Client Access Server Nitin Gupta [email_address]

Client Access Server Exchange Autodiscover Overview Process Question & Answers Agenda

Client Access Server

Exchange Autodiscover

Overview

Process

Question & Answers

The topics / flow to be covered in this session is going to be very basic Please feel free to interrupt in case something is not clear , every attempt would be made to answer your query immediately, else offline Important

The topics / flow to be covered in this session is going to be very basic

Please feel free to interrupt in case something is not clear , every attempt would be made to answer your query immediately, else offline

Exchange 2007 - Architecture Overview / Understanding of SMTP Protocol & Relay DNS & associated records PowerShell Certificates / PKI Good knowledge of Server Roles in MSX 2003 Prerequisites

Exchange 2007 - Architecture

Overview / Understanding of

SMTP Protocol & Relay

DNS & associated records

PowerShell

Certificates / PKI

Good knowledge of Server Roles in MSX 2003

Where CAS comes in…

Server roles allow an administrator to split the functions of an Exchange server and place each role, or a combination of roles, on different servers in the organization This can be done for performance reasons, management reasons , or any other reason deemed necessary by the organization's policies Various Server Roles Edge Transport Hub Transport Client Access Mailbox Unified Messaging Server Roles

Server roles allow an administrator to split the functions of an Exchange server and place each role, or a combination of roles, on different servers in the organization

This can be done for performance reasons, management reasons , or any other reason deemed necessary by the organization's policies

Various Server Roles

Edge Transport

Hub Transport

Client Access

Mailbox

Unified Messaging

Server Roles Perimeter Exchange 2007 Edge Server Intranet Exchange 2007 Server

Enterprise Network Other SMTP Servers PBX or VoIP I N T E R N E T Server Roles Hub Transport Routing Policy Applications: OWA, Outlook Anywhere Protocols: EAS, POP, IMAP, Outlook Anywhere Programmability: Web services, Web parts Client Access Edge Transport Routing Hygiene Mailbox Mailbox Public Folders Voice Messaging Unified Messaging Fax

CAS - Overview

Handles communications between clients and Microsoft Exchange. Supports Outlook 2007 and earlier versions, Outlook Web Access, Exchange ActiveSync POP3 and IMAP4 protocols Makes it possible to use Exchange 2007 features such as the offline address book, the Autodiscover service, and the Availability service Must be installed in every Exchange 2007 organization Enables users to use Unified Messaging features as Play on Phone Overview

Handles communications between clients and Microsoft Exchange.

Supports

Outlook 2007 and earlier versions,

Outlook Web Access,

Exchange ActiveSync

POP3 and IMAP4 protocols

Makes it possible to use Exchange 2007 features such as the offline address book, the Autodiscover service, and the Availability service

Must be installed in every Exchange 2007 organization

Enables users to use Unified Messaging features as Play on Phone

Outlook communicates directly with the Mailbox server, Outlook still uses the Client Access server role to connect to Exchange mailboxes when using Outlook Anywhere (formerly known as RPC over HTTP) and for services such as Autodiscover service Availability service. Overview - Note

Outlook communicates directly with the Mailbox server,

Outlook still uses the Client Access server role to connect to Exchange mailboxes when using Outlook Anywhere (formerly known as RPC over HTTP) and for services such as

Autodiscover service

Availability service.

Autodiscover Uses a user's e-mail address and password to provide profile settings to Outlook 2007 clients and supported mobile devices Enables Outlook 2007 clients to automatically connect to Microsoft Exchange and Exchange features, such as the Availability service or Unified Messaging, without having to manually configure their Outlook profile POP3 & IMAP4 Supports POP3 and IMAP4 clients. By default, POP3 and IMAP4 services are installed but are not enabled. CAS – Features & Functionalities

Autodiscover

Uses a user's e-mail address and password to provide profile settings to Outlook 2007 clients and supported mobile devices

Enables Outlook 2007 clients to automatically connect to Microsoft Exchange and Exchange features, such as the Availability service or Unified Messaging, without having to manually configure their Outlook profile

POP3 & IMAP4

Supports POP3 and IMAP4 clients.

By default, POP3 and IMAP4 services are installed but are not enabled.

