In earlier versions of Exchange you can use the Autodiscoverredirect option to retrieve autodiscover information if your primary SMTP domain in your email address does not match the domain name of the autodiscover DNS record in your Exchange deployment. You’ll face this issue when your Client Access server is using webmail.contoso.com and autodiscover.contoso.com but your email address is email@example.com. In this case your Outlook client will automatically start looking for a DNS record called autodiscover.fabrikam.com which points to the autodiscover.contoso.com. As a result a certificate warning is presented since the name of the request does not match the name on the certificate.
To overcome this you can use a so called autodiscoverredirect mechanism. This hasn’t changed much in Exchange 2013. On the Client Access server you have to configure an additional website (in IIS Manager) working with an autodiscoverredirect.contoso.com name. In IIS requests for this website are automatically redirected to the correct autodiscover.contoso.com website/virtual directory. In the Fabrikam namespace you create a CNAME DNS record called autodiscover.fabrikam.com which points to the autodiscoverredirect.contoso.com website.
Note. In my lab environment I will be using the domain Exchange16.com as the base domain so I’ll have autodiscover.exchange16.com and autodiscoverredirect.exchange16.com. The additional domain I’m hosting on this environment is inframan.nl, our user there is firstname.lastname@example.org
To implement this you have to follow the these steps:
- Configure an additional IP address on the Client Access server.
- In IIS Manager, bind the Default Web Site to the original IP address of the Client Access server for port 443 as shown in the following figure. Before you continue, make sure the Client Access server keeps working with this new binding.
- In Windows Explorer create two additional directories C:\Inetpub\AutodiscoverRedirect and C:\Inetpub\AutodiscoverRedirect\Autodiscover.
- In IIS Manager, create a new website, name is AutodiscoverRedirect and use the C:\Inetpub\Autodiscover as its Physical Path. Make sure the binding of this web site is set to the additional IP address we configured earlier as shown in the following figure:
- In the AutodiscoverRedirect web site in IIS Manager you’ll see an Autodiscover Virtual Directory show up. Select this Autodiscover Virtual Directory and in the details pane double click HTTP Redirect.
- In the HTTP Redirect window check the Redirect request to this destination and enter the normal autodiscover URL like https://autodiscover.exchange16.com/autodiscover as shown in the following figure:
The only thing left is to create a DNS record for autodiscoverredirect.exchange16.com which should point to the additional IP address. The autodiscover.inframan.nl DNS record should be a CNAME record and point to autodiscoverredirect.exchange16.com.
If you want to test this you can use the Remote Connectivity Analyzer (RCA) which can be found on https://testconnectivity.microsoft.com. In RCA select Outlook Autodiscover under Microsoft Office Outlook Connectivity Tests. In the next window enter the test user’s credentials as shown in the following figure:
When you click Perform Test RCA will perform an Autodiscover test en thus go thought the Autodiscoverredirect process we just configured. Don’t let the Connectivity Test successful with warnings fool you. You will see that the normal autodiscover tests fail (with the red cross) but that the HTTP redirect option succeeds as shown in the following figure:
When you expand the HTTP redirect method you can exactly see what’s happening under the hood.
Step 1 is the DNS lookup for autodiscover.inframan.nl
Step 2 is checking port 80 for this URL
Step 3 is the actual redirect response from the autodiscoverredirect website
Step 4 is the HTTP post to https://autodiscover.exchange16.com/autodiscover/autodiscover.xml
This is shown in the following figure:
When you start Outlook (2013) and logon to the email@example.com mailbox the autodiscover request will be redirected. Outlook will notice this and show a warning message:
You can safely check the Don’t ask me about this website again and Outlook will continue working normally.
You can use the Autodiscoverredirect option in Exchange 2013 (in this blog on Windows 2012 R2) if you have an Exchange 2013 environment with multiple SMTP domains. You can use these domains without adding these domains to the SSL certificate on the Client Access server. I’ve seen this autodiscoverredirect option at hosting companies where thousands of additional SMTP domains are hosted, but have seen this as enterprise customers as well. And it’s fully supported by Microsoft so you’re good to go.