking out on the internet for the autodiscover sub-domain. Having never been configured with our registrar, it defaulted to our host IP leading to aforementioned confusion.

    While I'm sure the fine developers in Redmond will pass this off as a mere nuisance, I would point out that a clever man might hijack the domain, as was done to Comcast recently by a bunch of bored teenagers, setup a redirect on the autodiscover sub-domain, and reconfigure Outlook clients to his whim. Seeing as this service is only useful if you're running Exchange 2007, those of us who don't would like a way to patch this security hole.
    Wednesday, July 09, 2008 2:20 PM

Answers

  • Hi,

     

    What account did the user use in outlook, Exchange account or pop3,etc?

    Autodiscovery is used in Exchange, but I cannot confirm whether it would be used for other application.

     

    The Autodiscovery feature is installed on a Exchange Server 2007 with the Client Access Server role installed. So it is impossible to disable it on Outlook.

     

    Please understand that the Autodiscovery service provides the following information to the Outlook client:

     

    The Autodiscover service uses a user's e-mail address or domain account to automatically configure the user's profile. By using the e-mail address or domain account, the Autodiscover service provides the following information to the client computer that is running Outlook 2007:

    ·         The user’s display name.

    ·         Separate connection settings for internal and external connectivity.

    ·         The location of the user’s Exchange 2007 server that has the Mailbox server role installed.

    ·         The URLs for Exchange features such as free/busy information, UM, and the OAB.

    ·         Outlook Anywhere server settings. Outlook Anywhere was formerly known as RPC over HTTP.

     More information share with you:

    White Paper: Exchange 2007 Autodiscover Service

    http://technet.microsoft.com/en-us/library/bb332063.aspx

     

    Hope it helps.

    Xiu

    Friday, July 11, 2008 7:08 AM

All replies

  • Hi,

     

    What account did the user use in outlook, Exchange account or pop3,etc?

    Autodiscovery is used in Exchange, but I cannot confirm whether it would be used for other application.

     

    The Autodiscovery feature is installed on a Exchange Server 2007 with the Client Access Server role installed. So it is impossible to disable it on Outlook.

     

    Please understand that the Autodiscovery service provides the following information to the Outlook client:

     

    The Autodiscover service uses a user's e-mail address or domain account to automatically configure the user's profile. By using the e-mail address or domain account, the Autodiscover service provides the following information to the client computer that is running Outlook 2007:

    ·         The user’s display name.

    ·         Separate connection settings for internal and external connectivity.

    ·         The location of the user’s Exchange 2007 server that has the Mailbox server role installed.

    ·         The URLs for Exchange features such as free/busy information, UM, and the OAB.

    ·         Outlook Anywhere server settings. Outlook Anywhere was formerly known as RPC over HTTP.

     More information share with you:

    White Paper: Exchange 2007 Autodiscover Service

    http://technet.microsoft.com/en-us/library/bb332063.aspx

     

    Hope it helps.

    Xiu

    Friday, July 11, 2008 7:08 AM
  • Yes, the account is configured for Exchange. No, it is not impossible to disable in Outlook 2007 as it is Outlook that initiates the Autodsicovery process as evidenced by the fact that it still happens despite the absence of an Exchange 2007 server. What you meant to say was "there's no Microsoft-supported way to disable Autodsicovery in Outlook" and I want to know when, if ever, that will change.
    Friday, July 11, 2008 1:06 PM
  • Hi,
     
    It is not possible to disable it.
     
    And I found no workaround to disable it.
     
    Best regards,
    Xiu
    Monday, July 14, 2008 9:20 AM
  • I realize this may be an old thread and mute point, but will say I believe there is confusion between the autodiscovery and availability service here. Autodiscovery can be disabled on the server side, which would make it unavailable to Outlook 2007 clients. That would have the desired effect...

