As mentioned in my previous post on the subject of Autodiscover Service and Outlook Providers - I wanted to follow-up with the discussion of modifying the providers.
What is the impact when we change the Outlook provider configuration? In what scenarios the Outlook provider should be modified? Relatively few changes will need to be made in the Outlook Providers. Please also note that depending on the modification that was made, Autodiscover might stop working or prevent the client to connect to the Exchange server, so this should not be done lightly!
The cmdlet Set-OutlookProvider allows modifying related settings. As we can see in the table below, the parameters Server and CertPrincName only apply to Outlook EXPR provider - Outlook Anywhere clients. By default both values are set to $null.
If RPC is used (Outlook Anywhere not selected in GUI), protocol is EXCH. If RPC/HTTP is selected, protocol is EXPR.
The value here specifies the name of the mail server to use for RPC/HTTP.
This value is only used for EXPR types. It specifies the SSL certificate principal name required when connecting externally from the Exchange topology and using SSL. For example, if SERVER were specified as "fourthcoffee.com" and CERTPRINCNAME were left blank the default value of CERTPRINCNAME would be "msstd:fourthcoffee.com".
The value here specifies the time to live in hours that these settings are valid for. After that time has elapsed (from the time the settings were retrieved), the settings should be rediscovered via Autodiscover again. A value of 0 indicates that no rediscovery will be required. If no value is specified, the default will be a TTL of 1 hour.
We will consider a few scenarios and the impact if you the change Outlook provider configuration:
Scenario 1: Multiple AD sites where both CAS servers are Internet-Facing and Outlook Anywhere is enabled. Each Client Access Server has its own certificate installed. The User1 mailbox is located on a Mailbox server on AD site 1, and User2 mailbox on a Mailbox server on AD site 2. Both Outlook clients are on the Internet, thus they will connect through Outlook Anywhere.
Note: Autodiscover is configured properly on the Internet as Autodiscover.fourthcoffee.com.
When the User1 connect to Autodiscover.fourthcoffee.com server, the Autodiscover service will identify the request comes from an Outlook client and then will return both InternalURLs and ExternalURLs.
In this scenario we will explain the importance of not changing Outlook providers. As the parameters Server and CertPrincName are $null. The Service Discovery will return to the client the best CAS for Outlook Anywhere, in this case mail1.fourthcoffee.com.
The same behavior will happen when the User2 connects to Autodiscover.fourthcoffee.com. The Service Discovery will return to the client the best CAS for Outlook Anywhere, in this case mail2.fourthcoffee.com. As the parameters Server and CertPrincName are set to $null, they will be populated with the same value as ExternalHostName.
Remember that the Outlook provider is a global setting in Active Directory. What would happen if you have modified the parameter Server to mail1.fourthcoffee.com?
Set-OutlookProvider EXPR -Server mail1.fourthcoffee.com
This setting will force all Outlook Anywhere clients, User1 and User2 to connect to the same CAS server mail1.fourthcoffee.com no matter where the user mailbox is located, preventing the Service Discovery to provide the best CAS.
Another issue could result if you decided to change Outlook Anywhere ExternalHostName to Outlookanywhere.fourthcoffee.com. The setting on the EXPR Outlook provider set to mail1.fourthcoffee.com will prevent Outlook Anywhere to connect since the mail1.fourthcoffee.com is not longer available.
Scenario 2: Consider the same scenario as the above, however a wildcard certificate was deployed across the Client Access Servers - *.fourthcoffee.com. No change was made to the ExternalUrls and Outlook Anywhere ExternalHostName is set to mail1.fourthcoffee.com.
As the parameters Server and CertPrincName are $null. The Service Discovery will return to the client the best CAS for Outlook Anywhere, in this case mail1.fourthcoffee.com, and will configure the Certificate Principal Name to msstd:mail1.fourthcoffee.com. Given that the Certificate Principal Name setting does not match to the wild certificate installed on the CAS, it is required to modify the parameter CertPrincName.
Set-OutlookProvider EXPR -CertPrincipalName msstd:*.fouthcoffee.com
With this new setting the Service will always return to the Outlook client the CertPrincName set in the EXPR provider.
See: When Outlook Anywhere clients connect to Exchange 2007 and a wildcard certificated are deployed across Exchange Client Access servers.
Scenario 3: Once the Outlook 2007 client has successfully created a profile, it will update by default every hour according to the parameter TTL set. This configuration can be modified.
Set-OutlookProvider -Identity msExchAutoDiscoverConfig -TTL 2
See: Duration that the auto-discovery settings are valid for the Outlook Provider.
I hope you have found this useful!
- Vandy Rodrigues