SlideShare une entreprise Scribd logo

Amazing Autodiscover(ies), Exchange 2007/2010 Autodiscover

Michel de Rooij
Michel de Rooij

Presented on 9 Feb 2009 by Michel de Rooij http://www.eightwone.com

Technologie
1  sur  26
Amazing Autodiscover(ies) Exchange 2007/2010 Autodiscover Michel de Rooij Inter Access
Agenda ,[object Object]
Scenarios
Certificaten
Exchange 2010,[object Object]
Wat is Autodiscover Automatische client configuratie Goedvooreindgebruikers Goedvoor de IT afdeling Onafhankelijk van lokatie Ontsluiting Exchange functionaliteiten Exchange Web Services
Hoe werkt het Informatiebron (CAS) via AD of DNS(.. alshet moetlokale XML file, kb956955) Levert op: Displayname Mailbox Server External + Internal Connection Settings External + Internal URLs Free/Busy, OAB, OOF & UM Outlook Anywhere
Wanneer Tijdens account configuratie Tijdensopstarten client Periodiek Connectivity Issues
Intern vs. Extern Interne client (domain joined) Discovery via Service Connection Point (SCP) in AD CN=Autodiscover,CN=Protocols,CN=<CAS Server>,CN=Servers,CN=<AG>,CN=Administrative Groups,CN=<ORG>,CN=Microsoft Exchange,CN=Services Autoconfiguratie via POX1 Externe client Discovery via DNS Autoconfiguratievia POX1 Meerdere scenarios Single/Multi SMTP domain 1) POX= Plain Old XML
Service Connection Point Publicatie in Active Directory door CAS servers: CN=Autodiscover,CN=Protocols,CN=<CAS Server>,CN=Servers,CN=<AG>,CN=Administrative Groups,CN=<ORG>,CN=Microsoft Exchange,CN=Services Attributes: serviceBindingInformation = CAS FQDN keywords = Site (Site Affinity) Reconfig via Set-ClientAccessServer, parameters: AutodiscoverServiceInternalURI = URL Site = Authoritative Site(s)
Intern 2. Query SCP objects 3. Autodiscover URL(s) 1. Register SCP (AutodiscoverInternalURI) 4. Connect Outlook 5. Available Services URLs
Externetoegang DNS autodiscover.<maildomain> CNAME <hostname> ,[object Object],Vereist Outlook2007 SP1+ of Outlook2007+kb940881 Service: _autodiscoverProtocol: _tcpPort Number: 443Host: <hostname> Let op: DNS wildcard records (*.contoso.com, contoso.com)
DNS, Single Domain 1. Contact AD 2. Resolve contoso.com 3. Resolve autodiscover.contoso.com 4. Post autodiscover.contoso.com/autodiscover/autodiscover.xml Outlook michel.de.rooij@contoso.com 5. Available Services URLs
DNS, Redirect, Multi Domain 1. Contact AD 2. Resolve fabrikam.com 3. Resolve autodiscover.fabrikam.com 4. https://autodiscover.fabrikam.com/autodiscover/autodiscover.xml 5. Post http://autodiscover.fabrikam.com/autodiscover/autodiscover.xml Outlook michel.de.rooij@fabrikam.com 6. Redirect (302) to autodiscover.contoso.com 7. Contact autodiscover.contoso.com 8. Available Services URLs
Redirect, How-To IIS Nieuwe Virtual Website (+ 2e IP adres) Redirect /autodiscover/autodiscover.xml naar https://autodiscover.<domain>/autodiscover/autodiscover.xml ISA Web Publishing rule Bind 2nd public IP to ISA New website, deny non-SSL rule op autodiscover.<altdomain>/autodiscover/autodiscover.xml en redirect naarhttps://autodiscover.<maildomain>/autodiscover Plus: ISA array => danook redirect load balanced
Multidomain: Redirect of SRV DNS / HTTP Redirect SRV Record Pro: Werkt in alle scenarios Werktvooralle Outlook 2007 versies Con: Implementatie Onderhoud 2 x public IP adres (multidomain) Popup Pro: Implementatie 1 public IP adres Con: DNS provider SRV support Client env. SRV support (proxy) Werktniet in alle scenarios Outlook2007SP1/RTM+ kb940881 Popup Noot: Redirect Popup onderdrukbaar (kb956528)
Certificaten Autodiscover & Certificaten Soortcertificaat Welkeinformatienodig Waarteverkrijgen
Autodiscover & Certificates Wanneer is eencertificaatgeldig(Outlook 2007) Certificaat chain t/m trusted root Naam op certificaat matched URL Certificaatgeldig en niet expired Noot: Outlook op domain joined clients slaan regel 1 over (ivm self-signed certificates)
Aandachtspunten Requirements: Subject Alternative Name (SAN) certificate(Unified Communications Certificate (UCC)) Multiple external & internal names Single Root (Unchained) vs Intermediate (Chained) ,[object Object],Mogelijke check tegen WHOIS info Licentie single/multi-server Wildcard certificate 1 domein Compatibility issues (bv WM5) Check met security policy
Names to Register Interne namen Server hostname(s) Server interne FQDN(s) ..of Array FQDN Externenamen Domeinnamenvoor OWA/POP/IMAP Autodiscoverdomeinnamen Voorbeeld mbx1, mbx1.contoso.local,mail.contoso.com, autodiscover.contoso.com Let op: ISA 2006 RTM -> 1e SAN = CN Private Key exporteerbaarivm Export/Import ISA
Certificate Authorities “De Autodiscover Microsoft lijst” Entrust ($449, 10 names, 1yr, single srv) Comodo($285, 3 names, 1yr, single srv) DigiCert($328, 4 names, 1yr, unlimited srv) http://support.microsoft.com/kb/929395 Overigeaanbieders b.v. via sslshopper.com Let op: Federated Sharing gewenst? Comodo, Digicert, Entrust, Go Daddyhttp://technet.microsoft.com/en-us/library/ee332350.aspx
sslshopper.com d.d. jan2010
Certificaat Export/Import Voorb.v. publikatie Exchange in ISA ISA 2006 SP1 support SAN certs Vergeet export private key niet Fileformat Chain(PKCS#7/P7B, .p7b) Chain+private key (PKCS#12/PFX, .pfx, p12)
Autodiscover in Exchange 2010 AutodiscoverPOX of SOAP1 Meer Web Services ECP (voor UM), Archive, MailTips Let op wijzigingen in cmdlet syntax o.a. New-ExchangeCertificate ECM functies o.a. Certificate Request Wizard 1) SOAP= Simple Object Access Protocol = XML Web Services
Ex2010 Certificate Req. Wizard

