Autodiscover flow in an Exchange on-Premises | non-Active Directory | Part 3#3 | Part 28#36
Exchange 2007 - CAS Overview & Autodiscover
-
Upload
nitin-gupts-gupnit -
Category
Technology
-
view
6.974 -
download
0
description
Transcript of Exchange 2007 - CAS Overview & Autodiscover
1 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Client Access ServerClient Access Server
Nitin Gupta
2 / 18 Oct 2007 E12 - Roles / Nitin Gupta
• Client Access Server
• Exchange Autodiscover
– Overview
– Process
• Question & Answers
Agenda
3 / 18 Oct 2007 E12 - Roles / Nitin Gupta
• The topics / flow to be covered in this
session is going to be very basic
• Please feel free to interrupt in case something
is not clear, every attempt would be made to
answer your query immediately, else offline
Important
4 / 18 Oct 2007 E12 - Roles / Nitin Gupta
• Exchange 2007 - Architecture
• Overview / Understanding of – SMTP Protocol & Relay
– DNS & associated records
– PowerShell
– Certificates / PKI
• Good knowledge of Server Roles in MSX 2003
Prerequisites
5 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Where CAS comes in…Where CAS comes in…
6 / 18 Oct 2007 E12 - Roles / Nitin Gupta
• Server roles allow an administrator to split the functions of an Exchange server and place each role, or a combination of roles, on different servers in the organization
• This can be done for performance reasons, management reasons, or any other reason deemed necessary by the organization's policies
• Various Server Roles
– Edge Transport
– Hub Transport
– Client Access
– Mailbox
– Unified Messaging
Server Roles
7 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Perimeter
Exchange 2007 Edge Server
Intranet
Exchange 2007 Server
Server Roles
8 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Enterprise Network
OtherSMTPServer
s
Hub Transport
Routing Policy
Applications:OWA, Outlook
Anywhere
Protocols:EAS, POP, IMAP,
Outlook Anywhere
Programmability:Web services, Web
parts
Client Access
EdgeTransport
Routing
Hygiene
PBX or VoIP
INTERNET
Mailbox
Mailbox
PublicFolders
Voice Messagin
g
Unified Messaging
Fax
Server Roles
9 / 18 Oct 2007 E12 - Roles / Nitin Gupta
CAS - OverviewCAS - Overview
10 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Handles communications between clients and Microsoft Exchange.
Supports
Outlook 2007 and earlier versions,
Outlook Web Access,
Exchange ActiveSync
POP3 and IMAP4 protocols
Makes it possible to use Exchange 2007 features such as the offline address book, the Autodiscover service, and the Availability service
Must be installed in every Exchange 2007 organization
Enables users to use Unified Messaging features as Play on Phone
Overview
11 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Outlook communicates directly with the Mailbox server,
Outlook still uses the Client Access server role to connect to
Exchange mailboxes when using Outlook Anywhere (formerly
known as RPC over HTTP) and for services such as
Autodiscover service
Availability service.
Overview - Note
12 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Autodiscover
Uses a user's e-mail address and password to provide profile settings to
Outlook 2007 clients and supported mobile devices
Enables Outlook 2007 clients to automatically connect to Microsoft
Exchange and Exchange features, such as the Availability service or
Unified Messaging, without having to manually configure their Outlook
profile
POP3 & IMAP4
Supports POP3 and IMAP4 clients.
By default, POP3 and IMAP4 services are installed but are not enabled.
CAS – Features & Functionalities
13 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Exchange ActiveSync
Helps synchronize data between mobile device and Exchange
Can synchronize e-mail, contacts, calendar information, and tasks
Devices that run Microsoft Windows Mobile® software, including Windows Mobile powered Pocket PC 2003 and Windows Mobile 5.0, are supported
Outlook Web Access
Helps access e-mail from a Web browser
Includes new features like smart meeting booking, enhanced reminders and notifications, integration with WSS and File share
Two versions of Outlook Web Access Full-featured Outlook Web Access Premium client Outlook Web Access Light client
CAS – Features & Functionalities
14 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Outlook Anywhere
The Outlook Anywhere feature for Microsoft Exchange Server 2007 lets Outlook 2007 and Outlook 2003 clients connect to their Microsoft Exchange servers over the Internet by using the RPC over HTTP Windows networking component.
Wraps remote procedure calls (RPC) with an HTTP layer, which allows the traffic to traverse network firewalls without requiring RPC ports to be opened
Availability Service
Improves free/busy data access for information workers by providing secure, consistent, and up-to-date free/busy data to computers that are running Outlook 2007
CAS – Features & Functionalities
15 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Autodiscover ServiceAutodiscover Service
16 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Configures and maintains server settings for client
with MOO 2007
Configures supported Mobile devices
Includes features like
Web-based Offline Address Book
Availability Service
Unified Messaging
No Autodiscover service - Earlier versions of Outlook
Exchange Autodiscover Service
17 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Easier to configure Outlook 2007 as compared to manual work required in previous versions
Uses User’s Email Address or Domain Account
Information:
User’s display name
Connection settings for internal and external connectivity
Location of user’s Mailbox server
The URLs for features
Free/busy information,
Unified Messaging, and
Offline address book
Outlook Anywhere server settings
Outlook 2007 & Autodiscover
18 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Virtual directory “Autodiscover” is created under Default Web site in IIS on installation of CAS role
This Virtual Directory handles requests from Outlook 2007 when:
– A new Outlook profile is configured or updated
– A client periodically checks MSX Web Services URLs
– Underlying network connection changes
Service Connection Point (SCP) Active Directory object is created for each server where the CAS role is installed.
SCP object is used by clients to locate the Autodiscover service.
SCP record contains the serviceBindingInformation attribute that’s has FQDN of CAS
Ex: https://cas01.contoso.com/autodiscover/autodiscover.xml, where cas01.contoso.com is FQDN of CAS
Autodiscover Operation
19 / 18 Oct 2007 E12 - Roles / Nitin Gupta
The SCP object contains the authoritative list of Autodiscover service URLs for the forest
Most important attributes of an SCP are
Keywords : String value that identify a service
serviceDNSName : A or SRV record of
serviceDNSNameType : CAS server role
serviceBindingInformation : In-site and out-of-site lists of CAS
Client applications search the directory for keywords values to locate your SCP. When SCP is found, clients can read other attributes to retrieve service data.
SCP object is updated by using Set-ClientAccessServer cmdlet
SCP – Quick Overview
20 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Require Exchange Administrator role to execute
Is used to set properties on specified CAS
To be for all Microsoft Exchange Server 2007 computers that have the Client Access server role
Set-ClientAccessServer Cmdlet
Set-ClientAccessServer -Identity "CAS-01" -AutodiscoverServiceInternalURI "https://cas.mail.contoso.com/autodiscover/autodiscover.xml" -
AutodiscoverServiceSiteScope "Mail"
Parameter Required Description
Identity Required This parameter specifies an individual Client Access server.
AutoDiscoverServiceInternalUri
Optional This parameter specifies the internal URL of the Autodiscover service.
AutoDiscoverSiteScope
Optional This parameter specifies the site for which the Autodiscover service is authoritative. Clients that connect to the Autodiscover service by using the internal URL must belong to a site listed here.
Confirm Optional This parameter causes the command to pause processing and requires that you acknowledge what the command will do before processing continues. The default value is $true.
DomainController Optional This parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to the Active Directory directory service.
Instance Optional This parameter specifies an instance of a Client Access server.
21 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Domain-connected client connects and authenticates to Active Directory
Outlook 2007 sends a LDAP query to AD looking for all SCP objects.
Outlook sorts and enumerates the returned results based on the client's Active Directory site by using the keyword attribute of the SCP record.
2 Lists with SCP Records of in-site & out-of-site are returned
An array of Autodiscover URLs is generated by referencing the serviceBindingInformation attribute from in-site and out-of-site lists in sequence
Autodiscover – Domain Connected
22 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Outlook tries to connect to each Autodiscover URL sequentially. If no URLs in in-site are unavailable, out-of-site URL are connected and sends an HTTP POST command to the Autodiscover service
The Autodiscover service queries AD to obtain the connection settings and URLs for the Exchange services.
The Autodiscover service returns an HTTP response with an XML file that includes the connection settings and URLs for the available Exchange services.
Outlook uses the appropriate configuration information and connection settings to connect to Exchange messaging environment.
How Autodiscover Works….contd
23 / 18 Oct 2007 E12 - Roles / Nitin Gupta
How Autodiscover Works….
24 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Non domain-connected client first tries to locate the Autodiscover service by looking up the SCP object in Active Directory
As client is unable to contact AD, it then locates the Autodiscover service by using Domain Name System (DNS)
Client will use domain part from user’s e-mail address and check DNS by using two predefined URLs.
