Exchange Cloud/Hosted: Suppress Autodiscover Popup
Well this is not something new but recently I was configuring this for one of my customer so I would like to share the steps here.
So this customer of mine has a private cloud so they have multiple smtp domains. This has been normal until we started using autodiscover url as SCP.
Now every domain’s outlook search for autodiscover.domain.org which can be pointed to the CAS servers. But this needs to have outlook user will get a popup saying autodiscover.domain.org is not present in certificate. And no one like this popup so We configured the following to suppress this.
To explain if we are using 2 smtp domains as mentioned below
Hosted Services provider: MSExchangeGuru.com
Hosted customer domain: GO5LLC.com
So customer’s outlook is trying to reach “Autodiscover.GO5LLC.com” and giving the certificate pop up.
Create the following folders in all the CAS servers
Add a 2nd NIC card with the same network
Create a new public IP Natting with this new IP.
Create new website in the IIS with the following details
Open IIS Manager MMC
-Select Sites then right click and select “Add Web Site”
-Fill the fields like this and click ok
Site name: AutoDiscoverRedirect
Physical Path: C:\inetpub\Autodiscoverredirect
IP address: Select the 2nd NIC IP address
Configure HTTP Redirect to the main autodiscover.domain.com url which is hosted providers’ domain.
-Open IIS and Expand AutoDiscoverRedirect website then click on Autodiscover.
-Double click on HTTP Redirect
-Check the checkbox “Redirect requests to this destination”
-Add the url “https://Autodiscover.domain.com/Autodiscover” and click ok.
- Make sure to do it on all CAS servers.
- Now time to configure DNS Which should have following records.
AutoDiscoverRedirect.MSExchangeGuru.com Public IP pointed to the 2nd NIC
AutoDiscover.MSExchangeGuru.com Public IP Pointed to the 1st NIC which is the IP of the default Autodiscover IIS VDir.
8. This is the similar configuration as Microsoft Office 365 except Microsoft
I am still trying to figure out how Microsoft is blocking port 443 and redirecting together. I will update the block once I will figure this out. I think Port 443 is blocked and port 80 is open for the AutoDiscoverRedirect IP. I have to ask network team to do it to get the same results
We Blocked port 443 for the Public IP which is resolving to AutoDiscoverRedirect.MSExchangeGuru.com but allowed port 80. This is the most important step. This is suppressing the popup. After this popup stopped.
Now you might get this popup which is expected warning.
There are 2 options. Either check the checkbox “Don’t ask me about this website again” then click allow. Then it will not come again.
Configure registry for all users as mentioned in the Microsoft KB here. https://support.microsoft.com/en-us/kb/2480582
So you need the following to configure it.
2 Public IP – 1 with port 443 and other with port 80
2 Internal IP – 443 nat to Autodiscover and port 80 nat to AutoDiscoverRedirect
Public DNS – AutoDiscover host record map to the IP with port 443 and AutoDiscoverRedirect host record map to the IP with port 80
We will create the new website with the name AutoDiscoverRedirect on port 80.
This is not hard configuration and does not require any IISreset, service or server restart.
Microsoft MVP | Exchange Server