Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-05-30
This topic explains how to configure the Autodiscover service for Internet-based access on a Microsoft Exchange Server 2007 computer that has the Client Access server role installed.
If you have deployed Exchange 2007 in your messaging environment, you can let the Autodiscover service automatically configure Microsoft Office Outlook 2007 clients for features such as the Availability service, Unified Messaging, and Outlook Anywhere. If you plan to allow external access to the Autodiscover service for Outlook 2007 clients that connect from the Internet, you must configure a valid Secure Sockets Layer (SSL) certificate from a certification authority (CA) that is trusted by the client computer's operating system.
Configuring Internet Access to the Autodiscover Service
We recommend that you host the Autodiscover service on a separate site if you manage a Web site that is frequently visited and that hosts your e-mail traffic. To allow external access to the Autodiscover service for Outlook 2007 clients that are connected from the Internet, we recommend that you follow these steps in order.
|You must use one IP address per site.|
- (Optional) Configure a separate site on a Client Access
computer to host the Autodiscover service You
can create a separate site to host Autodiscover service traffic by
using the New-AutodiscoverVirtualDirectory cmdlet. This
optional step is recommended if the Simple Mail Transfer Protocol
(SMTP) address domain is the same as the corporate Web site address
and your corporate Web site is frequently visited. For example, if
the company Web site is www.contoso.com, the e-mail SMTP domain is
contoso.com, and the company Web site (www.contoso.com) is
frequently visited, we recommend that you create a separate site
and host the Autodiscover service on autodiscover.contoso.com. For
more information, see How to Create a New
Autodiscover Service Virtual Directory.
- (Required) Configure a valid SSL
certificate Configure a valid SSL certificate
from a CA that the client computer trusts. If you have decided to
host the Autodiscover service on a separate site, see How to Configure SSL
Certificates to Use Multiple Client Access Server Host
- (Optional) Update the SCP Object If you
have created an additional IIS site for the Autodiscover service,
you must update the service connection point (SCP) object in the
Active Directory directory service to specify to which Client
Access server and Autodiscover virtual directory you want clients
to connect. For more information about SCP objects, see
Publishing with Service Connection Points.
After you have completed these steps, you should configure the firewall for the address space and configure the SSL certificate for the Autodiscover service.
The following procedures explain how to create an Autodiscover virtual directory for a new Web site.
Before You Begin
To perform the following procedure, the account you use must be delegated Exchange Server Administrator role and membership in the local Administrators group for the target server.
For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.
To use the Exchange Management Shell to configure a new Web site for the Autodiscover service
If you have not already done this, create a new Web site for the Autodiscover service by using Internet Information Services (IIS) Manager.
Create a new Autodiscover virtual directory in IIS for the Autodiscover service by running the following command:
New-AutodiscoverVirtualDirectory -Websitename <websitename> -BasicAuthentication:$true -WindowsAuthentication:$true
Note: A Web site that uses SSL requires that you use a unique IP address.
Configure a trusted third-party SSL certificate on the Autodiscover service Web site.
For more information about syntax and parameters, see New-AutodiscoverVirtualDirectory.