Exchange ActiveSync Helps synchronize data between mobile device and Exchange Can synchronize e-mail, contacts, calendar information, and tasks Devices that run Microsoft Windows Mobile® software, including Windows Mobile powered Pocket PC 2003 and Windows Mobile 5.0, are supported Outlook Web Access Helps access e-mail from a Web browser Includes new features like smart meeting booking, enhanced reminders and notifications, integration with WSS and File share Two versions of Outlook Web Access Full-featured Outlook Web Access Premium client Outlook Web Access Light client CAS – Features & Functionalities

Exchange ActiveSync

Helps synchronize data between mobile device and Exchange

Can synchronize e-mail, contacts, calendar information, and tasks

Devices that run Microsoft Windows Mobile® software, including Windows Mobile powered Pocket PC 2003 and Windows Mobile 5.0, are supported

Outlook Web Access

Helps access e-mail from a Web browser

Includes new features like smart meeting booking, enhanced reminders and notifications, integration with WSS and File share

Two versions of Outlook Web Access

Full-featured Outlook Web Access Premium client

Outlook Web Access Light client

Outlook Anywhere The Outlook Anywhere feature for Microsoft Exchange Server 2007 lets Outlook 2007 and Outlook 2003 clients connect to their Microsoft Exchange servers over the Internet by using the RPC over HTTP Windows networking component. Wraps remote procedure calls (RPC) with an HTTP layer, which allows the traffic to traverse network firewalls without requiring RPC ports to be opened Availability Service Improves free/busy data access for information workers by providing secure, consistent, and up-to-date free/busy data to computers that are running Outlook 2007 CAS – Features & Functionalities

Outlook Anywhere

The Outlook Anywhere feature for Microsoft Exchange Server 2007 lets Outlook 2007 and Outlook 2003 clients connect to their Microsoft Exchange servers over the Internet by using the RPC over HTTP Windows networking component.

Wraps remote procedure calls (RPC) with an HTTP layer, which allows the traffic to traverse network firewalls without requiring RPC ports to be opened

Availability Service

Improves free/busy data access for information workers by providing secure, consistent, and up-to-date free/busy data to computers that are running Outlook 2007

Autodiscover Service

Configures and maintains server settings for client with MOO 2007 Configures supported Mobile devices Includes features like Web-based Offline Address Book Availability Service Unified Messaging No Autodiscover service - Earlier versions of Outlook Exchange Autodiscover Service

Configures and maintains server settings for client with MOO 2007

Configures supported Mobile devices

Includes features like

Web-based Offline Address Book

Availability Service

Unified Messaging

No Autodiscover service - Earlier versions of Outlook

Easier to configure Outlook 2007 as compared to manual work required in previous versions Uses User’s Email Address or Domain Account Information: User’s display name Connection settings for internal and external connectivity Location of user’s Mailbox server The URLs for features Free/busy information, Unified Messaging, and Offline address book Outlook Anywhere server settings Outlook 2007 & Autodiscover

Easier to configure Outlook 2007 as compared to manual work required in previous versions

Uses User’s Email Address or Domain Account

Information:

User’s display name

Connection settings for internal and external connectivity

Location of user’s Mailbox server

The URLs for features

Free/busy information,

Unified Messaging, and

Offline address book

Outlook Anywhere server settings

Virtual directory “Autodiscover” is created under Default Web site in IIS on installation of CAS role This Virtual Directory handles requests from Outlook 2007 when: A new Outlook profile is configured or updated A client periodically checks MSX Web Services URLs Underlying network connection changes Service Connection Point (SCP) Active Directory object is created for each server where the CAS role is installed. SCP object is used by clients to locate the Autodiscover service. SCP record contains the serviceBindingInformation attribute that’s has FQDN of CAS Ex: https://cas01.contoso.com/autodiscover/autodiscover.xml, where cas01.contoso.com is FQDN of CAS Autodiscover Operation

Virtual directory “Autodiscover” is created under Default Web site in IIS on installation of CAS role

This Virtual Directory handles requests from Outlook 2007 when:

A new Outlook profile is configured or updated

A client periodically checks MSX Web Services URLs

Underlying network connection changes

Service Connection Point (SCP) Active Directory object is created for each server where the CAS role is installed.

