Exchange 2007 AutoDiscover and Multi-Tenant Hosting

I posted recently with some background information on the new AutoDiscover service in Exchange 2007.

Again, this is a service to help automatically configure Outlook 2007 profiles based soley on a user's email address.  This service also helps retreive the locations of new Exchange 2007 services such as free/busy, out of office, and web-based offline address book distribution.

For Internet Outlook 2007 users, the basics of this service are that they enter their email domain (name@emaildomain.tld) and Outlook automatically tries to connect to:

• https://emaildomain.tld/autodiscover/autodiscover.xml
• https://autodiscover.emaildomain.tld/autodiscover/autodiscover.xml

When retrieving settings from one of these URLs, HTTPS (SSL) is required -- which means there must be a valid security certificate installed for that web site that matches the site name. 

This, of course, poses an interesting problem for Exchange-based messaging hosters who do not want to have to buy a unique SSL certificate and set up a new web site for each new hosted domain.  (If they are hosting mail for mycrazywidgets.org, they don't want to have to buy a valid certificate for autodiscover.mycrazywidgets.org).  This also may be an issue for corporate environments that host multiple email domains but do not wish to purchase a certificate for each one.

Luckily, we have a solution for this -- that you can try out once Office 2007 Beta 2 Technical Refresh is released.  (Check here, I think, for when it is released).

There are a set of "one-time" configuration steps for hosters to get going, and then a set of steps for each new email domain that you host:

One-time configuration steps for multi-domain hosting & AutoDiscover:

1. Create a new virtual web site (on a new IP) that is Internet-facing.  Call it something like "autodiscoverredirect.[hosterdomain.tld]" where [hosterdomain.tld] is your 'main' domain name.  {The actual name of this virtual web site isn't really important}.  No certificate is required for this web site.
2. Create an /autodiscover/ virtual directory on that web site.
3. Create an empty file in this directory called "autodiscover.xml"
4. Through IIS manager, configure that file to be a redirect to https://autodiscover.[hosterdomain.tld]/autodiscover/autodiscover.xml.  (This can be set on the properties page of the file through IIS manager).

Per-domain configuration steps:

For each new hosted email domain

1. The DNS configuration of that email domain must be changed to add a CNAME record for "autodiscover.[emaildomain.tld]" pointed to "autodiscoverredirect.[hosterdomain.tld]".

Given that you already have to make DNS changes to host a new email domain (i.e., configure the MX record), this should just be one small additional step in that existing process.

Client experience

Now, what happens when a user types in emailaddress@[emaildomain.tld] into Outlook 2007?  This isn't the complete list, but Outlook will:

• Attempt to connect to https://emaildomain.tld/autodiscover/autodiscover.xml & fail.
• Attempt to connect to https://autodiscover.emaildomain.tld/autodiscover/autodiscover.xml & fail.
• Attempt to connect to https://autodiscover.emaildomain.tld/autodiscover/autodiscover.xml & succeed -- but receive an HTTP-level redirect to https://autodiscover.[hosterdomain.tld]/autodiscover/. 
• Warn the user about this redirect and ask them if they trust getting their settings from [hosterdomain.tld].  (The warning can be turned off by the user after the first time).  It says:  "Allow this website to configure user@domain.tld server settings?" followed by the URL of autodiscover at the hoster domain.  If the user does not recognize the hoster domain, then they should cancel.
• If the user accepts, Outlook will then connect to https://autodiscover.[hosterdomain.tld]/autodiscover/ and retreive profile settings.