Autodiscover
Autodiscover for Outlook, Exchange Activesync and Exchange Web Services
Autodiscover uses the Network Edition features Exchange Activesync (EAS) and Exchange Web Services (EWS) to allow any Mail Client that supports Autodiscover to configure the appropriate Server settings for Communication, so you don’t have to input all the configuration manually. It’s very useful for IT Administrators and for all Users. Autodiscover also uses SSL certificates. For several years, Microsoft has recommended the use of Public domain names for Active Directory domains to avoid the use of non-public TLD like domain.local.
How does Autodiscover work?
Outlook, or the Mail App, has a few ways to look for domain information when configuring itself based on the user's email address. 1. Post to https://example.com/Autodiscover/Autodiscover.xml 2. Post to https://autodiscover.example.com/Autodiscover/Autodiscover.xml 3. Same as the previous but in HTTP http://autodiscover.example.com/Autodiscover/Autodiscover.xml 4. Autodiscover uses the DNS SRV lookup and will get the autodiscover.tcp.example.com that will reply to "mail.example.com"
Example using just the DNS SRV record in Zimbra
Let's say I want to set up Outlook as john@example.com, but my site does not have the required Autodiscovery XML files set up. I enter that email address in Outlook, now Outlook does the following:
- Autodiscover posts to https://example.com/Autodiscover/Autodiscover.xml. This fails.
- Autodiscover posts to https://autodiscover.example.com/Autodiscover/Autodiscover.xml. This fails.
- Autodiscover performs the following redirect check: GET http://autodiscover.example.com/Autodiscover/Autodiscover.xml. This fails.
- Autodiscover uses DNS SRV lookup for autodiscover.tcp.example.com, and then "mail.example.com" is returned.
- Outlook asks permission from the user to continue with Autodiscover to post to https://mail.example.com/autodiscover/autodiscover.xml.
- Autodiscover's POST request is successfully posted to https://mail.example.com/autodiscover/autodiscover.xml.
Creating the proper DNS entries
To set the proper DNS, you should have 2 different DNS entries.
- The first one is a CNAME DNS entry pointing to the proper Zimbra FQDN, for example autodiscover.zimbra.io to zimbra86.zimbra.io. Please be aware that the SSL Certificate needs to have the autodiscover.zimbra.io inside using a Wildcard Certificate or a SAN for the record, or Autodiscover will fail in this step:
- The second DNS record that we need is the SRV one, with the Zimbra FQDN, the service, the protocol, the priority, the weight, the port, and the hostname. For example, using Bind you will need to add a DNS entry like the next one:
Note: You can play with the priority and weight of the DNS record for an Autodiscovery HA based in DNS.
Check the Autodiscover using the DNS
You can check if you have the proper DNS configuration using the regular DNS tools provided by your Operating System. This doesn't necessarily mean that your Autodiscover works in the Zimbra server, but at least you can see if you have properly configured your DNS Server.
In Microsoft Windows
You can test it in Microsoft Windows using nslookup, open a CMD, and introduce the next command to test your Autodiscover DNS record:
nslookup -q=srv _autodiscover._tcp.example.com
In Linux/OS X
You can test it in Linux or OS X using dig, open a terminal/console, and introduce the next command to test your Autodiscover DNS record:
dig _autodiscover._tcp.zimbra.io SRV
Check the Autodiscover using the Official Online Microsoft Tool
Microsoft has an Online tool where we can test the Autodiscovery, if needed: https://testconnectivity.microsoft.com/ You will see the next window, then select the option called Microsoft Office Outlook Connectivity Tests > Outlook Autodiscover
In the next Window, use an account where you can login into your Zimbra server to test Autodiscover. Note: Please use a test account that you can delete later, or use an account where you can change the password after this test. Important note: In my first test using the Test Connectivity from Microsoft, I received an error because I didn't enable the EWS funcionality to the account I was testing. Enabling the EWS Feature in the COS did the trick to work.
After a few seconds, you will be able to see the results. In this case everything seems to be OK:
If we click Expand All, we can see the steps that Autodiscover tried to work. As explained before, the only step that works here is the DNS one because:
- First, in example.com I don't have the Zimbra Server, I have my regular Website.
- Second, because autodiscover.example.com doesn't have the proper SSL certificate. I have a SSL certificate for mail.example.com for example.
- Third, finally the DNS record is valid, and Outlook can use this method to get the configuration.
Configure the Mail Clients
Now that you have your Autodiscover properly configured, you can follow the next Articles to configure your Mail clients:
- Windows Mail app using EAS (Exchange ActiveSync) in Windows 8, 8.1 and Windows 10
- Outlook 2016 for Mac and EWS Setup
- Outlook 2013 using EAS (Exchange ActiveSync)
- Outlook 2011 For Mac And EWS Setup With Screenshots
Identified Support/Known Issues
Known issues include the following bugs:
- Bug 85262 - Admin: Add Appendix to Admin Guide which documents the various autodiscovery settings