Recommandé

Issue certificates with PyOpenSSL
Issue certificates with PyOpenSSLIssue certificates with PyOpenSSL
Issue certificates with PyOpenSSLPau Freixes
 
The First Contact with Java EE 7
The First Contact with Java EE 7The First Contact with Java EE 7
The First Contact with Java EE 7Roberto Cortez
 
Single sign on across drupal 8
Single sign on across drupal 8Single sign on across drupal 8
Single sign on across drupal 8Iwantha Lekamge
 
Windows Communication Foundation
Windows Communication FoundationWindows Communication Foundation
Windows Communication FoundationTunku Abdul Rahman College
 
Building RESTful Services with WCF 4.0
Building RESTful Services with WCF 4.0Building RESTful Services with WCF 4.0
Building RESTful Services with WCF 4.0Saltmarch Media
 
O365勉強会 オンプレexchangeの共存とadfs導入の注意点 20121202
O365勉強会 オンプレexchangeの共存とadfs導入の注意点 20121202O365勉強会 オンプレexchangeの共存とadfs導入の注意点 20121202
O365勉強会 オンプレexchangeの共存とadfs導入の注意点 20121202Kazuya Yamashita
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Richard Bullington-McGuire
 
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedScoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedWes Moskal-Fitzpatrick
 

Recommandé

Issue certificates with PyOpenSSL
Issue certificates with PyOpenSSLIssue certificates with PyOpenSSL
Issue certificates with PyOpenSSLPau Freixes
 
The First Contact with Java EE 7
The First Contact with Java EE 7The First Contact with Java EE 7
The First Contact with Java EE 7Roberto Cortez
 
Single sign on across drupal 8
Single sign on across drupal 8Single sign on across drupal 8
Single sign on across drupal 8Iwantha Lekamge
 
