Configure the Autodiscover Service for Internet Access
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2012-07-23
You can configure the Autodiscover service for Internet access on a Microsoft Exchange Server 2010 Client Access server.
If you've deployed Exchange 2010 in your messaging environment, you can let the Autodiscover service automatically configure Microsoft Office Outlook 2007 or Outlook 2010 clients for features such as the Availability service, Unified Messaging, and Outlook Anywhere. If you plan to allow external access to the Autodiscover service for Outlook 2007 or Outlook 2010 clients that connect from the Internet, you must configure a valid Secure Sockets Layer (SSL) certificate from a certification authority (CA) that's trusted by the client computer's operating system.
You can create a separate Internet Information Services (IIS) Web site to host Autodiscover traffic. Consider hosting the Autodiscover service on a separate IIS Web site if either of the following is true:
Your primary Web site is visited frequently
Your primary Web site hosts your e-mail traffic
Looking for other management tasks related to the Autodiscover service? Check out Managing the Autodiscover Service.
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Autodiscover service virtual directory settings" entry in the Client Access Permissions topic.
To allow external access to the Autodiscover service for Outlook 2010 or Outlook 2007 clients that are connected from the Internet, we recommend that you perform these steps in the following order.
(Optional) Configure a separate IIS Web site on a Client Access server to host the Autodiscover service You can create a separate site to host Autodiscover service traffic by using the New-AutodiscoverVirtualDirectory cmdlet. This step is recommended if the domain in the Simple Mail Transfer Protocol (SMTP) address is the same as the corporate Web site address and your corporate Web site is visited frequently. For example, if the corporate Web site is www.contoso.com, the e-mail SMTP domain is contoso.com, and the corporate Web site (www.contoso.com) is visited frequently, we recommend that you create a separate site and host the Autodiscover service on autodiscover.contoso.com. For more information, see Create an Autodiscover Virtual Directory.
Note: You must use one IP address per site.
(Required) Configure a valid SSL certificate You must configure a valid SSL certificate from a CA that the client computer trusts. We recommend that you use the Exchange 2010 Certificate wizard to configure a valid SSL certificate. For information about how to create an SSL certificate, see Create a New Exchange Certificate. If you've decided to host the Autodiscover service on a separate Web site, see Configure SSL Certificates to Use Multiple Client Access Server Host Names.
(Optional) Update the SCP Object You only need to perform this step if you want internal Exchange clients to connect to the Autodiscover service through the Internet. Service connection points (SCPs) are only used for internal Exchange clients. If you've created a separate IIS Web site for the Autodiscover service, you must update the SCP object in Active Directory to specify which Client Access server and Autodiscover virtual directory you want clients to connect to. For more information about how to configure SCP objects, see Publishing with Service Connection Points.
(Required) Configure the firewall and SSL certificate You should configure the firewall for the address space and configure the SSL certificate for the Autodiscover service. For more information, check your firewall documentation. If your firewall server is ISA Server 2006, see Publishing Exchange Server 2007 with ISA Server 2006. For information about how to configure Outlook Anywhere to use multiple SSL certificates, see Configure Outlook Anywhere to Use Multiple SSL Certificates.
(Optional) Create a new Web site for the Autodiscover service Follow these steps:
In IIS Manager, expand your Client Access server name, select and right-click Sites, and then select Add Web Site. Enter your SMTP domain name under Site name.
Under Physical path, navigate to %SystemDrive%\inetpub\. Under inetpub, create a new folder called Autodiscover.
Note: You must allow the Users group Read & execute access to the Web site that you create.
(Optional) Create an Autodiscover virtual directory for the new Web site You can use the Shell to create an Autodiscover virtual directory for the new Web site in IIS by running the following command.
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Autodiscover virtual directory settings" entry in the Client Access Permissions topic.
New-AutodiscoverVirtualDirectory -Websitename <websitename> -BasicAuthentication:$true -WindowsAuthentication:$true
Note: A Web site that uses SSL requires that you use a unique IP address.
For more information about syntax and parameters, see New-AutodiscoverVirtualDirectory.
(Optional) Configure a trusted third-party SSL certificate on the new Web site If you created a new Web site to host the Autodiscover service, configure a trusted third-party SSL certificate on the Web site. We recommend that you use the Exchange 2010 Certificate wizard to configure a valid SSL certificate. For information about how to create an SSL certificate, see Create a New Exchange Certificate. For more information, see Understanding Digital Certificates and SSL.
After you configure a new Web site for the Autodiscover service, you may also want to: