Ruby Nahal, Engineer

By Ruby Nahal, Systems Engineer

Out of Sight, Out of Mind

The days of ignoring the Outlook Exchange Autodiscover setup are long gone, friends. Historically, if you were using Exchange 2010 and did not have any remote users, there were tweaks you could make to suppress the Autodiscover errors so you could get away without going through the setup.

But with Outlook 2013 licenses out of stock (with most vendors) and Outlook 2016 becoming the only option available, it has now become vital to setup exchange Autodiscover. In fact, even setting up 2016 Outlook requires that Exchange Autodiscover is set up and working properly so the time has come to embrace it.

The Upside

The Exchange Autodiscover service allows users to configure the client email application with very little user input. Most users know their email address and password, and if Autodiscover is set up properly, that is all you will need to get them up and running since all settings are retrieved automatically. Easy peasy.

In addition to configuring a user profile, Autodiscover also allows access to other Exchange features like an offline address book and Outlook features that govern functionality such as free/busy information, Unified Messaging, out-of-office settings and Outlook anywhere settings.

In short, it is a lot more work to configure an Outlook profile without Autodiscover service.

The Flipside

Autodiscover is tested with four methods. The first three will require the Autodiscover URL to be included in the Exchange SSL certificate. The most common issue that I have encountered here is a certificate error pops up that says ‘The name on the security certificate is invalid or does not match the name of the site’ because that Autodiscover URL (most often autodiscover.domain.com) is not included in the subject alternative name (SAN name) of the exchange certificate so you need to add it as an alias to the certificate URL.

The rub is that SAN names can be expensive. With Exchange 2010, you are able to use wildcard certs (certificates with infinite number of SAN names – yup!). However, they weren’t cheap either.

The Solution

Don’t worry; there is still a solution without having to get a new certificate. It is called “creating a SRV record”. An SRV record is a special DNS record that is intended to provide information on available services.

An SRV record for Autodiscover will look like _autodiscover._tcp.domain.com. It will normally use port 443 and point to your exchange URL (typically mail.domain.com). Once DNS changes reflect, the error about the certificate error should go away and Outlook 2016 will work like a charm!

If you have been scratching your head about why Outlook 2016 is having issues or considering leaving Autodiscover certificates “unfixed” because you don’t want to buy another certificate, Microsoft offers a great tool to troubleshoot the Autodiscover issues at https://testconnectivity.microsoft.com. Check it out, you and your clients will be happy you did.

About Ruby //@RubyNahal // Ruby hails from India with a flair for cooking traditional cuisine and a deep love of learning (you may find her buried in a book, non-fiction of course) and a real passion for all things tech. For her, enhancing people’s lives via well-executed technology solutions has always been more than a job, and it also makes Ruby a perfect fit for our team; she gets our mission to the core. As far as technical chops, Ruby is bar none. She holds a Master’s Degree in IT, multiple certifications and awards in Network and Security Administration, led several R & D teams and worked for five years as an Infrastructure Architect in Canada. Need we say more?