Exchange 2007 Autodiscover Issues

We have recently begun installing a lot of Exchange 2007 servers, both Exchange 2007 standard and as part of SBS 2008. Starting with Exchange 2003 there is a lot of reliance on the web services part of the server which reside in IIS. In order to get things working properly we get a SSL certificate, usually from GoDaddy, to secure the exchange directories. This allows us to set up devices with Exchange Activesync, OWA without certificate warnings, and Outlook Anywhere.

We’ve noticed that when installing these certificates, Outlook clients on the domain begin to see a certificate error. This is because of the Autodiscover URLs that are part of Exchange server and the fact they no longer match the self-signed certificate that Exchange produces on installation.

In order to update those URLs you need to use Exchange Management Shell to run some commands. The commands are different for SBS installations and Standard installations. In the following commands, replace yourserver with the netbios name of your Exchange server and external.yourdomain.com with the external address of your server.

For SBS 2008 run the following commands in Exchange Management Shell:

Set-ClientAccessServer -Identity yourserver -AutodiscoverServiceInternalUri https://external.yourdomain.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “yourserver\EWS (SBS Web Applications)” -InternalUrl https://external.yourdomain.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity “yourserver\oab (SBS Web Applications)” -InternalUrl https://external.yourdomain.com/oab

Set-UMVirtualDirectory -Identity “yourserver\unifiedmessaging (SBS Web Applications)” -InternalUrl https://external.yourdomain.com/unifiedmessaging/service.asmx

For Exchange 2007 Standard or Enterprise on Windows Server 2008 run the following commands in Exchange Management Shell:

Set-ClientAccessServer -Identity yourserver -AutodiscoverServiceInternalUri https://external.yourdomain.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “yourserver\EWS (Default Web Site)” -InternalUrl https://external.yourdomain.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity “yourserver\oab (Default Web Site)” -InternalUrl https://external.yourdomain.com/oab

Set-UMVirtualDirectory -Identity “yourserver\unifiedmessaging (Default Web Site)” -InternalUrl https://external.yourdomain.com/unifiedmessaging/service.asmx

If you’re not sure which set of commands to use, type Get-WebServicesVirtualDirectory in Exchange Management Shell and see what is listed for name. You will either see EWS (SBS Web Applications) or EWS (Default Web Site). Match that up with the command set above and it should find the appropriate virtual directories.

On Windows Server 2008, if you see access denied errors then make sure you use Run As Administrator to run Exchange Management Shell.

At this point, we have solved problems with Autodiscover that resulted in error messages in Outlook clients but have not actually set up Autodiscover. The Autodiscover setup process usually includes setting up a new site in IIS for autodiscover.yourdomain.com and adding the autodiscover virtual directory to it. You’ll also need a SSL cert for it which is why we don’t usually set it up. We have yet to see any advantages to setting up Autodiscover since our clients usually don’t have that many clients connected to their Exchange server.