Академический Документы
Профессиональный Документы
Культура Документы
MCSM: Messaging
AutoDiscover
Timothy Heeney
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging Version 1.0, Updated 4/16/2013
Internal Architecture – AutoDiscover 2010
The XML request contains a reference to a schema as the first part of the
opening <Autodiscover> XML tag
xmlns=http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006a
xmlns=http://schemas.microsoft.com/exchange/autodiscover/mobilesync/requestschema/2006a
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Internal Architecture – AutoDiscover 2013
Authenticate
User
AD
2013 CAS Server 2013 Mailbox Server Lookup
AutoDiscover
Outlook
AutoDiscover Provider
AutoDiscover Services
Proxy service
Service Discovery
TCP AutoDiscover
444 MobileSync
Provider
The XML request contains a reference to a schema as the first part of the
opening <Autodiscover> XML tag
xmlns=http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006a
xmlns=http://schemas.microsoft.com/exchange/autodiscover/mobilesync/requestschema/2006a
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
What Does It Do For Me?
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Why Do I Need AutoDiscover?
• If you have Exchange 2007/10/13, you have no choice – you might get mail
to work, but Availability, OOF etc are not available without it
• You don’t need to configure it unless you have Outlook 2007+ deployed
and have Exchange 2007/10/13 Servers
• Only Outlook 2007+ clients can use AutoDiscover
• You can use AutoDiscover internally and externally
• Externally you need to configure several things to get it working
• Enabling Outlook Anywhere
• Certificates
• Configure URL’s for each service
• Publishing of URLs
• Configure DNS
• Without AutoDiscover configured correctly – Outlook 2007+ is dead in
the water if you have Exchange 2007/10/13
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
AutoDiscover vs Auto Account Setup
• Display Name and Email address are done by Auto
Account Setup
• It can be controlled by the DWORD ExchangeAddressDetect
at HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Preferen
ces
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. 6
MCSM: Messaging- Version 1.0, Updated 4/16/2013
Changes From AutoD 2007
<Autodiscover
xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
<Request>
<EMailAddress>user@fabrikam.com</EMailAddress>
<AcceptableResponseSchema>Http://schemas.microsoft.com/exchange
/autodiscover/outlook/responseschema/2006a
</AcceptableResponseSchema>
</Request>
</Autodiscover>
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Example SOAP AutoD Request
AD Lookup
ServiceConnectionPoints
5) After successful
Authentication, the Mailbox
server builds the
AutoDiscover.xml response
6) Outlook consumes the connection settings in AutoDiscover.xml
response, and connects to the Exchange services
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
AutoDiscover – Internal Cont...
• During initial CAS installation, setup creates a Service Connection Point (SCP)
in AD for the AutoDiscover service
• Configuration/Services/Microsoft Exchange/Org Name/Administrative Groups/Admin
Group/Servers/Servername/Protocols/AutoDiscover/Servername
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
SCP Use Algorithm
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
SCP Use Algorithm
AutoDiscoverSiteScope
Redmond
Creation Date
Tokyo
Lon 11 Tokyo, Redmond Red2 Red4
Red
Lon 21
Red 2
Lon
DNS12
Red
Lon 2
Red London
DNS
London Lon1 Lon3
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Outlook Provider for 2010
• By default three Outlook Providers are used to configure email settings individually
• <Account>
• <AccountType>email</AccountType>
• <Action>settings</Action>
• <Protocol>
• Internal clients (EXCH), Outlook Anywhere (EXPR) and WEB.
• The EXCH setting references the Exchange RPC protocol that is used internally.
• The EXPR setting references the Exchange HTTP protocol that is used by Outlook Anywhere.
• The WEB setting contains the best URL for Outlook Web Access for the user to use. This setting is not in use in
Office/Exchange 2007 but is used for showing the OWA url in Outlook 2010.