    Wednesday, September 10, 2008 2:17 PM
  • Is there a way to disable autodiscovery on an Exchange 2003 server? as we are having the same problem and only have Exchange 2003 server in the domain, we do not, have not, and probably will not have Exchange 2007 within the domain anytime soon.

    Thursday, October 02, 2008 6:15 PM
  • Is there a way to disable autodiscovery on an Exchange 2003 server? as we are having the same problem and only have Exchange 2003 server in the domain, we do not, have not, and probably will not have Exchange 2007 within the domain anytime soon.


    There is no AutoDiscover service in Exchange 2003.  But Outlook 2007 and 2010 clients will still look for it.  This means if you have a autodiscover.domain.com record in your environment it should go away if not pointed to a valid Exchange 2007/10 server.
    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Tuesday, March 16, 2010 4:59 PM
  • I realize this may be an old thread and mute point, but will say I believe there is confusion between the autodiscovery and availability service here. Autodiscovery can be disabled on the server side, which would make it unavailable to Outlook 2007 clients. That would have the desired effect...


    I am not aware of a way to "disable" AutoDiscover on the server.
    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Tuesday, March 16, 2010 5:00 PM
  • One option to "disable" Outlook from using AutoDiscover would be to set the URLs to invalid values, like this:

    Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://badsetting.fake/Autodiscover/Autodiscover.xml


    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    • Proposed as answer by bytebull Sunday, May 02, 2010 4:59 PM
    Tuesday, March 16, 2010 5:01 PM
  • I am researching the same problem.  Where do you put this bogus URL value? I have a Windows 7 client using Outlook 2007 and it is a member of a 2008 SBS domain.  The domain is domain1.com.  External website and POP/SMTP mail is domain2.com.  When the SBS server was set up, Exchange was disabled.  However, anticipating that it might be used in the future, domain2.com was added as the Exchange server reference.  On this workstation I have an email account that accesses a Hosted Exchange account at mcfarlen.com.  Anytime Outlook is opened, it connects to the mcfarlen.com account, syncs my mail and everything is good.  However, shortly thereafter a login box pops up asking for credentials to access remote.pakislaw.com.  All I want to do is disable the redundant prompts.  Thank you in advance for any suggestions.
    Tuesday, April 20, 2010 6:09 PM
  • I am researching the same problem.  Where do you put this bogus URL value? I have a Windows 7 client using Outlook 2007 and it is a member of a 2008 SBS domain.  The domain is domain1.com.  External website and POP/SMTP mail is domain2.com.  When the SBS server was set up, Exchange was disabled.  However, anticipating that it might be used in the future, domain2.com was added as the Exchange server reference.  On this workstation I have an email account that accesses a Hosted Exchange account at mcfarlen.com.  Anytime Outlook is opened, it connects to the mcfarlen.com account, syncs my mail and everything is good.  However, shortly thereafter a login box pops up asking for credentials to access remote.pakislaw.com.  All I want to do is disable the redundant prompts.  Thank you in advance for any suggestions.


    Outlook should only attempt to use autodiscover when setup with an Exchange profile.  If you connect Outlook to your pop/smtp internet service the autodiscover should not interfere.

    to answer your question of "where" do you set this: in the exchange management shell.  just type what i put above.

    also, I would recommend removing the exchange configuration unless you plan to use it.  If you change your mind later, just put in the values then.

    BTW, I WOULD use exchange now.  you can have exchange download your pop mail on user's behalf via the built-in pop3 connector (in sbs). 


    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Check out the new virtualization exams!

    Sunday, May 02, 2010 10:45 PM
  • Thanks for responding.  A colleague of mine had suggested turning off some settings in the SBS 2008 server that had to do with remote access and access to OWA.  One of those toggles specifically pointed to remote.domain2.com.  Once disabled and the server rebooted, the redundant login prompts from Outlook 2007 disappeared.  The fact that my SBS server had Exchange in place, but disabled, did not prevent the autodiscover from trying to access this reference on the server.  That no longer occurs, which is exactly what I wished to achieve.  I have since brought up my Outlook clients with the Host Exchange provider and no spurious login prompts are being received.  Thanks again.
    Tuesday, May 04, 2010 12:55 PM
  • Hi gmcfarlen!

