Exchange 2007 - Configure Autodiscover for a Single Domain Certificate

When using Exchange 2007, 2010 or later, it could be required to configure Exchange to use a certificate for just one domain name. This setup requires one additional IP address.

Adding an aditional IP-address to the Exchange server

  1. Navigate to the Exchange Client Access server and open the properties for the networkadapter.
  2. Select Internet Protocol, click on Properties, and hereafter on Advanced.
  3. Click on Add beneath IP addresses and add the aditional IP address to the server.
  4. Click on Add and then OK to store the settings and close the window.

Create DNS-records

There has been probably created an domain name for you clients to connect to Exchange before, for instance mail.yourdomain.com. Aditional to this, we should have an domain name for Autodiscover, so that Outlook clients can reach the Autodiscover service. This DNS A record should point to the second IP-address on the Exchange Client Access server. This domainname should be resolvable by the internal clients too.

  1. Open the DNS Manager and click on the Forward Lookup Zones to open.
  2. Right-click on the corresponsing zone (e.g. yourdomain.com) and select te option New Host (A).
  3. Enter autodiscover for the field Name, and below that, the newly added IP-address; Then click on Add Host.
  4. If not done already, add a record for the primary domainname for you mail server (e.g. mail.uwdomein.nl) and let this point to your (primairy) IP-address.

Configure Website

After configuring the DNS, we have to configure the default website.

  1. Open the IIS Manager, right-click Default Web Site and select Properties.
  2. The default setting for the IP-address is All Unassigned. Select the primairy IP-address and let it bind to the Default Web Site.
  3. Click on Advanced, select Edit and change it to bind port 443 to the primairy IP-address.

Creating new folder structure for Autodiscover

Now we need to create a new directory-structure for the Autodiscover redirect website that we are going to create in the following steps.

  1. Navigate via Exlorer to 'C:\Inetpub'.
  2. On this location, create a subfolder named Autodiscover, and within this folder create again a Autodiscover subfolder.
  3. Create a blank textfile named autodiscover.xml within this last subfolder.

Autodiscover redirect website creat

  1. Open the IIS Manager, right-click on Web Sites, and select New Web Site.
  2. Enter Autodiscover Web Site as description in the wizzard and click on Next.
  3. In the IP-address field, enter the earlier created secundairy IP-address and click on Next.
  4. Select 'C:\Inetpub\Autodiscover' as Web Site Home Directory and click on Next.
  5. Extend the Autodiscover website and select the underlying Autodiscover virtual directory.
  6. Right-click in the rightmost screen on autodiscover.xml and select the Properties.
  7. Select the option A redirection to a URL and enter the URL that users will use to connect to OWA, Activesync en Outlook Anywhere, like: https://mail.yourdomain.nl/autodiscover/autodiscover.xml.

Service-connectionpoint modification

Now we change the internal FQDN for our local office clients.

  1. Open the Exchange Management Shell.
  2. Issue the following command: Set-ClientAccessServer -AutodiscoverServiceInternalUri https://mail.yourdomain.nl/autodiscover/autodiscover.xml

Modify Web Services URL's

The last step required is to configure the Exchange services for the Autodiscover service. This includes the URL's for Availability, Exchange Web Services, Unified Messaging and the Offline Address Book. This is required to have Autodiscover pass the correct information to the clients.

  1. Open the Exchange Management Shell.
  2. Issue the following commands for setting the external hostname URL for Outlook Anywhere on Autodiscover (Items in bold need to be changed, depending on your situation). Enable-OutlookAnywhere -Server servernaam -ExternalHostname "mail.yourdomain.nl" -ExternalAuthenticationMethod "Basic" -SSLOffloading:$False
  3. Issue the following commands for setting the external hostname URL for the Offline Address Book on Autodiscover (Items in bold need to be changed, depending on your situation): Set-OABVirtualDirectory -identity "servernaam\OAB (Default Web Site)" -externalurl https://mail.yourdomain.nl/OAB -RequireSSL:$true
  4. Issue the following commands for setting the external hostname URL for Unified Messaging on Autodiscover (Items in bold need to be changed, depending on your situation): Set-UMVirtualDirectory -identity "servernaam\UnifiedMessaging (Default Web Site)" -externalurl https://mail.yourdomain.nl/UnifiedMessaging/Service.asmx -BasicAuthentication:$True
  5. Issue the following commands for setting the external hostname URL for Exchange Web Services and Out Of Office services on Availability (Items in bold need to be changed, depending on your situation): Set-WebServicesVirtualDirectory -identity "servernaam\EWS (Default Web Site)" -externalurl https://mail.yourdomain.nl/EWS/Exchange.asmx -BasicAuthentication:$True

Further information on the Autodiscover subject is availabale from the whitepaper on Microsoft TechNet.

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up