Example:
If SMTP domain is contoso.com,
Outlook tries following URLs to connect to the Autodiscover service:
https://contoso.com/autodiscover/autodiscover.xml
https://autodiscover.contoso.com/autodiscover/autodiscover.xml
Non Domain Connected Client
25 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Non Domain Connected Client
26 / 18 Oct 2007 E12 - Roles / Nitin Gupta
The XML file provides following information:
User’s display name
Connection settings for internal and external connectivity
Location of user’s Mailbox server
The URLs for features
Free/busy information,
Unified Messaging, and
Offline address book
Outlook Anywhere server settings
XML Contents…
27 / 18 Oct 2007 E12 - Roles / Nitin Gupta
For Distributed AD sites separated by low-bandwidth network connectivity.
Preferred AD sites for clients to connect Autodiscover service.
Process of specifying preferred AD sites - Configuring site scope.
Configure site affinity - Set-ClientAccessServer cmdlet.
Clients connect to the Autodiscover service instances as specified in Site Scopes.
Site Affinity @ Autodiscover
28 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Topology– IN-CHN A EDS site located in Chennai (CHN-CAS)– IN-DEL A EDS site located in Delhi (DEL-CAS)– IN-BNG A EDS site located in Bangalore (BNG-CAS)
Configuration– Autodiscover service enabled on each site – Each site includes user mailboxes.
Users Autodiscover optionsIN-DEL Users - Should use either IN-DEL or IN-CHN sites
IN-BNG Users - Should use either IN-BNG or IN-CHN sites
IN-BNG Users – No preference required
Site Affinity @ Example
IN-CHN
IN-DEL
IN-BNG
29 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Scope Configuration – IN-DELSet-ClientAccessServer -Identity “DEL-CAS" -AutodiscoverServiceInternalURI "https://internal.eds.com/autodiscover/autodiscover.xml" -
AutodiscoverServiceSiteScope “IN-DEL”,”IN-CHN”
Scope Configuration – IN-BNGSet-ClientAccessServer -Identity “BNG-CAS" -AutodiscoverServiceInternalURI "https://internal.eds.com/autodiscover/autodiscover.xml" -AutodiscoverServiceSiteScope “IN-BNG”,”IN-CHN”
Scope Configuration – IN-DELSet-ClientAccessServer -Identity “CHN-CAS" -AutodiscoverServiceInternalURI "https://internal.eds.com/autodiscover/autodiscover.xml"
Site Affinity @ Example
IN-CHN
IN-DEL
IN-BNG
30 / 18 Oct 2007 E12 - Roles / Nitin Gupta
The connection settings that the Outlook client uses are translated into MAPI properties.
MAPI properties are stored in the user's profile located in the registry on their local computer.
The URLs for the available Exchange services are cached in the memory of the local computer.
There are two layers of Outlook 2007 that use the Autodiscover service:
The Outlook layer - begins operating when Outlook 2007 is opened to retrieve the user profile settings
The MAPI layer - begins operating when there are errors connecting to the Exchange server by using the MAPI protocol
Autodiscover @ Outlook 2007
31 / 18 Oct 2007 E12 - Roles / Nitin Gupta
Outlook 2007 automatically connects to the Autodiscover service under the following conditions:
Every time that the application starts
At intervals on a background thread
Any time that the client's connection to an Exchange server fail
User profile settings (by outlook layer) are refreshed every time that the Time to Live period is specified. Setting for TTL is 60 minutes or if an error occurs when Outlook tries to contact to server.
If Outlook does not connect to Autodiscover service, Outlook layer reconnects every 5 minutes because the URLs for the available Exchange services are cached in memory on the local computer.
Autodiscover @ Outlook 2007
32 / 18 Oct 2007 E12 - Roles / Nitin Gupta
MAPI layer connects to the Autodiscover when the user is using a low-bandwidth network connection or when the user tries to open their mailbox after a mailbox move.
The first failure detected by the MAPI layer results in an initial Autodiscover service request..
This initial Autodiscover service request is known as the free Autodiscover service request. If no other failures occur after the first failure, the MAPI layer will perform an Autodiscover service request every 6 hours to update the user's profile settings.
MAPI layer also connects to the Autodiscover service if the user creates a new Outlook profile.
Autodiscover @ Outlook 2007
33 / 18 Oct 2007 E12 - Roles / Nitin Gupta
How Autodiscover Works….
34 / 18 Oct 2007 E12 - Roles / Nitin Gupta
MAPI layer connects to the Autodiscover when the user is using a low-bandwidth network connection or when the user tries to open their mailbox after a mailbox move.
The first failure detected by the MAPI layer results in an initial Autodiscover service request..
This initial Autodiscover service request is known as the free Autodiscover service request. If no other failures occur after the first failure, the MAPI layer will perform an Autodiscover service request every 6 hours to update the user's profile settings.
MAPI layer also connects to the Autodiscover service if the user creates a new Outlook profile.
Autodiscover @ Outlook 2007