Windows Communication Foundation
Windows Communication FoundationWindows Communication Foundation
Windows Communication FoundationTunku Abdul Rahman College
 
Building RESTful Services with WCF 4.0
Building RESTful Services with WCF 4.0Building RESTful Services with WCF 4.0
Building RESTful Services with WCF 4.0Saltmarch Media
 
O365勉強会 オンプレexchangeの共存とadfs導入の注意点 20121202
O365勉強会 オンプレexchangeの共存とadfs導入の注意点 20121202O365勉強会 オンプレexchangeの共存とadfs導入の注意点 20121202
O365勉強会 オンプレexchangeの共存とadfs導入の注意点 20121202Kazuya Yamashita
 
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)
Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)Richard Bullington-McGuire
 
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedScoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedWes Moskal-Fitzpatrick
 
Routing host certificates in eduroam/govroam
Routing host certificates in eduroam/govroamRouting host certificates in eduroam/govroam
Routing host certificates in eduroam/govroamKarri Huhtanen
 
Day6
Day6Day6
Day6madamewoolf
 
07 advanced topics
07 advanced topics07 advanced topics
07 advanced topicsBat Programmer
 
Kotlin server side frameworks
Kotlin server side frameworksKotlin server side frameworks
Kotlin server side frameworksKen Yee
 
DELL BOOMi CLOUD INTEGRATION ONLINE TRAINING
DELL BOOMi CLOUD INTEGRATION ONLINE TRAININGDELL BOOMi CLOUD INTEGRATION ONLINE TRAINING
DELL BOOMi CLOUD INTEGRATION ONLINE TRAININGGlory IT Technologies
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectMichael J Geiser
 
TechNet Webcast: Exchange 2010 Outlook Web Access
TechNet Webcast: Exchange 2010 Outlook Web AccessTechNet Webcast: Exchange 2010 Outlook Web Access
TechNet Webcast: Exchange 2010 Outlook Web AccessMicrosoft TechNet
 
Session 1: The SOAP Story
Session 1: The SOAP StorySession 1: The SOAP Story
Session 1: The SOAP Storyukdpe
 
Exploring the System.Net namespace
Exploring the System.Net namespaceExploring the System.Net namespace
Exploring the System.Net namespaceV Sanchez
 
MGT300 Using Microsoft System Center to Manage beyond the Trusted Domain
MGT300 Using Microsoft System Center to Manage beyond the Trusted DomainMGT300 Using Microsoft System Center to Manage beyond the Trusted Domain
MGT300 Using Microsoft System Center to Manage beyond the Trusted DomainLouis Göhl
 
Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09deathflu
 
TLS and Certificates
TLS and CertificatesTLS and Certificates
TLS and CertificatesKarri Huhtanen
 
ieeehs042204d
ieeehs042204dieeehs042204d
ieeehs042204dJohn Hines
 
IoT Secure Bootsrapping : ideas
IoT Secure Bootsrapping : ideasIoT Secure Bootsrapping : ideas
IoT Secure Bootsrapping : ideasJean-Baptiste Trystram
 
Windows Communication Foundation
Windows Communication FoundationWindows Communication Foundation
Windows Communication FoundationDavid Truxall
 
SQL Azure Overview - ericnel
SQL Azure Overview - ericnelSQL Azure Overview - ericnel
SQL Azure Overview - ericnelukdpe
 
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...Andrejs Vorobjovs
 
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)Jorgen Thelin
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud SecurityMongoDB
 
Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Microsoft TechNet - Belgium and Luxembourg
 
Managing Exchange Online using PowerShell, Tips & Tricks
Managing Exchange Online using PowerShell, Tips & TricksManaging Exchange Online using PowerShell, Tips & Tricks
Managing Exchange Online using PowerShell, Tips & TricksMichel de Rooij
 
Exchange 2016 & Office Online Server
Exchange 2016 & Office Online ServerExchange 2016 & Office Online Server
Exchange 2016 & Office Online ServerMichel de Rooij
 

Contenu connexe

Similaire à Amazing Autodiscover(ies), Exchange 2007/2010 Autodiscover

Routing host certificates in eduroam/govroam
Routing host certificates in eduroam/govroamRouting host certificates in eduroam/govroam
Routing host certificates in eduroam/govroamKarri Huhtanen
 
