Professional Documents
Culture Documents
In the following article, we will review seven major common Autodiscover flow in a
different environment.
The review, is a high-level review and not a detailed review that deals with each of
the specific steps and process that are involved.
The purpose in the continuation of the current series of articles, article 29 until 34,
we will get into the very specific details of Autodiscover flow by using different tools
such as ExRCA, Outlook connectivity test and more.
Before we dive into the details, its important that we will be able to get a view
from above of the different Autodiscover flows and their main characters.
Complete all, if the required steps that involved in the Autodiscover process
such as mutual authentication and more.
Get from the Autodiscover Endpoint the required Autodiscover information.
Autodiscover as all about the path that the Autodiscover client (Point A) need to
pass for getting to point B (Autodiscover Endpoint).
When we deal with a troubleshooting process that relates to Autodiscover, the first
thing that we need to do is get a clear understanding about the Autodiscover
path.
Additionally, we will need to know what is the role of each component that is
involved in the Autodiscover path and verify that each of the involved components
configured correctly with the require settings.
Only after we know what is the Autodiscover path that the Autodiscover client was
supposed to pass through and what are the components or the nodes that are
involved in this process, we will be able to pinpoint the specific cause of the
problem or start the elimination process of the different components that are
involved in the Autodiscover flow.
Additional major difference is the need for public availability of the Exchange
server who supposed to serve external Exchange clients.
The Exchange server will need to be configured with public name, public IP and
public certificate.
The organization Firewall or Proxy server will need to be configured with the
required setting that will enable external clients to access to the Exchange server
who serve as an Autodiscover Endpoint for external clients.
The Autodiscover client will try to look for information about the Autodiscover
Endpoint by addressing public DNS server and ask him about a specific
Autodiscover host name.
The basic assumption is that the required DNS record that will point the client to
the cloud Autodiscover Endpoint has already been configured.
After the Autodiscover client gets the required IP (the IP that is mapped to the cloud
Autodiscover Endpoint), that Autodiscover client will try to connect the cloud
Autodiscover Endpoint.
Note the provided diagram simplifies the real process just to enable us to get a
general understanding about the Autodiscover flow logic.
In reality, the process is a little more complicated because in the Office 365
environment, the Autodiscover client will be redirected to additional Autodiscover
Endpoint until he reaches his required destination.
Although the final node is located outside of the organizations network and the
logical assumption is that the Autodiscover client will directly access the cloud
Autodiscover Endpoint the reality is different.
When a users desktop is configured as domain joined and the users (and his
desktop) are located on the internal\private network, Autodiscover client such as
Outlook or programed to start the search for the required Autodiscover Endpoint
by connecting the local On-Premise Active Directory using an LDAP query.
Active Directory answer the Autodiscover client query and send him the required
Autodiscover URL address.
The Autodiscover client addresses the Exchange CAS server by using the URL
address that he got.
Because the Exchange on-Premises server are not responsible for the domain
that is registered in the cloud (Exchange Online infrastructure), the Exchange onPremises server reply with a negative response.
The Autodiscover client understand that now he needs to use additional
Autodiscover method.
In this case, the client will start to use the second Autodiscover method, which is
based on a DNS query looking for the Autodiscover Endpoint IP address (the client
know what the name of the Autodiscover Endpoint is).
Because the Autodiscover client is located on the internal\private network, the
client will try to connect to the local DNS server.
The basic assumption is that the local DNS the server has access to the public
network, and that he can fetch for the client the required IP address of the cloud
Autodiscover Endpoint
When the internal client gets the required IP address, he will try to connect the
cloud Autodiscover Endpoint
In case that the user mailbox is located on the Exchange On-Premise, the
Autodiscover process (and all the rest of the Autodiscover process) is implemented
exactly as any standard Exchange On-Premise client\server scenario.
In case that the client mailbox is located in the cloud (Exchange Online), the
Autodiscover process is very different.
The Autodiscover client will start the process by addressing the local Exchange OnPremise server, but the Autodiscover client will be redirected or pointed to his Email address in the cloud (Exchange Online) and from that point, the Autodiscover
process is implemented like a standard cloud Autodiscover process, in which the
Autodiscover client tries to locate and connect his cloud Autodiscover Endpoint.
To demonstrate the Autodiscover path that is implemented in a Hybrid
environment, lets use the following scenario.
The local On-Premise Active Directory domain name is o365info.local
The Public organization domain name is o365info.com
The Office 365 Hybrid domain name is mail.o365info.com
User\recipient E-mail address Bob@o365info.com
Bobs mailbox is located in the cloud (Exchange Online). The technical term is
remote mailbox.
Bobs mailbox was moved to the cloud mail infrastructure (Exchange Online) and
the Exchange On-Premise server, relate to Bobs mailbox as remote mailbox.
The object of Remote mailbox serves as a pointer to the Bob cloud mailbox.
The task- Bob would like to configure a new Outlook mail profile that will enable
him to connect to his cloud mailbox.
Step 1 Outlook connects the local Active Directory and asks for a list of potential
Autodiscover Endpoint (Exchange CAS server\s).
Step 2 Active Directory reply with a list of available Exchange server\s
(Autodiscover Endpoint).
In our example, the Active Directory provides to the client the following URL
Address:
Https://ex01.o365info.local/Autodiscover/Autodiscover.xml
Note technically there is an additional step in which the Outlook connects the
local DNS server looking for the IP address of the host ex01.o365info.local
In our example, we assume that this step complete successfully and that Outlook
know how to reach the internal Autodiscover Endpoint (ex01.o365info.local).
Step 5 Outlook clients access the local DNS server and ask for the IP address of
the remote Autodiscover Endpoint. Outlook will first try to get the IP address of
the Root domain name (in our example o365info.mail.onmicrosoft.com) and if the
DNS doesnt include the required IP, Outlook will try to look for the following name
convention Autodiscover.<SMTP domain name>
(in our example Autodiscover.o365info.mail.onmicrosoft.com).
Step 6 The Local DNS access his resources and find for his Autodiscover client
the required IP address.
(The Public IP address that is mapped to the Autodiscover Endpoint that resents
the Exchange Online services).
Step 7 Outlook will try to check if the remote Autodiscover Endpoint listens or
open using port 443 and if the answer is Yes, Outlook will send a requires for the
required Autodiscover.xml file.
Note and as usual, this workflow description is just a very general description.
In reality, the first cloud Autodiscover Endpoint is just a logic black box that will
reply to the Outlook request with an HTTP redirection.
Outlook client will try to request the Autodiscover.xml from the additional
Autodiscover Endpoint, will be redirected again until he reaches the final
Autodiscover Endpoint.