none
Urgent: Disable Autodiscover on Exchange 2010 SP2?

    Question

  • In short I need to be able to disable Autodiscover on my Exchange 2010 servers and their Outlook 2007/2010 clients.

    This is going to be hard to explain, but here goes. Our university has a gateway/alias system, where everyone has an email alias that can be pointed to a "real" address. For example, let's say the university aliases are like this:
    alias@univ.edu
    Each department/group that has their own Exchange system, uses real address like this:
    username@dept.univ.edu

    While no one had a server that used the autodiscover.univ.edu hosthame, everything was OK. The university's central computing group decided to provide Exchange services and set up a server that uses autodiscover.univ.edu. Now all my users that are using computers not joined to the domain (laptops, etc.) get popups from their autodiscover server(s) constantly and I can find no way to stop it. The checkbox that says to ignore autodiscover.univ.edu does nothing.

    It seems that a possible solution would be to disable autodiscover off on my Exchange 2010 servers, hoping that the Outlook clients (2010 and 2007) will stop using autodiscover entirely.

    Maybe there is a way to tell Outlook to stop using autodiscover entirely, but it sure isn't obvious to me.

    I have a bunch of very annoyed users and really need to put a stop to this nonsense. The popups happen every 5 minutes all day long and stop you from using Outlook until you dismiss it.

    Suggestions?


    SnoBoy





    • Edited by SnoBoy Monday, March 19, 2012 3:35 PM
    Sunday, March 18, 2012 6:01 PM

Answers

  • I tried revamping an old work-around by adding an XML file for the univ.edu domain that points to my server, along with a registry addition to point to that file that seems to be doing the trick.

    XML File:

    <?xml version="1.0" encoding="utf-8"?>
    <Autodiscover xmlns="<Response">http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"><Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <Account>
    <Action>redirectUrl</Action>
    <RedirectUrl>https://cas_server.dept.univ.edu/autodiscover/autodiscover.xml</RedirectUrl>
    </Account>
    </Response></Autodiscover>

    Registry hack for 2007 and 2010:

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
    "univ.edu"="C:\\Program Files\\Microsoft Office\\Office12\\OutlookAutoDiscover\\univ.edu.xml"

    [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover]
    "univ.edu"="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OutlookAutoDiscover\\univ.edu.xml"


    SnoBoy


    • Edited by SnoBoy Monday, March 19, 2012 6:53 PM
    • Marked as answer by SnoBoy Monday, March 19, 2012 6:53 PM
    Monday, March 19, 2012 6:51 PM

All replies

  • Instead of "disabling" autodiscover, you could prevent domain-joined computers from finding it.  In the past, I've accomplished this by something like this:

    Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://badsetting.fake/Autodiscover/Autodiscover.xml
    

    see the related discussion here: http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/2ccb0f7e-971b-4c71-88a4-360e94e275bb



    Mike Crowley | MVP
    My Blog -- Planet Technologies

    Monday, March 19, 2012 6:46 PM
    Moderator
  • I tried revamping an old work-around by adding an XML file for the univ.edu domain that points to my server, along with a registry addition to point to that file that seems to be doing the trick.

    XML File:

    <?xml version="1.0" encoding="utf-8"?>
    <Autodiscover xmlns="<Response">http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"><Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <Account>
    <Action>redirectUrl</Action>
    <RedirectUrl>https://cas_server.dept.univ.edu/autodiscover/autodiscover.xml</RedirectUrl>
    </Account>
    </Response></Autodiscover>

    Registry hack for 2007 and 2010:

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
    "univ.edu"="C:\\Program Files\\Microsoft Office\\Office12\\OutlookAutoDiscover\\univ.edu.xml"

    [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover]
    "univ.edu"="C:\\Program Files (x86)\\Microsoft Office\\Office14\\OutlookAutoDiscover\\univ.edu.xml"


    SnoBoy


    • Edited by SnoBoy Monday, March 19, 2012 6:53 PM
    • Marked as answer by SnoBoy Monday, March 19, 2012 6:53 PM
    Monday, March 19, 2012 6:51 PM
  • Keep in mind if you disable Autodiscover then you will break any feature which requires EWS to work.

    -Out of Office Assistant

    -Free/Busy

    -Inbox Rules Management

    -Archive Mailboxes

    -Mail Tips


    Microsoft Premier Field Engineer, Exchange
    MCSA 2000/2003
    MCTS: Win Server 2008 AD, Configuration MCTS: Win Server 2008 Network Infrastructure, Configuration
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server

    NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, March 20, 2012 2:03 AM
  • In my testing, this works great for Outlook 2010, but is a total failure for Outlook 2007. Makes me wonder what the difference between the two clients is that allows one to work and the other not.

    SnoBoy

    Tuesday, March 20, 2012 2:14 PM
  • *what* works great?  What are you referring to?


    Mike Crowley | MVP
    My Blog -- Planet Technologies

    Tuesday, March 20, 2012 2:40 PM
    Moderator
  • The solution that I marked as the answer above with the registry fix and the XML file works fine for Outlook 2010, but fails miserable for Outlook 2007.

    SnoBoy

    Tuesday, March 20, 2012 2:58 PM
  • ok.  As the OP on this thread, you are able to "unmark as answer".  Most of the universities I've worked with don't manage all of the user end-points, so your per-user registry fix doesn't seem very salable.  I would consider preventing access to the autodiscover virtual directory with a firewall, disabling the SCP, or better yet - just fix autodiscover!  With a valid certificate name, and user credentials, this shouldn't be a problem.


    Mike Crowley | MVP
    My Blog -- Planet Technologies

    Tuesday, March 20, 2012 3:10 PM
    Moderator
  • Under the restraints of our campus configuration, I can't "fix" autodiscover, which is the problem. If someone has an email alias in the form of username@univ.edu and that is their primary email address (SMTP:username@univ.edu in ADSI), I can't force Outlook to look for autodiscover.dept.univ.edu on the server-side, can I? My servers work fine when autodiscover uses autodiscover.dept.univ.edu, which is a CNAME with certificate on my CAS server. The gotcha is when using non-AD workstations like laptops, which cannot get to my DDNS servers and DCs since they often boot up outside the firewall. Most of our laptops aren't in the domain because it take so long to boot up when they can't contact the DCs, since most ot the time, they are outside the campus firewall, so they have to time out and use the cached credentials.

    I understand the automatic selection of autodiscover.univ.edu (which is another site/domain entirely in our situation adn not under my control) versus the correct autodiscover.dept.univ.edu to be strictly client side and if the client computer isn't in the domain, like our laptops aren't, then I am pretty much left to only doing the work-around of the registry/XML combination, aren't I? 

    I know that Microsoft considers this to be functioning as designed, but for the alias system at my university, it is more like a bug. It is a lose/lose proposition for us, unfortunately.


    SnoBoy

    Tuesday, March 20, 2012 6:23 PM