    I have the same problem here with one of our costumer. There is a SBS2008 and we had to activate the Exchange Server for the "Status E-Mails"-The users use Outlook with an external Exchange Provider (everthing is still fine) but they get "every minute" this second login promt ....and I don´t know how to disable the (second local Exchange) login prompts for Outlook.

    So please please: Can you tell me which settings/toggles you have turned off?

     

    Wednesday, June 09, 2010 10:04 PM
  • Hi gmcfarlen!

    I have the same problem here with one of our costumer. There is a SBS2008 and we had to activate the Exchange Server for the "Status E-Mails"-The users use Outlook with an external Exchange Provider (everthing is still fine) but they get "every minute" this second login promt ....and I don´t know how to disable the (second local Exchange) login prompts for Outlook.

    So please please: Can you tell me which settings/toggles you have turned off?

     


    See my comments above.  the wizard in SBS to change the internet domain name might include this step, but directly you can "break" (disable) autodiscover via this command:

    Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://badsetting.fake/Autodiscover/Autodiscover.xml



    Mike Crowley
    Check out My Blog!

    Wednesday, June 09, 2010 10:19 PM
  • What about using registry keys to turn off autodiscover or point it to a local xml file:

    http://support.microsoft.com/kb/927481

    http://blogs.technet.com/b/ilvancri/archive/2010/02/03/some-autodiscover-fun.aspx

     

    Thursday, June 10, 2010 7:08 PM
  • http://support.microsoft.com/kb/956955


    Waardenaam: ExcludeHttpsAutodiscoverDomain
    Waardetype: DWORD
    Waardegegevens: 1

    Monday, June 21, 2010 9:04 AM
  • This might be an interesting solution to try.  Where in the registry tree should this be entered?
    Thursday, June 24, 2010 5:01 PM
  • Sorry, for taking this long to respond.   The following changes helped eliminated the redundant prompts for me;

    I opened the Group Policy Management window on the server and drilled down under Domains and my domain to the entry Windows SBS User Policy.  Under that item is a listing Windows Small Business Server Group Policy Client Side Extensions.  I right-clicked that entry and selected "Edit".  This opened a Group Policy Management Editor window and I selected User Configuration >  Policies > Windows Settings > Internet Explorer Maintenance > URLs.  In the associated right pane is an item titled "Favorites and Links".  In my case there were several entries named "Check E-mail", "Remote Web Workspace" and "Internal Web site".  Each of these had a definition assigned to them that did not exist.  I removed all three of these entries and saved my changes.  I restarted the server and my redundant Outlook prompts at the workstations ceased.

    Thursday, June 24, 2010 5:36 PM
  • Since upgrading to Outlook 2010 we also receive the SSL mismatch messages on starting Outlook.
    I have added an entry to the hosts file pointing to localhost for the autodiscovery url.
    This also prevents the message from re-occuring.

    Hope this helps someone.

    Monday, December 13, 2010 11:37 AM
  • Thanks Mike for posting this. I have googled quite a lot for this problem, and it seems that most problems users encounter regarding Outlook asking for a password are related to certificate issues, which was not my case.

    Still, my problem is solved with this URL faking trick and users are back to happiness !

    R.

    Sunday, February 20, 2011 8:56 AM
  • oops

    • Edited by tarzan_nojane Thursday, June 16, 2011 1:48 AM wrong link
    Thursday, June 16, 2011 1:44 AM
  • to answer your question of "where" do you set this: in the exchange management shell.  just type what i put above.


     

    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Check out the new virtualization exams!

     

    A bit of a novice here, sorry, but "just type" in the exchange management shell is a bit vague to me

    Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://badsetting.fake/Autodiscover/Autodiscover.xml

    MMC > Exchange System Manager > ???

    Thanks

    Joe 


    SBS 2003 sp2 / Exchange 6.5.7638.1


    Thursday, June 16, 2011 1:48 AM
  • Your signature states "sbs 2003".  Is this what you are using?  There is no autodiscover service in Exchange 2003.  I said this above (see Tuesday, March 16, 2010).

    Mike Crowley | MVP
    My Blog -- Planet Technologies


    Thursday, June 16, 2011 2:14 AM
  • Since upgrading to Outlook 2010 we also receive the SSL mismatch messages on starting Outlook.
    I have added an entry to the hosts file pointing to localhost for the autodiscovery url.
    This also prevents the message from re-occuring.

    Hope this helps someone.

    Thank you very much! I had a similar situation. I have a 2003 Exchange server with an Outlook 2007 client. Somehow Outlook was popping up an autodiscover SSL warning. I could not see how or why anywhere, so I simply added the autodiscover URL to the hosts file and the prompt went away! 
    Friday, August 26, 2011 1:37 PM
  • None of the above solutions worked.  I appreciate the thought that each person put into their replies, but the bottom line is, nothing in this entire post works.  I really wish I could have manual control of Google's search engine and put this article at about item 9999, because that's how useful it is.  One day search will be useful.  Until then, please people, if you don't actually have a solution, don't post your useless thoughts.  It just slows everyone down.  Sorry, but this is reality.  Again, thanks for the effort.
    Thursday, September 22, 2011 2:45 AM
  • None of the above solutions worked.  I appreciate the thought that each person put into their replies, but the bottom line is, nothing in this entire post works.  I really wish I could have manual control of Google's search engine and put this article at about item 9999, because that's how useful it is.  One day search will be useful.  Until then, please people, if you don't actually have a solution, don't post your useless thoughts.  It just slows everyone down.  Sorry, but this is reality.  Again, thanks for the effort.


    You mean none of it worked for you.  Entering Mike's command in the EMS worked great for my clients.

    So, instead of trashing their replies, why don't you provide some meaningful details of your environment and maybe someone can help you.

    Is this an SBS install? What version of Exchange? What version of Outlook?

    And before you post this kind of reply again, perhaps you should take your own advice and don't post a message with your useless thoughts. As you say it just slows everyone down.

    Wednesday, October 26, 2011 2:52 PM
  • I echo your sentiments about the comments of Terrawide.  He is obviously frustrated. Did he join this discussion to just gripe?  I do not see another entry under his identifier that gives any particulars to his situation.  Why complain if you haven't supplied any details to your own environment?   The solution that I described worked in my environment, but may not work in others.  The nature of the forum is to assist each other find possible solutions.  It is not a guarantee of solution.  If Terrawide does not find anything of help in a post, nothing is gained by disparaging the contributors.  If he wants real help, furnish as much detail as possible so the subscribers can help find a solution together.  His decision to criticize the participants, confirms he does not command respect or deserve help. 
    Wednesday, October 26, 2011 3:10 PM
  • There sure are a lot of goofs on the board who have plenty of cerrtifications but no real world experience.  SSL error.  Outllook in not trying to "Autodiscover", it's just reporting an error with the certificate.  The only real way to fix this is to fix your certificate, or fool the certificate (which doesn't seem to work).  God, I'm a newbie.  Heaven help the corporate world if I can figure this out and these guys can't.  When they prepared their SSL the did not specify autodiscover site.  If you let Exchange 2010 prepare the certificate and leave the default "autodiscover.yourdomain.com" as the Autodiscover site, it will work correctly but if you get a certificate for your domain and just apply it or use a wild card, it reports an error.  
    Friday, February 03, 2012 7:12 AM
  • Thanks for contributing nothing to solving this problem.
    Friday, February 03, 2012 7:13 AM
  • Version number are not going to solve this problem.  He's gripping about ... If you don't understand the problem or don't have a solution, move on and stop wasting people time.  I'm sorry but I read these posts and most of the are saying "Outlook doesn't have autodiscover".  They don't understand and it really seems like they are talking down to the frustrated user when in reality, they are not trying to understand the problem.  From what I have read it is a very, very, very common problem and it is very frustrating to read posts from people who think they know it all but apparently can't even read english.  BTW  there are four posts above that with version numbers and it didn't seem to help them.  If you don't understand the problem .  Move on.
    Friday, February 03, 2012 7:19 AM
  • So what was the final conclusion?
    Thursday, June 07, 2012 4:49 PM
  • Hi Everyone,