Kotlin server side frameworks
Kotlin server side frameworksKotlin server side frameworks
Kotlin server side frameworksKen Yee
 
DELL BOOMi CLOUD INTEGRATION ONLINE TRAINING
DELL BOOMi CLOUD INTEGRATION ONLINE TRAININGDELL BOOMi CLOUD INTEGRATION ONLINE TRAINING
DELL BOOMi CLOUD INTEGRATION ONLINE TRAININGGlory IT Technologies
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectMichael J Geiser
 
TechNet Webcast: Exchange 2010 Outlook Web Access
TechNet Webcast: Exchange 2010 Outlook Web AccessTechNet Webcast: Exchange 2010 Outlook Web Access
TechNet Webcast: Exchange 2010 Outlook Web AccessMicrosoft TechNet
 
Session 1: The SOAP Story
Session 1: The SOAP StorySession 1: The SOAP Story
Session 1: The SOAP Storyukdpe
 
Exploring the System.Net namespace
Exploring the System.Net namespaceExploring the System.Net namespace
Exploring the System.Net namespaceV Sanchez
 
MGT300 Using Microsoft System Center to Manage beyond the Trusted Domain
MGT300 Using Microsoft System Center to Manage beyond the Trusted DomainMGT300 Using Microsoft System Center to Manage beyond the Trusted Domain
MGT300 Using Microsoft System Center to Manage beyond the Trusted DomainLouis Göhl
 
Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09deathflu
 
Windows Communication Foundation
Windows Communication FoundationWindows Communication Foundation
Windows Communication FoundationDavid Truxall
 
SQL Azure Overview - ericnel
SQL Azure Overview - ericnelSQL Azure Overview - ericnel
SQL Azure Overview - ericnelukdpe
 
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...Andrejs Vorobjovs
 
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)Jorgen Thelin
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud SecurityMongoDB
 
Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Microsoft TechNet - Belgium and Luxembourg
 

Similaire à Amazing Autodiscover(ies), Exchange 2007/2010 Autodiscover (20)

Routing host certificates in eduroam/govroam
Routing host certificates in eduroam/govroamRouting host certificates in eduroam/govroam
Routing host certificates in eduroam/govroam
 
Day6
Day6Day6
Day6
 
07 advanced topics
07 advanced topics07 advanced topics
07 advanced topics
 
Kotlin server side frameworks
Kotlin server side frameworksKotlin server side frameworks
Kotlin server side frameworks
 
DELL BOOMi CLOUD INTEGRATION ONLINE TRAINING
DELL BOOMi CLOUD INTEGRATION ONLINE TRAININGDELL BOOMi CLOUD INTEGRATION ONLINE TRAINING
DELL BOOMi CLOUD INTEGRATION ONLINE TRAINING
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS Project
 
TechNet Webcast: Exchange 2010 Outlook Web Access
TechNet Webcast: Exchange 2010 Outlook Web AccessTechNet Webcast: Exchange 2010 Outlook Web Access
TechNet Webcast: Exchange 2010 Outlook Web Access
 
Session 1: The SOAP Story
Session 1: The SOAP StorySession 1: The SOAP Story
Session 1: The SOAP Story
 
Exploring the System.Net namespace
Exploring the System.Net namespaceExploring the System.Net namespace
Exploring the System.Net namespace
 
MGT300 Using Microsoft System Center to Manage beyond the Trusted Domain
MGT300 Using Microsoft System Center to Manage beyond the Trusted DomainMGT300 Using Microsoft System Center to Manage beyond the Trusted Domain
MGT300 Using Microsoft System Center to Manage beyond the Trusted Domain
 
Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09
 
TLS and Certificates
TLS and CertificatesTLS and Certificates
TLS and Certificates
 
ieeehs042204d
ieeehs042204dieeehs042204d
ieeehs042204d
 
IoT Secure Bootsrapping : ideas
IoT Secure Bootsrapping : ideasIoT Secure Bootsrapping : ideas
IoT Secure Bootsrapping : ideas
 
Windows Communication Foundation
Windows Communication FoundationWindows Communication Foundation
Windows Communication Foundation
 
SQL Azure Overview - ericnel
SQL Azure Overview - ericnelSQL Azure Overview - ericnel
SQL Azure Overview - ericnel
 
