Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-04-09

Microsoft Office Outlook 2007 uses the Autodiscover service to provide and manage profile information for your users. The Autodiscover service keeps a user's profile information up-to-date even if their mailbox information changes. For Outlook 2007 clients that are located outside the organization, Outlook Anywhere (formerly known as RPC over HTTP) provides connectivity to the Exchange organization. In this situation, Outlook 2007 uses Domain Name System (DNS) to locate information about how to connect to the Autodiscover service. Because DNS is open to several kinds of malicious attacks, Outlook 2007 is designed to request Autodiscover service information from only two URL combinations.

For an organization that is named www.contoso.com that has e-mail addresses that are derived from the main site name, for example, kwekua@contoso.com, the two URL combinations would be formed as follows:

  1. Outlook will first try the URL https://contoso.com/autodiscover/autodiscover.xml.

  2. If the previous URL cannot locate the Autodiscover service, Outlook will then try https://autodiscover.contoso.com/autodiscover/autodiscover.xml.

SSL Deployment Options for Outlook Anywhere

There are several ways to use Secure Sockets Layer (SSL) to help secure communication between Outlook 2007 clients and the Autodiscover service. The first thing that we recommend is to use the Subject Alternative Name field on your SSL certificate. For more information about how to configure the Subject Alternative Name for an SSL certificate, see How to Configure SSL Certificates to Use Multiple Client Access Server Host Names.

Alternatively, you can use multiple SSL certificates. For more information, see Configuring Outlook Anywhere to Use Multiple SSL Certificates.

Another option is to use an SSL certificate together with redirection. For more information, see Configuring Outlook Anywhere to Use an SSL Certificate with Redirection.

Using SSL Offloading for Outlook Anywhere

If you have a hardware solution that is offloading the SSL encryption for traffic that is destined for your Client Access server, you must configure SSL offloading for Outlook Anywhere. For more information, see How to Configure SSL Offloading for Outlook Anywhere.

For More Information

For more information about Outlook Anywhere, see the following topics: