Autodiscover within Office 365 Hybrid (Design & Recommandations)

While providing Support to Office 365 customers (mostly hybrid), I have noticed most frequent reason of issue in Hybrid environment come from the following reasons:

  1. Hybrid Server Design
  2. Autodiscover Design

In Hybrid Scenario, the Design of  Hybrid Server is exactly the same as on-premise Internet facing Client Access Server. you have to follow some basic Exchange Recommandations.

  • Your Most Recent Version of Exchange Server has to be Internet facing
  • Your Most Recent Version of Exchange Server has to handle Client Connections
  • Your Most Recent Version of Exchange Server has to be responsable for Exchange Web Service and Autodiscover.
  • An Hybrid Server is a Exchange Server, there is not Hybrid Role (Reminder)

When these rules are followed, random issues related to Exchange Web Service are avoided but sometime I see  Hybrid Design like the following trying to workaround these rules:

Please find an example of wrong Design (when not following theses recommandations)hybrid-exchange-2010_v2-1

The reason of implement such design are often explained by :

  • Downtime when you need to update\replace  Exchange Server by New Hybrid Server
  • Customer would like to Test Hybrid Configuration without changing the production environment

This kind of design will never provide the customer will the full experience of Hybrid configuration, but with ramdom Exchange Web Service issues.

So, why this design is wrong, first and easy answer, this design does not follow the basic recommandation we provided earlier. why this recommandations is so important. First these recommandations garantee that your internet facing \Client Access Server can handle any client connection and\or Request. not following this recommandation will create the following issues:

  • If the Hybrid Server is not Internet facing for Client Access Server Request:
    • Autodiscover Service will pointing on legacy  Exchange Server endpoint
    • Autodiscover will provide Exchange Web Service Endpoint pointing to legacy Exchange Server endpoint
  • Legacy Exchange Server won’t be able to provide accurate information.
    • Regarding Exchange Online

So to understand technically what happens, we will have to respond two questions:

  • How Outlook will retreive the required information to connect to Exchange Server?
  • How Exchange Web Service informations are retreived?

 

After reading serveral articles about how Autodiscover is working with Exchange 2007/2010/2013/2016 &  some articles how outlook will use Autodiscover Service, please  find some of these articles.

  • How Free busy information is retreive:
    • Exchange 2010 (Availability Service Process Flow): link
    • Methods used to Retreive Free\busy information :Link
    • How Free\Busy is retreive: Link
  • How autodiscover is working for Exchange Server(On-premise):
    •  Exchange 2007:Link
    • Exchange 2010:Link
    • Exchange 2013: Link
    • Exchange 2016: Link
  • How Autodiscover is working for Office 365 mailbox:
    • autodiscover using TargetAddress:Link
    • Office 365 autodiscover lookup Process: Link
    • Exchange 2013 Cross-forest moves: Link
  • How  Autodiscover is working in Cross-forest or multi-site environment
    • Exchange 2016 Coexistence:Link

The responses of theses two questions after reading these articles is Autodiscover.

Since Exchange 2007 SP1, Autodiscover is becoming the most important service for outlook client in Exchange environment. This service is used by outlook 2007 and above to:

  • Outlook profile creation
  • Outlook will use autodiscover to retreive Endpoint connections for following services:
    • Where the mailbox is location (Mailbox Servers)
    • Free\Busy Information
    • Out Of Office
    • OAB
    • Shared Mailbox\Archive Mailbox,…

with Exchange 2013 SP1, Autodiscover is now the only recommended way to configure & update outlook configuration.

Now, We know in an office 365 Hybrid environment Autodiscover design is as important as the Hybrid Server Design.

How to Design Autodiscover in Hybrid Environment, I have try to find some official Article. my findings are only two articles

  • Microsoft Exchange Server Deployment Assistant: Link
  • Create DNS Record for Office 365(not for hybrid): Link

These articles do not provide enough information or guidance for a design.

We will try to provide all information you need to make this design.

In order to provide a proper design, we need to know how autodiscover is working in an Hybrid environment:

  • Where Autodiscover  information are published:
    • Publish information using Service Connection Point (SCP) in AD
      • A SCP is created when a  Client Access Server  is installed
      • ServicebindingInformation of SCP will be replicated between GC
    • Outlook Client will then try hard coded specific URL if failed to retreive information from SCP
  • How Outlook will try to retreive Autodiscover information:
    1. Internally or domain joined computer:
      1. Outlook will first try to retreive autodiscover information using SCP
      2. Then outlook will try the following url for SMTP domain Contoso.com:
    2. Externally or none joined computer:
      1. for external request Outlook will make DNS request to try to resolve the following url:
        1. https://contoso.com/autodiscover/autodiscover.xml
        2. https://autodiscover.contoso.com/autodiscover/autodiscover.xml
        3. SRV Record – allows to redirect your request to url
  • How outlook will Retreive autodiscover information in Office 365 Hybrid environment:
    1. Autodiscover endpoint located using SCP query
    2. Client attempts first URL
    3. Authentication successful to Autodiscover web service using logged on credentials
    4. Autodiscover unable to answer query as mailbox in O365. 0x800C8205,  Redirect to TargetAddress
    5. Start from beginning using new SMTP address:  user-1@TailspinToysCanada.mail.onmicrosoft.com
    6. Autodiscover starts over. Endpoint located using SCP query
    7. Client attempts first URL
    8. Authentication successful to Autodiscover web service using logged on credentials
    9. Autodiscover unable to answer query as mailbox in O365.  Status code:  0x800C8205
    10. DNS lookup process starts: root domain lookup  domain.com
    11. Root domain lookup fails with status: 12007
    12. Root domain lookup fails with status: 0x8004005
    13. DNS lookup process continues to next namespace: autodiscover.MicrosoftOnlineRoutingdomain.com
    14. Lookup fails with status: 12029
    15. Lookup fails with status: 0x800C8203
    16. Local XML file lookup
    17. Local XML file lookup fails with status: 0x8004010F
    18. HTTP Redirect check to: autodiscover.MicrosoftOnlineRoutingdomain.com
    19. Client redirected to shared autodiscover namespace:  autodiscover-s.outlook.com
    20. Client submits Autodiscover request
    21. Authentication needed – 401 response – you request to provide an authentication
    22. HTTP 302 redirect
    23. Autodiscover failed with status: 0x800C8204 – redirect was received to a more accurate location
    24. Autodiscover sent to accurate location pod51042.outlook.com
    25. Autodiscover request issued to pod51042.outlook.com
    26. Authentication needed – 401 response
    27. Authentication successfully provided
    28. Autodiscover request submitted
    29. Autodiscover XML data successfully received

This information is from Rhoderick Milne [MSFT] Article

regarding to all this informations and every  articles I have mentioned in this article, I will try to provide you a comprehensive list requirements, best pratices and recommandation for Autodiscover in Hybrid Environment:

  • Active Directory:
    • SCP should point to  Hybrid Server
      • A certificate should have this entry
    • On-premise User should with Exchange Online mailbox should have:
      • a remote mailbox
      • Primary SMTP Address
      • RemoteRoutingAddress (TargetAddress Attribute)
  • Autodiscover  URL should be set to point on Hybrid Server:
    • Public DNS:
      • A Record  pointing to External (public) Ip Address of Hybrid Server
      • Cname for autodiscover point to A Record of you Hybrid Server
      • in a Hybrid Scenario, the autodiscover has to point on your On-premise environment, to be more precise has to point to your Hybrid Server.
    • Internal DNS:
      • A record point to IP address of Hybrid Server
      • This Entry has to match the url provide in SCP
    • Certificate should have SCP entry, Autodiscover url publish by Hybrid Server.
  • Hybrid Server has to be:
    • Internet facing for Autodiscover
    • Internet facing for Client Access role
    • has to run the last version of Exchange in the organization

In a Hybrid Environment, sharing policies or Federation are also being used for Free\busy sharing between Office 365 users & on-premise User. this subject will be discussed in the futur article.

 

 

Author: John

I m a consultant who love Microsoft Exchange and try to learn as much as possible. so if you have any question related to Exchange please do not hesitate to ask. if I don't know I will know.

2 thoughts on “Autodiscover within Office 365 Hybrid (Design & Recommandations)”

  1. Hi.

    I assume you are talking DEDICATED hybrid servers so …

    1. Shouldn’t the hybrid server be also open on port 25/587? After-all the hybrid server is a multi-role one and Office365 communicates with the hybrid servers on port 25/587 to flow mail

    2. As far as SCP goes; I don’t believe you need to change all the other SCP record on all the CAS servers to point to the DEDICATED hybrid server. Am I wrong?

    Thanks

    Like

    1. Hello Mikey,
      Regarding the port 587 it s only used by exchange for Client not for hybrid only 25 is required. ( source: https://technet.microsoft.com/en-us/library/hh534377(v=exchg.150).aspx)
      I will recommend this setting because your autodiscover Service has to be delivered by the latest version of exchange ( your Hybrid Exchange will has to be the latest version of exchange). if autodiscover is not deliver by latest version of exchange and by the hybrid Server, Exchange web Service will not properly between office 365 mailbox and On-premise mailbox (Free-busy,…)

      John

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s