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
 
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud Security
 
Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2
 

Plus de Michel de Rooij

Managing Exchange Online using PowerShell, Tips & Tricks
Managing Exchange Online using PowerShell, Tips & TricksManaging Exchange Online using PowerShell, Tips & Tricks
Managing Exchange Online using PowerShell, Tips & TricksMichel de Rooij
 
Exchange 2016 & Office Online Server
Exchange 2016 & Office Online ServerExchange 2016 & Office Online Server
Exchange 2016 & Office Online ServerMichel de Rooij
 
PowerShell Tips & Tricks for Exchange
PowerShell Tips & Tricks for ExchangePowerShell Tips & Tricks for Exchange
PowerShell Tips & Tricks for ExchangeMichel de Rooij
 
Microsoft Exchange Conference (MEC) 2014 Highlights
Microsoft Exchange Conference (MEC) 2014 HighlightsMicrosoft Exchange Conference (MEC) 2014 Highlights
Microsoft Exchange Conference (MEC) 2014 HighlightsMichel de Rooij
 
20121031 NGN Exchange Tips and Tricks by Michel De Rooij
20121031 NGN Exchange Tips and Tricks by Michel De Rooij20121031 NGN Exchange Tips and Tricks by Michel De Rooij
20121031 NGN Exchange Tips and Tricks by Michel De RooijMichel de Rooij
 
Exchange 2010 PowerShell and the Exchange 2003 Administrator
Exchange 2010 PowerShell and the Exchange 2003 AdministratorExchange 2010 PowerShell and the Exchange 2003 Administrator
Exchange 2010 PowerShell and the Exchange 2003 AdministratorMichel de Rooij
 

Plus de Michel de Rooij (6)

Managing Exchange Online using PowerShell, Tips & Tricks
Managing Exchange Online using PowerShell, Tips & TricksManaging Exchange Online using PowerShell, Tips & Tricks
Managing Exchange Online using PowerShell, Tips & Tricks
 
Exchange 2016 & Office Online Server
Exchange 2016 & Office Online ServerExchange 2016 & Office Online Server
Exchange 2016 & Office Online Server
 
PowerShell Tips & Tricks for Exchange
PowerShell Tips & Tricks for ExchangePowerShell Tips & Tricks for Exchange
PowerShell Tips & Tricks for Exchange
 
Microsoft Exchange Conference (MEC) 2014 Highlights
Microsoft Exchange Conference (MEC) 2014 HighlightsMicrosoft Exchange Conference (MEC) 2014 Highlights
Microsoft Exchange Conference (MEC) 2014 Highlights
 
20121031 NGN Exchange Tips and Tricks by Michel De Rooij
20121031 NGN Exchange Tips and Tricks by Michel De Rooij20121031 NGN Exchange Tips and Tricks by Michel De Rooij
20121031 NGN Exchange Tips and Tricks by Michel De Rooij
 
Exchange 2010 PowerShell and the Exchange 2003 Administrator
Exchange 2010 PowerShell and the Exchange 2003 AdministratorExchange 2010 PowerShell and the Exchange 2003 Administrator
Exchange 2010 PowerShell and the Exchange 2003 Administrator
 

Dernier

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Dernier (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Amazing Autodiscover(ies), Exchange 2007/2010 Autodiscover

