Export (0) Print
Expand All

Configuring Outlook Anywhere to Use an SSL Certificate with Redirection

 

Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007

Topic Last Modified: 2007-03-21

If you cannot use multiple Secure Sockets Layer (SSL) certificates for your Outlook Anywhere deployment, you can use Autodiscover redirection to redirect your Microsoft Office Outlook 2007 clients that are either not joined to your domain or do not have direct access to Active Directory. You will redirect clients to another Domain Name System (DNS) address to obtain their configuration information by using the Autodiscover service.

To configure your Outlook Anywhere deployment to use an SSL certificate with redirection, you must do the following:

  1. Configure a valid SSL certificate   You must obtain a valid SSL certificate from a certification authority (CA) that is trusted by the client computer's operating system. For more information about how to use SSL for Exchange 2007 client access, see Managing SSL for a Client Access Server. After you acquire a valid SSL certificate, apply the certificate to the default Web site of your Client Access server.
  2. Configure the URLs for Exchange services   You must configure the external and internal URLs for your available Exchange services to point to the default Web site, for example, mail.contoso.com. For more information about how to set the URLs for the Exchange services, see How to Configure Exchange Services for the Autodiscover Service.
  3. Configure the service connection point object   You must configure the service connection point (SCP) object to use a site dedicated to handling e-mail, for example, mail.contoso.com. You do this by running the following command:
    Set-ClientAccessServer -id <CAS01>  -AutoDiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml
    
  4. Configure the IP address for the default Web site   You must set the default Web site to listen on only one IP address. After you have done this, bind an additional IP address to the network adapter, also known as a NIC, for the Client Access server.
  5. Create a new Web site in IIS   Use Internet Information Services (IIS) to create a new Web site. Create a new folder named Autodiscover_redirect in the file system under C:\Inetpub.
    noteNote:
    You must allow Read and Anonymous access to the Web site that you create.
  6. Create the Autodiscover redirect   Use Windows Explorer to locate the folder that you created named Autodiscover_redirect. Create a new folder named Autodiscover in the Autodiscover redirect folder, and then use a text editor to create a new blank text file that has the name Autodiscover.xml in the Autodiscover folder.
  7. Configure the new Web site   You must configure the new Web site that you created to redirect to the site that is dedicated to handling e-mail, for example, mail.contoso.com. In IIS Manager, right-click the Autodiscover.xml file that you created, and then click Properties. On the Properties page, select A redirection to a URL, and then enter the same information that you used to configure the SCP object. For example, https://mail.contoso.com/autodiscover/autodiscover.xml.
  8. Test your results   After you have completed all these steps, you must make sure that the site that you are using to handle e-mail, for example, mail.contoso.com, can be resolved internally and externally by using your Outlook 2007 client.

After you configure Exchange to use an SSL certificate with redirection, clients that are not domain joined and clients that do not have direct connectivity to Active Directory receive a redirect from the Autodiscover site to the site that is dedicated to handling e-mail. When this occurs, a warning message is displayed in Outlook 2007 that says Allow this website to configure server settings? Outlook 2007 enables users to turn off the option for this warning message to continue to appear. We recommend that you inform your users to turn off the warning message on their Outlook 2007 client.

You can use a single SSL certificate with redirection if you are hosting multiple Simple Mail Transfer Protocol (SMTP) domains and you do not want to obtain a separate SSL certificate for each domain. This hosting scenario requires that you create a DNS entry in each zone that you host for the Autodiscover service to point to the non-SSL redirect site after you have configured the Autodiscover redirect site. This redirect site will be responsible for redirecting all clients to a site such as https://mail.contoso.com/autodiscover/autodiscover.xml.

For more information about how to manage Outlook Anywhere, see Managing Outlook Anywhere.

For more information about the Autodiscover service, see the following topics:

To ensure that you are reading the most up-to-date information and to find additional Exchange Server 2007 documentation, visit the Exchange Server TechCenter.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft