Autodiscover: Difference between revisions
m (Jorge de la Cruz Mingo moved page AutoDiscover to Autodiscover) |
Gayle Billat (talk | contribs) |
||
Line 5: | Line 5: | ||
{{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.5}}|}} | {{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.5}}|}} | ||
{{WIP}} | {{WIP}} | ||
Autodiscover uses the Network Edition features | Autodiscover uses the Network Edition features Exchange Activesync (EAS) and Exchange Web Services (EWS) to allow any Mail Client that supports Autodiscover to configure the appropriate Server settings for Communication, so you don’t have to input all the configuration manually. It’s very useful for IT Administrators and for all Users. | ||
Autodiscover also uses SSL certificates, | Autodiscover also uses SSL certificates. For several years, Microsoft has recommended the use of Public domain names for Active Directory domains to avoid the use of non-public TLD like domain.local. | ||
==How does | ==How does Autodiscover work?== | ||
Outlook or the Mail App, has a few ways to look for domain information when configuring itself based on the | Outlook, or the Mail App, has a few ways to look for domain information when configuring itself based on the user's email address. | ||
1. Post to '''https://example.com/Autodiscover/Autodiscover.xml''' | |||
2. Post to '''https://autodiscover.example.com/Autodiscover/Autodiscover.xml''' | |||
3. Same as the previous but in HTTP '''http://autodiscover.example.com/Autodiscover/Autodiscover.xml''' | |||
4. Autodiscover uses the DNS SRV lookup and will get the '''autodiscover.tcp.example.com''' that will reply to "'''mail.example.com'''" | |||
===Example using just the DNS SRV record in Zimbra=== | ===Example using just the DNS SRV record in Zimbra=== | ||
Let's say I want to set up Outlook as john@example.com, but my site does not have the required Autodiscovery XML files set up. I enter that email address in Outlook, now Outlook does the following: | |||
* Autodiscover posts to '''https://example.com/Autodiscover/Autodiscover.xml'''. This fails. | * Autodiscover posts to '''https://example.com/Autodiscover/Autodiscover.xml'''. This fails. | ||
* Autodiscover posts to '''https://autodiscover.example.com/Autodiscover/Autodiscover.xml'''. This fails. | * Autodiscover posts to '''https://autodiscover.example.com/Autodiscover/Autodiscover.xml'''. This fails. | ||
Line 26: | Line 26: | ||
==Creating the proper DNS entries== | ==Creating the proper DNS entries== | ||
To set the proper DNS, you should have 2 different DNS entries. | To set the proper DNS, you should have 2 different DNS entries. | ||
* The first one is | * The first one is a CNAME DNS entry pointing to the proper Zimbra FQDN, for example autodiscover.zimbra.io to zimbra86.zimbra.io. Please be aware that the SSL Certificate needs to have the autodiscover.zimbra.io inside using a Wildcard Certificate or a SAN for the record, or Autodiscover will fail in this step: | ||
<div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/c/c5/Autodiscover-DNS-001.png</div><br/> | <div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/c/c5/Autodiscover-DNS-001.png</div><br/> | ||
* The second DNS record that we need | * The second DNS record that we need is the SRV one, with the Zimbra FQDN, the service, the protocol, the priority, the weight, the port, and the hostname. For example, using Bind you will need to add a DNS entry like the next one: | ||
<div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/c/ce/Autodiscover-DNS-002.png</div><br/> | <div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/c/ce/Autodiscover-DNS-002.png</div><br/> | ||
'''Note:''' You can play with the priority and weight of the DNS record for an Autodiscovery HA based in DNS. | '''Note:''' You can play with the priority and weight of the DNS record for an Autodiscovery HA based in DNS. | ||
==Check the Autodiscover using the DNS == | ==Check the Autodiscover using the DNS == | ||
You can check if you have the proper DNS configuration using the regular DNS tools provided by your Operating System. This doesn't | You can check if you have the proper DNS configuration using the regular DNS tools provided by your Operating System. This doesn't necessarily mean that your Autodiscover works in the Zimbra server, but at least you can see if you have properly configured your DNS Server. | ||
===In Microsoft Windows=== | ===In Microsoft Windows=== | ||
You can test it in Microsoft Windows using nslookup, open a CMD and introduce the next command to test your Autodiscover DNS record: | You can test it in Microsoft Windows using nslookup, open a CMD, and introduce the next command to test your Autodiscover DNS record: | ||
nslookup -q=srv _autodiscover._tcp.example.com | nslookup -q=srv _autodiscover._tcp.example.com | ||
<div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/c/c1/Autodiscover-DNS-003.png</div><br/> | <div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/c/c1/Autodiscover-DNS-003.png</div><br/> | ||