  • 1.
  • 2. Amazing Autodiscover(ies) Exchange 2007/2010 Autodiscover Michel de Rooij Inter Access
  • 3.
  • 6.
  • 7. Wat is Autodiscover Automatische client configuratie Goedvooreindgebruikers Goedvoor de IT afdeling Onafhankelijk van lokatie Ontsluiting Exchange functionaliteiten Exchange Web Services
  • 8. Hoe werkt het Informatiebron (CAS) via AD of DNS(.. alshet moetlokale XML file, kb956955) Levert op: Displayname Mailbox Server External + Internal Connection Settings External + Internal URLs Free/Busy, OAB, OOF & UM Outlook Anywhere
  • 9. Wanneer Tijdens account configuratie Tijdensopstarten client Periodiek Connectivity Issues
  • 10. Intern vs. Extern Interne client (domain joined) Discovery via Service Connection Point (SCP) in AD CN=Autodiscover,CN=Protocols,CN=<CAS Server>,CN=Servers,CN=<AG>,CN=Administrative Groups,CN=<ORG>,CN=Microsoft Exchange,CN=Services Autoconfiguratie via POX1 Externe client Discovery via DNS Autoconfiguratievia POX1 Meerdere scenarios Single/Multi SMTP domain 1) POX= Plain Old XML
  • 11. Service Connection Point Publicatie in Active Directory door CAS servers: CN=Autodiscover,CN=Protocols,CN=<CAS Server>,CN=Servers,CN=<AG>,CN=Administrative Groups,CN=<ORG>,CN=Microsoft Exchange,CN=Services Attributes: serviceBindingInformation = CAS FQDN keywords = Site (Site Affinity) Reconfig via Set-ClientAccessServer, parameters: AutodiscoverServiceInternalURI = URL Site = Authoritative Site(s)
  • 12. Intern 2. Query SCP objects 3. Autodiscover URL(s) 1. Register SCP (AutodiscoverInternalURI) 4. Connect Outlook 5. Available Services URLs
  • 13.
  • 14. DNS, Single Domain 1. Contact AD 2. Resolve contoso.com 3. Resolve autodiscover.contoso.com 4. Post autodiscover.contoso.com/autodiscover/autodiscover.xml Outlook michel.de.rooij@contoso.com 5. Available Services URLs
  • 15. DNS, Redirect, Multi Domain 1. Contact AD 2. Resolve fabrikam.com 3. Resolve autodiscover.fabrikam.com 4. https://autodiscover.fabrikam.com/autodiscover/autodiscover.xml 5. Post http://autodiscover.fabrikam.com/autodiscover/autodiscover.xml Outlook michel.de.rooij@fabrikam.com 6. Redirect (302) to autodiscover.contoso.com 7. Contact autodiscover.contoso.com 8. Available Services URLs
  • 16. Redirect, How-To IIS Nieuwe Virtual Website (+ 2e IP adres) Redirect /autodiscover/autodiscover.xml naar https://autodiscover.<domain>/autodiscover/autodiscover.xml ISA Web Publishing rule Bind 2nd public IP to ISA New website, deny non-SSL rule op autodiscover.<altdomain>/autodiscover/autodiscover.xml en redirect naarhttps://autodiscover.<maildomain>/autodiscover Plus: ISA array => danook redirect load balanced
  • 17. Multidomain: Redirect of SRV DNS / HTTP Redirect SRV Record Pro: Werkt in alle scenarios Werktvooralle Outlook 2007 versies Con: Implementatie Onderhoud 2 x public IP adres (multidomain) Popup Pro: Implementatie 1 public IP adres Con: DNS provider SRV support Client env. SRV support (proxy) Werktniet in alle scenarios Outlook2007SP1/RTM+ kb940881 Popup Noot: Redirect Popup onderdrukbaar (kb956528)
  • 18. Certificaten Autodiscover & Certificaten Soortcertificaat Welkeinformatienodig Waarteverkrijgen
  • 19. Autodiscover & Certificates Wanneer is eencertificaatgeldig(Outlook 2007) Certificaat chain t/m trusted root Naam op certificaat matched URL Certificaatgeldig en niet expired Noot: Outlook op domain joined clients slaan regel 1 over (ivm self-signed certificates)
  • 20.
  • 21. Names to Register Interne namen Server hostname(s) Server interne FQDN(s) ..of Array FQDN Externenamen Domeinnamenvoor OWA/POP/IMAP Autodiscoverdomeinnamen Voorbeeld mbx1, mbx1.contoso.local,mail.contoso.com, autodiscover.contoso.com Let op: ISA 2006 RTM -> 1e SAN = CN Private Key exporteerbaarivm Export/Import ISA
  • 22. Certificate Authorities “De Autodiscover Microsoft lijst” Entrust ($449, 10 names, 1yr, single srv) Comodo($285, 3 names, 1yr, single srv) DigiCert($328, 4 names, 1yr, unlimited srv) http://support.microsoft.com/kb/929395 Overigeaanbieders b.v. via sslshopper.com Let op: Federated Sharing gewenst? Comodo, Digicert, Entrust, Go Daddyhttp://technet.microsoft.com/en-us/library/ee332350.aspx
  • 24. Certificaat Export/Import Voorb.v. publikatie Exchange in ISA ISA 2006 SP1 support SAN certs Vergeet export private key niet Fileformat Chain(PKCS#7/P7B, .p7b) Chain+private key (PKCS#12/PFX, .pfx, p12)
  • 25. Autodiscover in Exchange 2010 AutodiscoverPOX of SOAP1 Meer Web Services ECP (voor UM), Archive, MailTips Let op wijzigingen in cmdlet syntax o.a. New-ExchangeCertificate ECM functies o.a. Certificate Request Wizard 1) SOAP= Simple Object Access Protocol = XML Web Services
  • 29. Autodiscover Support Microsoft Outlook 2007 (SP1)+ Windows Mobile 6.1+ Entourage 2008 SP1+ Apple iPhone, Snow Leopard Nokia N-series, E-series Diverse Sony Ericsson & Palm modellen Bijtwijfel: Raadpleegproduktinformatie & test Let op:Support voorsynchronisatie met Exchange 2007/2010 betekentnietdat client/device Autodiscoverondersteunt
  • 30. Links Exchange 2007 Autodiscover Whitepaper http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx Autodiscover en Exchange 2007 (LANvision 8/2006) http://www.ngn.nl/ngndirs/up/ZstwnvyHcD_LanVision32.pdf Understanding the Autodiscover Service (Exchange 2010) http://technet.microsoft.com/en-us/library/bb124251.aspx
  • 31. Bedanktvoor uwaandacht! Contact E-mailmichel.de.rooij@interaccess.nl Blog: http://eightwone.wordpress.com Twitter: @mderooij