SCP object is used by clients to locate the Autodiscover service.

SCP record contains the serviceBindingInformation attribute that’s has FQDN of CAS

Ex: https://cas01.contoso.com/autodiscover/autodiscover.xml, where cas01.contoso.com is FQDN of CAS

The SCP object contains the authoritative list of Autodiscover service URLs for the forest Most important attributes of an SCP are Keywords : String value that identify a service serviceDNSName : A or SRV record of serviceDNSNameType : CAS server role serviceBindingInformation : In-site and out-of-site lists of CAS Client applications search the directory for keywords values to locate your SCP. When SCP is found, clients can read other attributes to retrieve service data. SCP object is updated by using Set-ClientAccessServer cmdlet SCP – Quick Overview

The SCP object contains the authoritative list of Autodiscover service URLs for the forest

Most important attributes of an SCP are

Keywords : String value that identify a service

serviceDNSName : A or SRV record of

serviceDNSNameType : CAS server role

serviceBindingInformation : In-site and out-of-site lists of CAS

Client applications search the directory for keywords values to locate your SCP. When SCP is found, clients can read other attributes to retrieve service data.

SCP object is updated by using Set-ClientAccessServer cmdlet

Require Exchange Administrator role to execute Is used to set properties on specified CAS To be for all Microsoft Exchange Server 2007 computers that have the Client Access server role Set-ClientAccessServer Cmdlet Set-ClientAccessServer -Identity "CAS-01" -AutodiscoverServiceInternalURI "https://cas.mail.contoso.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope "Mail" Parameter Required Description Identity Required This parameter specifies an individual Client Access server. AutoDiscoverServiceInternalUri Optional This parameter specifies the internal URL of the Autodiscover service. AutoDiscoverSiteScope Optional This parameter specifies the site for which the Autodiscover service is authoritative. Clients that connect to the Autodiscover service by using the internal URL must belong to a site listed here. Confirm Optional This parameter causes the command to pause processing and requires that you acknowledge what the command will do before processing continues. The default value is $true. DomainController Optional This parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to the Active Directory directory service. Instance Optional This parameter specifies an instance of a Client Access server.

Require Exchange Administrator role to execute

Is used to set properties on specified CAS

To be for all Microsoft Exchange Server 2007 computers that have the Client Access server role

Domain-connected client connects and authenticates to Active Directory Outlook 2007 sends a LDAP query to AD looking for all SCP objects. Outlook sorts and enumerates the returned results based on the client's Active Directory site by using the keyword attribute of the SCP record. 2 Lists with SCP Records of in-site & out-of-site are returned An array of Autodiscover URLs is generated by referencing the serviceBindingInformation attribute from in-site and out-of-site lists in sequence Autodiscover – Domain Connected

Domain-connected client connects and authenticates to Active Directory

Outlook 2007 sends a LDAP query to AD looking for all SCP objects.

Outlook sorts and enumerates the returned results based on the client's Active Directory site by using the keyword attribute of the SCP record.

2 Lists with SCP Records of in-site & out-of-site are returned

An array of Autodiscover URLs is generated by referencing the serviceBindingInformation attribute from in-site and out-of-site lists in sequence

Outlook tries to connect to each Autodiscover URL sequentially . If no URLs in in-site are unavailable, out-of-site URL are connected and sends an HTTP POST command to the Autodiscover service The Autodiscover service queries AD to obtain the connection settings and URLs for the Exchange services. The Autodiscover service returns an HTTP response with an XML file that includes the connection settings and URLs for the available Exchange services. Outlook uses the appropriate configuration information and connection settings to connect to Exchange messaging environment. How Autodiscover Works…. contd

Outlook tries to connect to each Autodiscover URL sequentially . If no URLs in in-site are unavailable, out-of-site URL are connected and sends an HTTP POST command to the Autodiscover service

The Autodiscover service queries AD to obtain the connection settings and URLs for the Exchange services.

The Autodiscover service returns an HTTP response with an XML file that includes the connection settings and URLs for the available Exchange services.

Outlook uses the appropriate configuration information and connection settings to connect to Exchange messaging environment.

How Autodiscover Works….