===In Linux/OS X=== | ===In Linux/OS X=== | ||
You can test it in Linux or OS X using dig, open a terminal/console and introduce the next command to test your Autodiscover DNS record: | You can test it in Linux or OS X using dig, open a terminal/console, and introduce the next command to test your Autodiscover DNS record: | ||
dig _autodiscover._tcp.zimbra.io SRV | dig _autodiscover._tcp.zimbra.io SRV | ||
<div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/0/00/Autodiscover-DNS-004.png</div><br/> | <div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/0/00/Autodiscover-DNS-004.png</div><br/> | ||
==Check the Autodiscover using the Official Online Microsoft Tool== | ==Check the Autodiscover using the Official Online Microsoft Tool== | ||
Microsoft | Microsoft has an Online tool where we can test the Autodiscovery, if needed: https://testconnectivity.microsoft.com/ You will see the next window, then select the option called '''Microsoft Office Outlook Connectivity Tests > Outlook Autodiscover''' | ||
<div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/1/16/Autodiscover-000.png</div><br/> | <div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/1/16/Autodiscover-000.png</div><br/> | ||
In the next Window, use an account | In the next Window, use an account where you can login into your Zimbra server to test Autodiscover. '''Note:''' Please use a test account that you can delete later, or use an account where you can change the password after this test. | ||
'''Important note:''' In my first test using the Test Connectivity from Microsoft I | '''Important note:''' In my first test using the Test Connectivity from Microsoft, I received an error because I didn't enable the EWS funcionality to the account I was testing. Enabling the EWS Feature in the COS did the trick to work. | ||
<div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/4/4c/Autodiscover-001.png</div><br/> | <div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/4/4c/Autodiscover-001.png</div><br/> | ||
After a few seconds you will be able to see the results | After a few seconds, you will be able to see the results. In this case everything seems to be OK: | ||
<div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/3/3c/Autodiscover-002.png</div><br/> | <div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/3/3c/Autodiscover-002.png</div><br/> | ||
If we click Expand All, we can see the steps that Autodiscover tried to work | If we click Expand All, we can see the steps that Autodiscover tried to work. As explained before, the only step that works here is the DNS one because: | ||
* First, in example.com I don't have the Zimbra Server, I have my regular Website. | * First, in example.com I don't have the Zimbra Server, I have my regular Website. | ||
* Second, because autodiscover.example.com doesn't have the proper SSL certificate | * Second, because autodiscover.example.com doesn't have the proper SSL certificate. I have a SSL certificate for mail.example.com for example. | ||
* Third, finally the DNS record is valid and Outlook can use this method to get the configuration. | * Third, finally the DNS record is valid, and Outlook can use this method to get the configuration. | ||
<div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/b/b1/Autodiscover-003.png</div><br/> | <div class="thumbnail img-thumbnail">https://wiki.zimbra.com/images/b/b1/Autodiscover-003.png</div><br/> | ||
==Configure the Mail Clients== | ==Configure the Mail Clients== | ||
Now that you have your Autodiscover properly configured you can follow the next Articles to configure your Mail clients: | Now that you have your Autodiscover properly configured, you can follow the next Articles to configure your Mail clients: | ||
* [[Windows_Mail_app_using_EAS_(Exchange_ActiveSync)|Windows Mail app using EAS (Exchange ActiveSync) in Windows 8, 8.1 and Windows 10]] | * [[Windows_Mail_app_using_EAS_(Exchange_ActiveSync)|Windows Mail app using EAS (Exchange ActiveSync) in Windows 8, 8.1 and Windows 10]] | ||
* [[Outlook_2016_For_Mac_And_EWS_Setup|Outlook 2016 for Mac and EWS Setup]] | * [[Outlook_2016_For_Mac_And_EWS_Setup|Outlook 2016 for Mac and EWS Setup]] | ||
Line 71: | Line 71: | ||
{{Article Footer|ZCS 8.6, 8.5|08/04/2015}} | {{Article Footer|ZCS 8.6, 8.5|08/04/2015}} | ||
{{NeedSME|Jorge|SME2| | {{NeedSME|Jorge|SME2|Gayle B.}} | ||
[[Category:Certified]] | [[Category:Certified]] |
Revision as of 19:25, 4 August 2015
Autodiscover for Outlook, Exchange Activesync and Exchange Web Services
Autodiscover uses the Network Edition features Exchange Activesync (EAS) and Exchange Web Services (EWS) to allow any Mail Client that supports Autodiscover to configure the appropriate Server settings for Communication, so you don’t have to input all the configuration manually. It’s very useful for IT Administrators and for all Users. Autodiscover also uses SSL certificates. For several years, Microsoft has recommended the use of Public domain names for Active Directory domains to avoid the use of non-public TLD like domain.local.