• The FQDN displayed is the lowest alphanumerically
• Example: red-cas-1 will show above red-cas-2
• The <AlternativeMailbox> <x> settings are also returned if the mailbox is on 2010/13 and has an Archive enabled or has
full perms to another mailbox. LegDN is returned along with RPC CA endpoint for access
• <Delegate>
• <Archive>
• To remove delegate backlinks – adsi on delegate – msExchDelegateListLink
• In 2010 SP2+ and 2013:
• Add-MailboxPermission sharedmailbox –User UserMailbox –AccessRights:FullAccess –AutoMapping $false
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. 14
MCSM: Messaging- Version 1.0, Updated 4/16/2013
Autodiscover updates
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Autodiscover updates cont…
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
What does Outlook display
• PR_PROFILE_RPC_PROXY_SERVER_SECONDARY_W
• PR_PROFILE_RPC_PROXY_SERVER_PRINCIPAL_SECONDARY_W
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Certificate issue with providers
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
So how do I configure the Provider
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
URL’s and Vdir’s
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
URL’s Returned by AutoDiscover
- Outlook
Set-VirtualDirectory Set-VirtualDirectory
–Identity server/website –Identity server/website
–internalurl https://fqdn/path –externalurl https://fqdn/path
• Protocol>
• <Type>EXHTTP</Type>
• <Server>mail.exchange.microsoft.com</Server>
• <SSL>On</SSL>
• <AuthPackage>Negotiate</AuthPackage>
• <ASUrl>https://mail.exchange.microsoft.com/ews/exchange.asmx</ASUrl>
• <EwsUrl>https://mail.exchange.microsoft.com/ews/exchange.asmx</EwsUrl>
• <EmwsUrl>https://mail.exchange.microsoft.com/ews/exchange.asmx</EmwsUrl>
• <SharingUrl>https://mail.exchange.microsoft.com/ews/exchange.asmx</SharingUrl>
• <EcpUrl>https://mail.exchange.microsoft.com/ecp/</EcpUrl>
• <EcpUrl-um>?rfr=olk&p=customize/voicemail.aspx&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-um>
• <EcpUrl-aggr>?rfr=olk&p=personalsettings/EmailSubscriptions.slab&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-aggr>
• <EcpUrl-
mt>PersonalSettings/DeliveryReport.aspx?rfr=olk&exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx>&realm=exchange.microsoft.com</EcpUrl-mt>
• <EcpUrl-ret>?rfr=olk&p=organize/retentionpolicytags.slab&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-ret>
• <EcpUrl-sms>?rfr=olk&p=sms/textmessaging.slab&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-sms>
• <EcpUrl-publish>customize/calendarpublishing.slab?rfr=olk&exsvurl=1&FldID=<FldID>&realm=exchange.microsoft.com</EcpUrl-publish>
• <EcpUrl-photo>PersonalSettings/EditAccount.aspx?rfr=olk&chgPhoto=1&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-photo>
• <EcpUrl-tm>?rfr=olk&ftr=TeamMailbox&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-tm>
• <EcpUrl-
tmCreating>?rfr=olk&ftr=TeamMailboxCreating&SPUrl=<SPUrl>&Title=<Title>&SPTMAppUrl=<SPTMAppUrl>&exsvurl=1&realm=exchange.microsoft.com</EcpUr
l-tmCreating>
• <EcpUrl-tmEditing>?rfr=olk&ftr=TeamMailboxEditing&Id=<Id>&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-tmEditing>
• <EcpUrl-extinstall>Extension/InstalledExtensions.slab?rfr=olk&exsvurl=1&realm=exchange.microsoft.com</EcpUrl-extinstall>
• <OOFUrl>https://mail.exchange.microsoft.com/ews/exchange.asmx</OOFUrl>
• <UMUrl>https://mail.exchange.microsoft.com/ews/UM2007Legacy.asmx</UMUrl>
• <OABUrl>https://mail.exchange.microsoft.com/OAB/b46f3720-5328-4fb4-8830-ca7363b84dbc/</OABUrl>
• <ServerExclusiveConnect>On</ServerExclusiveConnect>
• </Protocol>
• <PublicFolderInformation>
• <SmtpAddress>ContentMailbox2@exchange.microsoft.com</SmtpAddress>
• </PublicFolderInformation>
• </Account>
• </Response>
</Autodiscover>
©2013 •Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Autodiscover output
• <PublicFolderInformation>
•
<SmtpAddress>ContentMailbox2@exchange.microsoft.com</SmtpAddress>
• </PublicFolderInformation>
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
>1 CAS AutoD Complexities
• When CAS is first installed the SCP is created using the server FQDN and
the AD Site it was in - at the time of install – if it changes later the SCP is
NOT updated
• When Outlook 2007> queries AD for an SCP to find the AutoDiscover
URL it builds a list of CAS (either in site if any match or out of site if none
match - but not both), then connects to the OLDEST, using the FQDN
specified
• If the AutoDiscoverServiceInternalURI is still set to the FQDN, it will
ALWAYS go to that CAS first
• It will fail to next oldest if not reachable
• If there is more than one CAS the urls’ returned will not be evenly
balanced
• This varies depending on CAS and mailbox version
• Outlook will NOT fail over if URL’s are not reachable
• OWA InternalURL in Outlook 2010 will be the lowest alphanumeric value – and
may not be reachable – but if changed for a load balanced value – may break
proxy…. More when we cover proxy and redirection
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Autodiscover process enhancement
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Autodiscover process enhancement
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Certificate Requests – EMS 2010/2013
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
AutoDiscover Extras
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
CAS2013 Client Protocol Connectivity Flow
Exchange Server 2010 Coexistence - Autodiscover (External clients)
Clients
autodiscover.contoso.com
CAS CAS
2010 PROXY PROXY 2010
handles handles
E2010 CAS request E2013 CAS E2010 CAS request
E2010/E2007
MBX
E2010 MBX E2013 MBX E2010 MBX
Internet facing site Intranet site
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
CAS2013 Client Protocol Connectivity Flow
Exchange Server 2007 Coexistence - Autodiscover (External clients)
Clients
autodiscover.contoso.com
PROXY
MBX
2013
E2010/E2007 handles
MBX request
E2007 MBX E2013 MBX E2007 MBX
Internet facing site Intranet site
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
CAS2013 Client Protocol Connectivity Flow
Exchange Server 2010 Coexistence - Autodiscover (Internal clients)
Internal LB
namespace
CAS CAS
2010 PROXY PROXY 2010
handles handles
E2010 CAS request E2013 CAS E2010 CAS request
E2010/E2007
MBX
E2010 MBX E2013 MBX E2010 MBX
Internet facing site Intranet site
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
CAS2013 Client Protocol Connectivity Flow
Exchange Server 2007 Coexistence - Autodiscover (Internal clients)
Internal LB
namespace
MBX
2013
E2010/E2007 handles
MBX request
E2007 MBX E2013 MBX E2007 MBX
Internet facing site Intranet site
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Resource Forest AutoDiscover
DNS
Mail-Enabled
User
SCP SCP
Client Access
O
Server
Outlook
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
AutoDiscover in Resource Forest Scenarios
• UserA logs onto workstation in CORP communicate with AD servers in the CORP forest.