Notes de l'éditeur

  1. Lokatie intern, extern
  2. Local XML zieo.a. blogs.technet.com/ilvancri/archive/2010/02/03/some-autodiscover-fun.aspx
  3. Let op: Keywords can contain Site=&lt;Sitename&gt; or GUIDs, e.g. 77378F46-2C66-4aa9-A6A6-3E7A48B19596 or 67661D7F-8FC4-4fa7-BFAC-E1D7794C1F6. Zie [MS-OXDISCO]
  4. SCPs are selected at “random”, unless Site set
  5. Uiteraardook in beidegevallenook DNS regelenMeerdere e-mail domeinen (multi-tenant)Preciezeimplementatie redirect in IIS hangtaf van IIS (6 of 7)
  6. Voor SRV, CN in certificate moetmatchen met SCP (AutodiscoverInternalURI) en InternalURLs (defaults to NetBIOS names of servers) =&gt; Outlook certificate warningProxy = proxy + ISA fw client
  7. External + Internal is afhankelijk split DNSGeen Server Gated Cryptography (SGC) (SGC is to create 128-bit SSL support for pre-2000 browsers (~1% population))Wildcard certs compatibility issues subdomains, cert *.contoso can issue warnings for mail1.emea.contoso.com. Probable with WinMobileWildcard certs for single domain domain onlySingle/multi server licentieivm import op ISA of NLB/array
  8. Don’t forget to include outer Edge/Hub (w/Antispam agents) transports etc. when you want to use the UCC certificate for SMTP TLSYou can use FQDNs instead of NetBIOS (default registered for URIs) but they influence load balancing scheme (reverts to netmask ordering instead, which goes before RoundRobin)Note: Ex2007SP1: New-ExchangeCertificate, leave autodiscover out and use –IncludeAutoDiscover and –IncludeAcceptedDomains switches (but check)ISA 2006 SP1 kanoverweg met SAN cert, vandaar pre-ISA 2006 SP1: 1e SAN = CN
  9. Pkcs#12=.p12, pkcs#7=.p7b/.p7c
  10. Cert. Request Wizard : request &amp; import, geenPowershell / generators nodig (kanwel)External Client Access ipvExternalURLsdefinierenvoorelke Web Service (ActiveSync, OWA, UM, ..) voorelke CAS
  11. Outlook, CTRL-click SysTray Icon
  12. MSDNAutodiscover HTTP Service Protocol Specification http://msdn.microsoft.com/en-us/library/cc433481(EXCHG.80).aspxAutodiscover Publishing and Lookup Protocol Specificationhttp://msdn.microsoft.com/en-us/library/cc463896(EXCHG.80).aspx