How does Autodiscover work?
Outlook, or the Mail App, has a few ways to look for domain information when configuring itself based on the user's email address. 1. Post to https://example.com/Autodiscover/Autodiscover.xml 2. Post to https://autodiscover.example.com/Autodiscover/Autodiscover.xml 3. Same as the previous but in HTTP http://autodiscover.example.com/Autodiscover/Autodiscover.xml 4. Autodiscover uses the DNS SRV lookup and will get the autodiscover.tcp.example.com that will reply to "mail.example.com"
Example using just the DNS SRV record in Zimbra
Let's say I want to set up Outlook as john@example.com, but my site does not have the required Autodiscovery XML files set up. I enter that email address in Outlook, now Outlook does the following:
- Autodiscover posts to https://example.com/Autodiscover/Autodiscover.xml. This fails.
- Autodiscover posts to https://autodiscover.example.com/Autodiscover/Autodiscover.xml. This fails.
- Autodiscover performs the following redirect check: GET http://autodiscover.example.com/Autodiscover/Autodiscover.xml. This fails.
- Autodiscover uses DNS SRV lookup for autodiscover.tcp.example.com, and then "mail.example.com" is returned.
- Outlook asks permission from the user to continue with Autodiscover to post to https://mail.example.com/autodiscover/autodiscover.xml.
- Autodiscover's POST request is successfully posted to https://mail.example.com/autodiscover/autodiscover.xml.
Creating the proper DNS entries
To set the proper DNS, you should have 2 different DNS entries.
- The first one is a CNAME DNS entry pointing to the proper Zimbra FQDN, for example autodiscover.zimbra.io to zimbra86.zimbra.io. Please be aware that the SSL Certificate needs to have the autodiscover.zimbra.io inside using a Wildcard Certificate or a SAN for the record, or Autodiscover will fail in this step:
- The second DNS record that we need is the SRV one, with the Zimbra FQDN, the service, the protocol, the priority, the weight, the port, and the hostname. For example, using Bind you will need to add a DNS entry like the next one:
Note: You can play with the priority and weight of the DNS record for an Autodiscovery HA based in DNS.
Check the Autodiscover using the DNS
You can check if you have the proper DNS configuration using the regular DNS tools provided by your Operating System. This doesn't necessarily mean that your Autodiscover works in the Zimbra server, but at least you can see if you have properly configured your DNS Server.
In Microsoft Windows
You can test it in Microsoft Windows using nslookup, open a CMD, and introduce the next command to test your Autodiscover DNS record:
nslookup -q=srv _autodiscover._tcp.example.com
In Linux/OS X
You can test it in Linux or OS X using dig, open a terminal/console, and introduce the next command to test your Autodiscover DNS record:
dig _autodiscover._tcp.zimbra.io SRV
Check the Autodiscover using the Official Online Microsoft Tool
Microsoft has an Online tool where we can test the Autodiscovery, if needed: https://testconnectivity.microsoft.com/ You will see the next window, then select the option called Microsoft Office Outlook Connectivity Tests > Outlook Autodiscover
In the next Window, use an account where you can login into your Zimbra server to test Autodiscover. Note: Please use a test account that you can delete later, or use an account where you can change the password after this test. Important note: In my first test using the Test Connectivity from Microsoft, I received an error because I didn't enable the EWS funcionality to the account I was testing. Enabling the EWS Feature in the COS did the trick to work.
After a few seconds, you will be able to see the results. In this case everything seems to be OK:
If we click Expand All, we can see the steps that Autodiscover tried to work. As explained before, the only step that works here is the DNS one because:
- First, in example.com I don't have the Zimbra Server, I have my regular Website.
- Second, because autodiscover.example.com doesn't have the proper SSL certificate. I have a SSL certificate for mail.example.com for example.
- Third, finally the DNS record is valid, and Outlook can use this method to get the configuration.
Configure the Mail Clients
Now that you have your Autodiscover properly configured, you can follow the next Articles to configure your Mail clients:
- Windows Mail app using EAS (Exchange ActiveSync) in Windows 8, 8.1 and Windows 10
- Outlook 2016 for Mac and EWS Setup
- Outlook 2013 using EAS (Exchange ActiveSync)
- Outlook 2011 For Mac And EWS Setup With Screenshots
Identified Support/Known Issues
Known issues include the following bugs:
- Bug 85262 - Admin: Add Appendix to Admin Guide which documents the various autodiscovery settings