• UserA launches Outlook (for this scenario, will say it’s the first time).
• AutoDiscover process kicks in, queries AD
• Either it will retrieve the primary SMTP address (in case account forest user accounts
have the email property populated).
• Or user will enter in credentials and SMTP address
• We perform a query to see if there are any SCP records for that SMTP address
• We get back pointer/target SCP record
• Outlook then binds to the target forest (LDAP://target.forest.com) and retrieves the SCP
records. One of two things happen:
• If account forest AD site's are in the resource forest (requires synchronization), then
we will retrieve an SCP record for the Outlook client's AD site (and thus use a local
CAS server).
• If the SCP records don't have the site scope (or if we aren't replicating the AD site
topology) then we will get a random record and thus URLS to that random CAS
server.
• We connect to the autodiscover virtual directory on the CAS server
• We retrieve our autodiscover.xml settings, Outlook consumes them, and the profile is
built
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
MultipleExchangeDeployments$True
• Without
• >> Dn: CN=TAILSPIN.COM,CN=Microsoft Exchange
Autodiscover,CN=Services,CN=Configuration,DC=Accounts,DC=com
• 4> objectClass: top; leaf; connectionPoint; serviceConnectionPoint;
• 1> cn: TAILSPIN.COM;
• 1> distinguishedName: CN=TAILSPIN.COM,CN=Microsoft Exchange
Autodiscover,CN=Services,CN=Configuration,DC=Accounts,DC=com;
• 1> instanceType: 0x4 = ( IT_WRITE );
• 1> whenCreated: 07/08/2010 14:47:19 Pacific Standard Time Pacific Daylight Time;
• 1> whenChanged: 07/08/2010 14:47:19 Pacific Standard Time Pacific Daylight Time;
• 1> uSNCreated: 13996;
• 1> uSNChanged: 13996;
• 1> showInAdvancedViewOnly: TRUE;
• 1> name: TAILSPIN.COM;
• 1> objectGUID: c0a090d1-2e3d-4610-82af-e9a625cc336e;
• 1> keywords: 67661d7F-8FC4-4fa7-BFAC-E1D7794C1F68;
• 1> serviceBindingInformation: LDAP://TAILSPIN.COM;
• 1> objectCategory: CN=Service-Connection-
Point,CN=Schema,CN=Configuration,DC=Accounts,DC=com;
• With
• 2> keywords: Domain=TAILSPIN.COM; 67661d7F-8FC4-4fa7-BFAC-E1D7794C1F68;
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Hybrid Forest AutoDiscover
DNS
Domain=Exchange Forest
1 SMTP Domain
Mail-Enabled
User
SCP SCP SCP
Client Access
O
Server Client Access
Outlook Server
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Hybrid Forest AutoDiscover
• Scenario:
• Two forests – tailspin.com and contoso.com
• In tailspin, a mailuser object exists for user Barry whose
mailbox is in Contoso
• Target Address: barry@contoso.com
• Proxy addresses: barry@contoso.com barry@tailspin.com
• Auto Account Setup sees user email as barry@tailspin.com
• If primary proxy were set as barry@contoso.com – it would
use that during initial setup
• Either way, once it gets to AutoDiscover in the local forest it
gets a redirect to the target address – either using an SCP
object, or falling back to DNS
• So these two forests require different SMTP namespaces
• And two user accounts… or a trust
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013
Recap
©2013 Microsoft Corporation. All rights reserved. MCSM NDA Confidential. Do not distribute. For individual readiness purposes only. MCSM: Messaging- Version 1.0, Updated 4/16/2013