How to Configure the Autodiscover Service for Internet Access
Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-05-30
This topic explains how to configure the Autodiscover service for Internet-based access on a Microsoft Exchange Server 2007 computer that has the Client Access server role installed.
If you have deployed Exchange 2007 in your messaging environment, you can let the Autodiscover service automatically configure Microsoft Office Outlook 2007 clients for features such as the Availability service, Unified Messaging, and Outlook Anywhere. If you plan to allow external access to the Autodiscover service for Outlook 2007 clients that connect from the Internet, you must configure a valid Secure Sockets Layer (SSL) certificate from a certification authority (CA) that is trusted by the client computer's operating system.
We recommend that you host the Autodiscover service on a separate site if you manage a Web site that is frequently visited and that hosts your e-mail traffic. To allow external access to the Autodiscover service for Outlook 2007 clients that are connected from the Internet, we recommend that you follow these steps in order.
|You must use one IP address per site.|
- (Optional) Configure a separate site on a Client Access computer to host the Autodiscover service You can create a separate site to host Autodiscover service traffic by using the New-AutodiscoverVirtualDirectory cmdlet. This optional step is recommended if the Simple Mail Transfer Protocol (SMTP) address domain is the same as the corporate Web site address and your corporate Web site is frequently visited. For example, if the company Web site is www.contoso.com, the e-mail SMTP domain is contoso.com, and the company Web site (www.contoso.com) is frequently visited, we recommend that you create a separate site and host the Autodiscover service on autodiscover.contoso.com. For more information, see How to Create a New Autodiscover Service Virtual Directory.
- (Required) Configure a valid SSL certificate Configure a valid SSL certificate from a CA that the client computer trusts. If you have decided to host the Autodiscover service on a separate site, see How to Configure SSL Certificates to Use Multiple Client Access Server Host Names.
- (Optional) Update the SCP Object If you have created an additional IIS site for the Autodiscover service, you must update the service connection point (SCP) object in the Active Directory directory service to specify to which Client Access server and Autodiscover virtual directory you want clients to connect. For more information about SCP objects, see Publishing with Service Connection Points.
After you have completed these steps, you should configure the firewall for the address space and configure the SSL certificate for the Autodiscover service.
The following procedures explain how to create an Autodiscover virtual directory for a new Web site.
To perform the following procedure, the account you use must be delegated Exchange Server Administrator role and membership in the local Administrators group for the target server.
For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.
If you have not already done this, create a new Web site for the Autodiscover service by using Internet Information Services (IIS) Manager.
Create a new Autodiscover virtual directory in IIS for the Autodiscover service by running the following command:
New-AutodiscoverVirtualDirectory -Websitename <websitename> -BasicAuthentication:$true -WindowsAuthentication:$true
Note: A Web site that uses SSL requires that you use a unique IP address.
Configure a trusted third-party SSL certificate on the Autodiscover service Web site.
For more information about syntax and parameters, see New-AutodiscoverVirtualDirectory.