Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Amazing Autodiscover(ies)<br />Exchange 2007/2010 Autodiscover<br />Michel de Rooij<br />Inter Access<br />
Agenda<br /><ul><li>Introductie
Scenarios
Certificaten
Exchange 2010</li></li></ul><li>Exchange Client Configuratie<br />
Wat is Autodiscover<br />Automatische client configuratie<br />Goedvooreindgebruikers<br />Goedvoor de IT afdeling<br />On...
Hoe werkt het<br />Informatiebron (CAS) via AD of DNS(.. alshet moetlokale XML file, kb956955)<br />Levert op:<br />Displa...
Wanneer<br />Tijdens account configuratie<br />Tijdensopstarten client<br />Periodiek<br />Connectivity Issues<br />
Intern vs. Extern<br />Interne client (domain joined)<br />Discovery via Service Connection Point (SCP) in AD<br />CN=Auto...
Service Connection Point<br />Publicatie in Active Directory door CAS servers:<br />CN=Autodiscover,CN=Protocols,CN=<CAS S...
Intern<br />2. Query SCP objects<br />3. Autodiscover URL(s)<br />1. Register SCP (AutodiscoverInternalURI)<br />4. Connec...
Externetoegang<br />DNS<br />autodiscover.<maildomain> CNAME <hostname><br /><ul><li>SRV record </li></ul>Vereist Outlook2...
DNS, Single Domain<br />1. Contact AD<br />2. Resolve contoso.com<br />3. Resolve autodiscover.contoso.com <br />4. Post a...
DNS, Redirect, Multi Domain<br />1. Contact AD<br />2. Resolve fabrikam.com<br />3. Resolve autodiscover.fabrikam.com <br ...
Redirect, How-To<br />IIS<br />Nieuwe Virtual Website (+ 2e IP adres)<br />Redirect /autodiscover/autodiscover.xml naar ht...
Multidomain: Redirect of SRV<br />DNS / HTTP Redirect<br />SRV Record<br />Pro:<br />Werkt in alle scenarios<br />Werktvoo...
Certificaten<br />Autodiscover & Certificaten<br />Soortcertificaat<br />Welkeinformatienodig<br />Waarteverkrijgen<br />
Autodiscover & Certificates<br />Wanneer is eencertificaatgeldig(Outlook 2007)<br />Certificaat chain t/m trusted root<br ...
Aandachtspunten<br />Requirements:<br />Subject Alternative Name (SAN) certificate(Unified Communications Certificate (UCC...
Names to Register<br />Interne namen<br />Server hostname(s)<br />Server interne FQDN(s)<br />..of Array FQDN<br />Externe...
Certificate Authorities<br />“De Autodiscover Microsoft lijst”<br />Entrust ($449, 10 names, 1yr, single srv)<br />Comodo(...
sslshopper.com<br />d.d. jan2010<br />
Certificaat Export/Import<br />Voorb.v. publikatie Exchange in ISA<br />ISA 2006 SP1 support SAN certs<br />Vergeet export...
Autodiscover in Exchange 2010<br />AutodiscoverPOX of SOAP1<br />Meer Web Services<br />ECP (voor UM), Archive, MailTips<b...
Ex2010 Certificate Req. Wizard<br />
Upcoming SlideShare
Loading in …5
×

Amazing Autodiscover(ies), Exchange 2007/2010 Autodiscover

1,713 views

Published on

Presented on 9 Feb 2009
by Michel de Rooij
http://www.eightwone.com

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Amazing Autodiscover(ies), Exchange 2007/2010 Autodiscover