Non domain-connected client first tries to locate the Autodiscover service by looking up the SCP object in Active Directory As client is unable to contact AD, it then locates the Autodiscover service by using Domain Name System (DNS) Client will use domain part from user’s e-mail address and check DNS by using two predefined URLs. Example: If SMTP domain is contoso.com, Outlook tries following URLs to connect to the Autodiscover service: https://contoso.com/autodiscover/autodiscover.xml https://autodiscover.contoso.com/autodiscover/autodiscover.xml Non Domain Connected Client

Non domain-connected client first tries to locate the Autodiscover service by looking up the SCP object in Active Directory

As client is unable to contact AD, it then locates the Autodiscover service by using Domain Name System (DNS)

Client will use domain part from user’s e-mail address and check DNS by using two predefined URLs.

Example:

If SMTP domain is contoso.com,

Outlook tries following URLs to connect to the Autodiscover service:

https://contoso.com/autodiscover/autodiscover.xml

https://autodiscover.contoso.com/autodiscover/autodiscover.xml

Non Domain Connected Client

The XML file provides following information: User’s display name Connection settings for internal and external connectivity Location of user’s Mailbox server The URLs for features Free/busy information, Unified Messaging, and Offline address book Outlook Anywhere server settings XML Contents…

The XML file provides following information:

User’s display name

Connection settings for internal and external connectivity

Location of user’s Mailbox server

The URLs for features

Free/busy information,

Unified Messaging, and

Offline address book

Outlook Anywhere server settings

For Distributed AD sites separated by low-bandwidth network connectivity. Preferred AD sites for clients to connect Autodiscover service. Process of specifying preferred AD sites - Configuring site scope . Configure site affinity - Set-ClientAccessServer cmdlet. Clients connect to the Autodiscover service instances as specified in Site Scopes. Site Affinity @ Autodiscover

For Distributed AD sites separated by low-bandwidth network connectivity.

Preferred AD sites for clients to connect Autodiscover service.

Process of specifying preferred AD sites - Configuring site scope .

Configure site affinity - Set-ClientAccessServer cmdlet.

Clients connect to the Autodiscover service instances as specified in Site Scopes.

Topology IN-CHN A EDS site located in Chennai (CHN-CAS) IN-DEL A EDS site located in Delhi (DEL-CAS) IN-BNG A EDS site located in Bangalore (BNG-CAS) Configuration Autodiscover service enabled on each site Each site includes user mailboxes. Users Autodiscover options IN-DEL Users - Should use either IN-DEL or IN-CHN sites IN-BNG Users - Should use either IN-BNG or IN-CHN sites IN-BNG Users – No preference required Site Affinity @ Example IN-CHN IN-DEL IN-BNG

Topology

IN-CHN A EDS site located in Chennai (CHN-CAS)

IN-DEL A EDS site located in Delhi (DEL-CAS)

IN-BNG A EDS site located in Bangalore (BNG-CAS)

Configuration

Autodiscover service enabled on each site

Each site includes user mailboxes.

Users Autodiscover options

IN-DEL Users - Should use either IN-DEL or IN-CHN sites

IN-BNG Users - Should use either IN-BNG or IN-CHN sites

IN-BNG Users – No preference required

Scope Configuration – IN-DEL Set-ClientAccessServer -Identity “DEL-CAS" -AutodiscoverServiceInternalURI "https://internal.eds.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope “IN-DEL”,”IN-CHN ” Scope Configuration – IN-BNG Set-ClientAccessServer -Identity “BNG-CAS" -AutodiscoverServiceInternalURI "https://internal.eds.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope “IN-BNG”,”IN-CHN” Scope Configuration – IN-DEL Set-ClientAccessServer -Identity “CHN-CAS" -AutodiscoverServiceInternalURI "https://internal.eds.com/autodiscover/autodiscover.xml" Site Affinity @ Example IN-CHN IN-DEL IN-BNG

Scope Configuration – IN-DEL

Set-ClientAccessServer -Identity “DEL-CAS" -AutodiscoverServiceInternalURI "https://internal.eds.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope “IN-DEL”,”IN-CHN ”

Scope Configuration – IN-BNG

Set-ClientAccessServer -Identity “BNG-CAS" -AutodiscoverServiceInternalURI "https://internal.eds.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope “IN-BNG”,”IN-CHN”

