P. 1
Auto Discover Service

Auto Discover Service

|Views: 169|Likes:

More info:

Published by: Arunkumar Seenivasagan on Nov 20, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less






  • Scenario 1: Using a Certificate That Supports Multiple DNS Names
  • Scenario 2: Using One Single-Name Certificate and the Autodiscover SRV
  • Scenario 1: How to Use a Certificate That Supports Multiple DNS Names
  • Scenario 4: How to Use a Single SSL Certificate and the Autodiscover
  • How to Configure the Autodiscover Service When You Use Multiple Forests

We recommend that you provide all the necessary DNS names in the same certificate by using a Unified
Communications certificate that supports the Subject Alternative Name field. Using a Unified
Communications certificate reduces the complexity of configuring and managing the Autodiscover
service and Exchange services URLs. However, using a Unified Communications certificate may increase
the cost, as this kind of certificate can be more expensive than the single name certificates which you
already may own.


There are special considerations when you use Unified Communications certificates with Internet
Security and Acceleration (ISA) Server 2004 and ISA Server 2006. For more information, see the
following articles:

ISA Server team blog article: Certificates with Multiple SAN Entries May Break ISA Server
Web Publishing [ http://go.microsoft.com/fwlink/?LinkID=100584 ]

Obtaining a Unified Communications Certificate

A list of third-party certification authorities (CAs) that currently support Subject Alternative Names is
documented in Microsoft Knowledge Base article 929395, Unified Communications Certificate Partners
for Exchange 2007 and for Communications Server 2007 [ http://go.microsoft.com/fwlink/?
linkid=3052&kbid=929395 ] .

Or, you could install Windows Certificate Services and create and install your own SSL certificate that
includes multiple DNS names. Although this may be the least expensive approach at first, you will incur
the additional administrative overhead of distributing and maintaining the root certificates to your users
so that clients that are not domain-connected can follow the certificate chain up to the trusted root
certificate store. Additionally, your Outlook Anywhere users must manually install the root certificate on
their remote workstations and Exchange ActiveSync users must manually install the root certificate on
their mobile devices.

Return to top

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->