  1. 1.
  2. 2. Amazing Autodiscover(ies)<br />Exchange 2007/2010 Autodiscover<br />Michel de Rooij<br />Inter Access<br />
  3. 3. Agenda<br /><ul><li>Introductie
  4. 4. Scenarios
  5. 5. Certificaten
  6. 6. Exchange 2010</li></li></ul><li>Exchange Client Configuratie<br />
  7. 7. Wat is Autodiscover<br />Automatische client configuratie<br />Goedvooreindgebruikers<br />Goedvoor de IT afdeling<br />Onafhankelijk van lokatie<br />Ontsluiting Exchange functionaliteiten<br />Exchange Web Services<br />
  8. 8. Hoe werkt het<br />Informatiebron (CAS) via AD of DNS(.. alshet moetlokale XML file, kb956955)<br />Levert op:<br />Displayname<br />Mailbox Server<br />External + Internal Connection Settings<br />External + Internal URLs<br />Free/Busy, OAB, OOF & UM<br />Outlook Anywhere<br />
  9. 9. Wanneer<br />Tijdens account configuratie<br />Tijdensopstarten client<br />Periodiek<br />Connectivity Issues<br />
  10. 10. Intern vs. Extern<br />Interne client (domain joined)<br />Discovery via Service Connection Point (SCP) in AD<br />CN=Autodiscover,CN=Protocols,CN=<CAS Server>,CN=Servers,CN=<AG>,CN=Administrative Groups,CN=<ORG>,CN=Microsoft Exchange,CN=Services<br />Autoconfiguratie via POX1<br />Externe client<br />Discovery via DNS<br />Autoconfiguratievia POX1<br />Meerdere scenarios<br />Single/Multi SMTP domain<br />1) POX= Plain Old XML<br />
  11. 11. Service Connection Point<br />Publicatie in Active Directory door CAS servers:<br />CN=Autodiscover,CN=Protocols,CN=<CAS Server>,CN=Servers,CN=<AG>,CN=Administrative Groups,CN=<ORG>,CN=Microsoft Exchange,CN=Services<br />Attributes:<br />serviceBindingInformation = CAS FQDN<br />keywords = Site (Site Affinity)<br />Reconfig via Set-ClientAccessServer, parameters:<br />AutodiscoverServiceInternalURI = URL<br />Site = Authoritative Site(s)<br />
  12. 12. Intern<br />2. Query SCP objects<br />3. Autodiscover URL(s)<br />1. Register SCP (AutodiscoverInternalURI)<br />4. Connect<br />Outlook<br />5. Available Services URLs<br />
  13. 13. Externetoegang<br />DNS<br />autodiscover.<maildomain> CNAME <hostname><br /><ul><li>SRV record </li></ul>Vereist Outlook2007 SP1+ of Outlook2007+kb940881<br />Service: _autodiscoverProtocol: _tcpPort Number: 443Host: <hostname><br />Let op:<br />DNS wildcard records (*.contoso.com, contoso.com)<br />
  14. 14. DNS, Single Domain<br />1. Contact AD<br />2. Resolve contoso.com<br />3. Resolve autodiscover.contoso.com <br />4. Post autodiscover.contoso.com/autodiscover/autodiscover.xml<br />Outlook<br />michel.de.rooij@contoso.com<br />5. Available Services URLs<br />
  15. 15. DNS, Redirect, Multi Domain<br />1. Contact AD<br />2. Resolve fabrikam.com<br />3. Resolve autodiscover.fabrikam.com <br />4. https://autodiscover.fabrikam.com/autodiscover/autodiscover.xml<br />5. Post http://autodiscover.fabrikam.com/autodiscover/autodiscover.xml<br />Outlook<br />michel.de.rooij@fabrikam.com<br />6. Redirect (302) to autodiscover.contoso.com <br />7. Contact autodiscover.contoso.com<br />8. Available Services URLs<br />
  16. 16. Redirect, How-To<br />IIS<br />Nieuwe Virtual Website (+ 2e IP adres)<br />Redirect /autodiscover/autodiscover.xml naar https://autodiscover.<domain>/autodiscover/autodiscover.xml<br />ISA Web Publishing rule<br />Bind 2nd public IP to ISA<br />New website, deny non-SSL rule op autodiscover.<altdomain>/autodiscover/autodiscover.xml en redirect naarhttps://autodiscover.<maildomain>/autodiscover<br />Plus: ISA array => danook redirect load balanced<br />
  17. 17. Multidomain: Redirect of SRV<br />DNS / HTTP Redirect<br />SRV Record<br />Pro:<br />Werkt in alle scenarios<br />Werktvooralle Outlook 2007 versies<br />Con:<br />Implementatie<br />Onderhoud<br />2 x public IP adres (multidomain)<br />Popup<br />Pro:<br />Implementatie<br />1 public IP adres<br />Con:<br />DNS provider SRV support<br />Client env. SRV support (proxy)<br />Werktniet in alle scenarios<br />Outlook2007SP1/RTM+ kb940881<br />Popup<br />Noot: Redirect Popup onderdrukbaar (kb956528)<br />
