I think the actual process of how the autodiscover process is often overlooked - simply because "it just works", by adding an A or CNAME such as autodiscover.domain.com and pointing it to our mailbox server the process is done.
Although a client - whether it be an activesync device or an Outlook client firstly looks for the autodiscover configuration in the following order:
- Firstly tries POST request to: https://domain.com/Autodiscover/Autodiscover.xml
- If fails tries POST request to: https://autodiscover.domain.com/Autodiscover/Autodiscover.xml
- If fails tries GET request (to check for a redirect): http://autodiscover.domain.com/Autodiscover/Autodiscover.xml
- If fails tries a DNS SRV lookup on: autodiscover.tcp.example.org which returns mail.domain.com
- Proceeds by sending POST to: https://mail.domain.com/autodiscover/autodiscover.xml
- POST Request is successful.
Benifits of using a SRV record instead of an A or CNAME record are that you do not have to have a dedicated IP / SSL certficate for the autodiscover subdomain - but on the other hand using a SAN certifcate should mitigate this problem in the first place.
No comments:
Post a Comment