EDIT 10/4/2007: Since this post has been published, we have updated the Exchange 2007 Autodiscover Service whitepaper to include this information. Please consult the whitepaper for most up-to-date information.

Previously customers who wanted to deploy Autodiscover for Internet clients had to use one of three methods:

Method

Pros

Cons

1 SSL Certificate that is valid for multiple DNS names (or Subject Alternative Names)

- Simple configuration

- Requires only one Certificate.

- Requires only 1 website and 1 public IP.

- Cost of additional DNS names for SSL Certificates can be more expensive.

2 single-name SSL Certificates (one specifically for autodiscover).

- 2 single-name certificates may be less costly than a certificate with multiple names.

- Complex configuration. 

- Requires 2 websites and 2 Public IP's.

- Difficult to load balance 2 sites.

1 single-name SSL Certificate with a second HTTP redirection website.

- Only requires 1 single-name SSL certificate.

 

- Complex configuration. 

- Requires 2 websites and 2 Public IP's.

- Difficult to load balance 2 sites.

- Additional dialog is displayed to the Outlook users asking if they trust the redirected URL.

 

For a few customer groups (primarily very small customers and hosters), these methods provided a less than perfect solution. Many of our smallest customers can't afford the additional cost that certificates with multiple names can incur nor do they have 2 public IP addresses available to dedicate to Autodiscover. Many of our larger hosting organizations don't want to deal with the complexities of load-balancing multiple web sites or incur the cost associated with Certificates with multiple names for every company they host.

This new method of location Autodiscover using DNS Service Location (SRV) records satisfies both of these requirements.

Method

Pros

Cons

1 single-name SSL Certificate with DNS SRV Lookup.

- Simple configuration

- Requires only 1 website and 1 public IP.

- Only requires 1 single-name SSL certificate

- Not all DNS hosting providers support DNS SRV records.

- Additional dialog is displayed to the Outlook users asking if they trust the redirected URL.

- Requires Outlook 2007 client-side hotfix.

 

To obtain this feature, you must apply Outlook 2007 Hotfix KB 939184. This feature is also scheduled to be included in Outlook 2007 Service Pack 1. For more information on how to implement this feature see KB 940881.

- Brad Hughes