  18. 18. Certificaten<br />Autodiscover & Certificaten<br />Soortcertificaat<br />Welkeinformatienodig<br />Waarteverkrijgen<br />
  19. 19. Autodiscover & Certificates<br />Wanneer is eencertificaatgeldig(Outlook 2007)<br />Certificaat chain t/m trusted root<br />Naam op certificaat matched URL<br />Certificaatgeldig en niet expired<br />Noot: Outlook op domain joined clients slaan regel 1 over (ivm self-signed certificates)<br />
  20. 20. Aandachtspunten<br />Requirements:<br />Subject Alternative Name (SAN) certificate(Unified Communications Certificate (UCC))<br />Multiple external & internal names<br />Single Root (Unchained) vs Intermediate (Chained)<br /><ul><li>Gebruikjuisteinformatiebijb.v. Organization</li></ul>Mogelijke check tegen WHOIS info<br />Licentie<br />single/multi-server<br />Wildcard certificate<br />1 domein<br />Compatibility issues (bv WM5)<br />Check met security policy<br />
  21. 21. Names to Register<br />Interne namen<br />Server hostname(s)<br />Server interne FQDN(s)<br />..of Array FQDN<br />Externenamen<br />Domeinnamenvoor OWA/POP/IMAP<br />Autodiscoverdomeinnamen<br />Voorbeeld<br />mbx1, mbx1.contoso.local,mail.contoso.com, autodiscover.contoso.com<br />Let op:<br />ISA 2006 RTM -> 1e SAN = CN<br />Private Key exporteerbaarivm Export/Import ISA<br />
  22. 22. Certificate Authorities<br />“De Autodiscover Microsoft lijst”<br />Entrust ($449, 10 names, 1yr, single srv)<br />Comodo($285, 3 names, 1yr, single srv)<br />DigiCert($328, 4 names, 1yr, unlimited srv)<br />http://support.microsoft.com/kb/929395<br />Overigeaanbieders<br />b.v. via sslshopper.com<br />Let op: Federated Sharing gewenst?<br />Comodo, Digicert, Entrust, Go Daddyhttp://technet.microsoft.com/en-us/library/ee332350.aspx<br />
  23. 23. sslshopper.com<br />d.d. jan2010<br />
  24. 24. Certificaat Export/Import<br />Voorb.v. publikatie Exchange in ISA<br />ISA 2006 SP1 support SAN certs<br />Vergeet export private key niet<br />Fileformat<br />Chain(PKCS#7/P7B, .p7b)<br />Chain+private key (PKCS#12/PFX, .pfx, p12)<br />
  25. 25. Autodiscover in Exchange 2010<br />AutodiscoverPOX of SOAP1<br />Meer Web Services<br />ECP (voor UM), Archive, MailTips<br />Let op wijzigingen in cmdlet syntax<br />o.a. New-ExchangeCertificate<br />ECM functies<br />o.a. Certificate Request Wizard<br />1) SOAP= Simple Object Access Protocol = XML Web Services<br />
  26. 26. Ex2010 Certificate Req. Wizard<br />
  27. 27. TestenAutodiscover<br />Outlook<br />Test-OutlookWebServices<br />
  28. 28. TestenAutodiscover (2)<br />https://www.testexchangeconnectivity.com/<br />
  29. 29. Autodiscover Support<br />Microsoft<br />Outlook 2007 (SP1)+<br />Windows Mobile 6.1+<br />Entourage 2008 SP1+<br />Apple<br />iPhone, Snow Leopard<br />Nokia<br />N-series, E-series<br />Diverse Sony Ericsson & Palm modellen<br />Bijtwijfel: Raadpleegproduktinformatie & test<br />Let op:Support voorsynchronisatie met Exchange 2007/2010 betekentnietdat client/device Autodiscoverondersteunt<br />
  30. 30. Links<br />Exchange 2007 Autodiscover Whitepaper<br />http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx<br />Autodiscover en Exchange 2007 (LANvision 8/2006)<br />http://www.ngn.nl/ngndirs/up/ZstwnvyHcD_LanVision32.pdf<br />Understanding the Autodiscover Service (Exchange 2010)<br />http://technet.microsoft.com/en-us/library/bb124251.aspx<br />
  31. 31. Bedanktvoor<br />uwaandacht!<br />Contact<br />E-mailmichel.de.rooij@interaccess.nl<br />Blog: http://eightwone.wordpress.com<br />Twitter: @mderooij<br />

×