So we now understand how we access the Autodiscover service when we are domain joined and internal to the network.  What happens if we are on the corporate network and are not domain joined or we are external to the network and doin’t have AD connectivity?  Or what happens if we connect via Outlook Anywhere when internal or external to the network? Essentially, what happens when we don’t have access to Active Directory?

Because our Outlook 2007 clients don’t have access to Active Directory, we cannot obtain the AutodiscoverServiceinternalURI since the client can’t get to the SCP record.  Because of this, Outlook 2007 will fall back to utilizing a different method.  The first method is to contact the following DNS records in order (domain = the user’s primary SMTP domain):

The majority of people will use the autodiscover.shudnow.net method.  Taking a close look at the URLs, we will utilize https.  This means that we will need the autodiscover.shudnow.net name in our certificate.  To have multiple names in our certificate, we will need a Unified Communications Certificate that is provided by various vendors.  My favorite certificate vendors are Entrust followed by Digicert.

So let’s say we want our NetBIOS name on our certificate, FQDN of CAS, our OWA FQDN, and our Autodiscover name, we’d have the following FQDNs on our certificate.

  • OWA.shudnow.net
  • CASServer
  • CASServer.shudnow.net
  • autodiscover.shudnow.net

But again, as stated earlier, if you have ISA, you have the capability of using an internal certificate from your own PKI infrastructure and then using a 3rd party certificate on ISA and have external client access to ISA using the 3rd party certificate in which ISA will proxy that traffic to the CAS using the internal PKI certificate.  This allows you to hide your internal server names if you wish.  Otherwise you can just use your third party certificate across the board (costs may increase depending on licensing for the certificate).

So an example of how this works for domain joined clients who don’t have access to Active Directory, Outlook Anywhere clients, or non-domain joined clients is included on the Autodiscover Whitepaper:

 
Advertisements