Scope Configuration – IN-DEL

Set-ClientAccessServer -Identity “CHN-CAS" -AutodiscoverServiceInternalURI "https://internal.eds.com/autodiscover/autodiscover.xml"

The connection settings that the Outlook client uses are translated into MAPI properties . MAPI properties are stored in the user's profile located in the registry on their local computer. The URLs for the available Exchange services are cached in the memory of the local computer. There are two layers of Outlook 2007 that use the Autodiscover service: The Outlook layer - begins operating when Outlook 2007 is opened to retrieve the user profile settings The MAPI layer - begins operating when there are errors connecting to the Exchange server by using the MAPI protocol Autodiscover @ Outlook 2007

The connection settings that the Outlook client uses are translated into MAPI properties .

MAPI properties are stored in the user's profile located in the registry on their local computer.

The URLs for the available Exchange services are cached in the memory of the local computer.

There are two layers of Outlook 2007 that use the Autodiscover service:

The Outlook layer - begins operating when Outlook 2007 is opened to retrieve the user profile settings

The MAPI layer - begins operating when there are errors connecting to the Exchange server by using the MAPI protocol

Outlook 2007 automatically connects to the Autodiscover service under the following conditions: Every time that the application starts At intervals on a background thread Any time that the client's connection to an Exchange server fail User profile settings (by outlook layer) are refreshed every time that the Time to Live period is specified. Setting for TTL is 60 minutes or if an error occurs when Outlook tries to contact to server. If Outlook does not connect to Autodiscover service, Outlook layer reconnects every 5 minutes because the URLs for the available Exchange services are cached in memory on the local computer. Autodiscover @ Outlook 2007

Outlook 2007 automatically connects to the Autodiscover service under the following conditions:

Every time that the application starts

At intervals on a background thread

Any time that the client's connection to an Exchange server fail

User profile settings (by outlook layer) are refreshed every time that the Time to Live period is specified. Setting for TTL is 60 minutes or if an error occurs when Outlook tries to contact to server.

If Outlook does not connect to Autodiscover service, Outlook layer reconnects every 5 minutes because the URLs for the available Exchange services are cached in memory on the local computer.

MAPI layer connects to the Autodiscover when the user is using a low-bandwidth network connection or when the user tries to open their mailbox after a mailbox move. The first failure detected by the MAPI layer results in an initial Autodiscover service request.. This initial Autodiscover service request is known as the free Autodiscover service request . If no other failures occur after the first failure, the MAPI layer will perform an Autodiscover service request every 6 hours to update the user's profile settings. MAPI layer also connects to the Autodiscover service if the user creates a new Outlook profile. Autodiscover @ Outlook 2007

MAPI layer connects to the Autodiscover when the user is using a low-bandwidth network connection or when the user tries to open their mailbox after a mailbox move.

The first failure detected by the MAPI layer results in an initial Autodiscover service request..

This initial Autodiscover service request is known as the free Autodiscover service request . If no other failures occur after the first failure, the MAPI layer will perform an Autodiscover service request every 6 hours to update the user's profile settings.

MAPI layer also connects to the Autodiscover service if the user creates a new Outlook profile.

How Autodiscover Works….

MAPI layer connects to the Autodiscover when the user is using a low-bandwidth network connection or when the user tries to open their mailbox after a mailbox move. The first failure detected by the MAPI layer results in an initial Autodiscover service request.. This initial Autodiscover service request is known as the free Autodiscover service request . If no other failures occur after the first failure, the MAPI layer will perform an Autodiscover service request every 6 hours to update the user's profile settings. MAPI layer also connects to the Autodiscover service if the user creates a new Outlook profile. Autodiscover @ Outlook 2007

MAPI layer connects to the Autodiscover when the user is using a low-bandwidth network connection or when the user tries to open their mailbox after a mailbox move.

The first failure detected by the MAPI layer results in an initial Autodiscover service request..

This initial Autodiscover service request is known as the free Autodiscover service request . If no other failures occur after the first failure, the MAPI layer will perform an Autodiscover service request every 6 hours to update the user's profile settings.

MAPI layer also connects to the Autodiscover service if the user creates a new Outlook profile.

Thank You Nitin Gupta [email_address]