Autodiscover services allows Outlook clients to lookup Exchange mailbox and configure Outlook profile automatically after entering email address and password. When you install Exchange 2016, a virtual directory named Autodiscover is automatically created under Default Web Site in IIS. Similarly, a Service Connection Point (SCP) object is also created in Active Directory at the same time. The purpose of SCP is to store and provide authoritative URLs of Autodiscover service for domain-joined computers. Outlook application running in domain-joined computers use SCP lookup to find the Autodiscover URL. You can also disable Autodiscover SCP lookup using Windows Registry or Group Policy. In this post, I will explain how Autodiscover works and show steps to configure Autodiscover in Exchange 2016. SSL certificate needs to be installed in Exchange 2016 for autodiscover to work properly.
Configure Autodiscover in Exchange 2016
It is the autodiscover virtual directory in IIS that let’s Outlook application to discover mailbox settings automatically so that users don’t have to deal with manual configuration of advanced settings of Outlook. This feature also works for mobile phones. Autodiscover virtual directory handles client requests from Outlook 2007, Outlook 2010, Outlook 2013 and Outlook 2016.
For external outlook clients, autodiscover service URL is derived from domain name of email address. For example, a user bgiri with email address of firstname.lastname@example.org is trying to set up Outlook 2016 from non-domain joined PC from the Internet. Here, Outlook application will try to reach autodiscover using https://mustbegeek.com/autodiscover/autodiscover.xml first and if it failes, it will try https://autodiscover.mustbegeek.com/autodiscover/autodiscover.xml URL. You can test autodiscover from Internet using Microsoft Connectivity Analyzer.
As you can see above, the test tried to find autodiscover service using both URLs. The first attempt was made to https://mustbegeek.com:443/Autodiscover/Autodiscover.xml and was failed, this is because the domain mustbegeek.com is not pointed to public IP address of the Exchange server. The second attempt is successful because I have pointed autodiscover.mustbegeek.com domain to public IP address of the Exchange server. Similarly, the SSL Certificate also includes the domain name autodiscover.mustbegeek.com. You can also view logs of autodiscover from Outlook application.
Press Ctrl+Right-click on outlook application icon in system tray.
Type your email and password. Check Use AutoDiscover option. Click Test button. As you can see above the outlook application first tried to get to https://mustbegeek.com/autodiscover URL. It did not reach autodiscover.xml from that URL so it tried to https://autodiscover.mustbegeek.com and succeeded.
For internal domain-joined clients, autodiscover service URL is derived from Service Connection Point (SCP). If you have not configured autodiscover URL for SCP then you will get following certificate error when internal users try to add mailbox on Outlook even though it is working from Internet.
This is because when you install Exchange 2016, default autodiscover URL for SCP is server-name.domain.com. Since we have already installed SAN certificate with autodiscover.mustbegeek.com domain name the error pops up saying name doesn’t match. So let’s configure autodiscover URL. Note: SCP is only used by internal domain-joined applications not by Internet clients. SCP is a Active Directory object that provides connection points for various applications. In this case, SCP provides autodiscover URL to Outlook clients. In Exchange 2016, you must configure URL for SCP from Exchange Management Shell (EMS). Log on to Exchange server and open Exchange Management Shell and type following cmdlet. The cmdlet below will update SCP (Service Connection Point) object.
[PS] C:\Windows\system32>Set-ClientAccessService -Identity MBG-EX01 -AutoDiscoverServiceInternalUri https://autodiscover.mustbegeek.com/Autodiscover/Autodiscover.xml
To verify the URL, type following command in Exchange Management Shell.
[PS] C:\Windows\system32>Get-ClientAccessService | fl AutoDiscoverServiceInternalUri AutoDiscoverServiceInternalUri : https://autodiscover.mustbegeek.com/Autodiscover/Autodiscover.xml
Don’t forget to add CNAME record in internal DNS server for autodiscover.mustbegeek.com.
Open DNS Manager from domain controller. Add the CNAME record. Now when you log on to domain-joined client machine and add mailbox in outlook, it is successful.
Click Finish and start using Outlook. You can also view logs of autodiscover from Outlook application. Press Shift+Right-click on outlook application icon in system tray.
Select Test E-mail AutoConfiguration option.
Type email address and password to test autodiscover. Check use Autodiscover option. Select log tab. As you can see above, it found the autodiscover through SCP and is successful. In this way you can configure autodiscover in Exchange 2016.