Accedi
 
HomeLibraryRisorseFormazioneDownloadSupportoCommunityForumBlog
Risorse per professionisti IT >
how to setup Autodiscover for external users in a hosting scenario

Answered how to setup Autodiscover for external users in a hosting scenario

  • martedì 15 maggio 2012 10:41
     
     
    Registrati per votare
    0

    hi guys,

    Could someone pls let me know how can I publish autodiscover service to external users in a hosting exchange scenario? I know autodiscover service require SRV records ...thus need to configure the records in external DNS, but how it will work?? how to configure firewall so that the request can get redirected to CAS.?

    regards..

    Him

    MCTS|MCSE|MCSA:Messaging|CCNA If you found this post helpful, please "Vote as Helpful". If it answered your question, remember to "Mark as Answer".

     

Tutte le risposte

  • martedì 15 maggio 2012 14:06
     
     Con risposta
    Registrati per votare
    0

    This is an example of how to setup your FW/LB. We do our terminate our SSL connections on the FW and pass the http traffic back to that CAS servers.

    VS_HOSTING_2010_HTTP 
    - <Public IP 1> 
    - port 80 
    - redirect to VS_HOSTING_2010_HTTPS 
    - no pool members 

    VS_HOSTING_2010_HTTPS 
    - <Public IP 1> 
    - SSL Cert - Wildcard.contoso.com 
    - port 443 
    - pool Pool_HOSTING_2010_HTTP 
    - need Irule to maintain connections 

    VS_HOSTING_2010_OAB_Redirect 
    - <Public IP 2> 
    - port 80 
    - redirect to VS_HOSTING_2010_OAB 

    VS_HOSTING_2010_OAB 
    - <Public IP 2> 
    - SSL Cert - Wildcard.contoso.com 
    - port 443 
    - pool Pool_HOSTING_2010_OAB 


    Pool_HOSTING_2010_HTTP 
    - port 80 
    - members 
    -- 192.168.1.100 
    -- 192.168.1.101 

    Pool_HOSTING_2010_OAB 
    - port 80 
    - members 
    -- 192.168.1.110 

    We also don't use SRV records, because it requires the customer perform DNS maintenance on with their DNS registrar, which raises support calls. Since we provide packaged Outlook to the customer, we have a process that does the following:

    adds a key to the registry:

    [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Autodiscover]
    "CUSTOMER.COM"="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OutlookAutoDiscover\\CUSTOMER.COM.XML"

    We also create a file

    C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\CUSTOMER.COM.XML 

    that contains the following information:

    <?xml version="1.0" encoding="utf-8"?>
    <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <Account>
    <Action>redirectUrl</Action>
    <RedirectUrl>https://webmail.contoso.com/autodiscover/autodiscover.xml</RedirectUrl>
    </Account>
    </Response>
    </Autodiscover>

    Patrick de Rover

    • Contrassegnato come risposta himanshu.rana mercoledì 16 maggio 2012 16:58
    •  
     
  • mercoledì 16 maggio 2012 16:58
     
     
    Registrati per votare
    0
    I'll test this stuff......looks great!

    MCTS|MCSE|MCSA:Messaging|CCNA If you found this post helpful, please "Vote as Helpful". If it answered your question, remember to "Mark as Answer".

     
  • mercoledì 16 maggio 2012 18:42
     
     
    Registrati per votare
    0
    Let me know if you plan on doing SSL terminate on the FW/LB. There are additional steps that you need to perform on the CAS' besides unchecking 'Allow secure SSL Offloading'. Good luck with your setup.

    Patrick de Rover

     
  • martedì 5 giugno 2012 05:26
     
     
    Registrati per votare
    0

    hello patrick,

    could you please guide me ....which type of certificate would be better for a hosting scenario? I know about SAN cert but don't know whether wildcard certificates will solve the purpose when we'll be having multiple seperate exchange domain names?

    thanks

    MCTS|MCSE|MCSA:Messaging|CCNA

     
  • martedì 5 giugno 2012 12:44
     
     
    Registrati per votare
    0

    The famous response "that all depends";-)

    If you only have a few names to use and cost is a factor, then a SAN is perfectly fine. If you plan on using other services like web or sharepoint sites for customers, then wildcard is a great solution. 

    I like wildcard, because it gives me flexibility and i find it easy to use on production and also labs, with the same name.

    Examples:

    webmail.contoso.com - points to production webmail.

    lab-webmail.contoso.com - points to lab webmail.

    secure.contoso.com - points to a secure site

    If plan on deploying lync 2010, then I suggest reading up on using wildcard certs, it is supported (unlike previous versions) but in limited form.

    Hope this helps:-)

    Patrick de Rover

     
  • giovedì 7 giugno 2012 23:12
     
     
    Registrati per votare
    0

    Wildcard certificates are fine, the only thing you have to be aware of telling the Outlook Provider that you're using a wildcard certificate. This in turn will tell Outlook that a wildcard cert is used for Outlook Anywhere (i.e. msstd:*.contoso.com).

    Thanks
    Jaap