    I'm new to this site as well as supporting email related issues at work

    I'm in a similar situation.  Our email system is hosting email addresses of several different domains for different projects.  We are on Exchange 2007 and use Outlook 2010.  A user is getting Security Alert about "DomainName.Org" and "The name of the security certificate is invalid or does not match the name of the site."

    He would click Yes and have no problems accessing.  But it annoys him as this comes up regularly.

    Can someone post an example of what to enter in the Host file to prevent this message from appearing?

    Thank you very much,

    ~C

    Saturday, August 04, 2012 7:20 PM
  • You can make a hosts file on the client computer.

    make a new entry using notepad...

    127.0.0.1 autodiscover.yourdomain.com

    when your outlook client try to validate your domain it looks locally and will not popup 

    Regards Peter

    Tuesday, August 21, 2012 7:16 PM
  • Thank you Ngregorius,

    In this example, do you just use the internal IP of your exchange server?

    We have our own exchange server and have about 20 employees. I have been digging through all of these threads to see if anyone is having the same issues that I am and has a similar environment. Many folks are close, but too different to compare. We are running Exchange 2003 (Version 6.5.7638.1) which I KNOW DOES NOT HAVE AUTODISCOVER!!! None-the-less, we keep getting this auto-discover error on our Outlook 2010 clients that says 'The name on the security certificate is invalid or does not match the name of this site.' When i check out the certificate, it goes to some web-hosting company in India. When i ping my autodiscover URL i get no response. I also tried pasting my autodiscover URL autodiscover.mycompanydomain.net in Internet Explorer and it redirected me to someone elses web page. The random certificate that we are currently worried about is for *.myhsphere.biz. We are a little worried that we are vulnerable to a 'middle man' attack. Why does this error even show up if we are using Exchange 2003?!? Are we being baited by someone else's mail server? Thoughts anyone?

    Wednesday, August 22, 2012 10:42 PM
  • Just copy as is using 127.0.0.1 just as ngregorious has shown, it works :)
    Wednesday, October 10, 2012 3:53 PM
  • May want to try removing your _autodiscover records from your DNS zone files. If Windows Active Directory, then look under _tcp under your primary internal domain, and if external, work with your domain name host to remove the autodiscover records. Check out http://www.thirdtier.net/2009/02/setting-up-an-external-autodiscover-record-for-sbs-2008/ and http://support.microsoft.com/kb/940881 for hints on what you'll need to clear out of your DNS, or why your Outlook client is grabbing the certificate of your Web host.

    Steven Banks [SBS MVP] Banks Consulting Northwest Inc. http://www.banksnw.com Third Tier | Support for IT Professionals http://www.thirdtier.net Puget Sound Small Business Server User Group http://www.pssbs.org

    Wednesday, December 05, 2012 5:53 PM
    • Proposed as answer by Clay Johanson Saturday, August 31, 2013 7:50 PM
    Tuesday, August 20, 2013 3:32 PM
  • i guess what you are looking is this  http://tipst3r.wordpress.com/tag/turn-off-autodiscover-for-outlook/
    Bingo. This is simple and it works.
    Saturday, August 31, 2013 7:51 PM