Read more about CNAME and SRV records in the Outlook team blog, Namespace planning in Exchange 2016. Autodiscover services in Outlook. With only the user credentials.
Posted by1 year ago
Archived
Outlook 2016 and getting rid of Autodiscover redirection popups.. What am I missing?
Hi everyone! I'm still a new-ish junior admin and have been trying to assist in fixing Autodiscover in our environment. (X-posting this from /r/sysadmin, seemed relevant enough given this is more of an Exchange Autodiscover issue than an Outlook client issue)
We have ~100 vanity aliases in our org. (dept1.company.com, dept2.company.com, etc.) In the past, our SSL certificates for Exchange never had an 'autodiscover.dept[x].company.com' name for these subdomains, only 'autodiscover.company.com'. We also have a split DNS configuration; internal DNS on our domain controllers, and DNS servers run by our separate network team.
With Outlook 2013 and 2010, we never really ran into issues because users' accounts were always added by UPN (which is [email protected]), and shared mailboxes/calendars weren't really making any additional Autodiscover calls after being added into Outlook via an additional '[mailbox]@company.com' alias we always made. (Obviously things like Lync/SfB conversation history and calendar integration did not work in this configuration, but we lived with it)
Starting with Outlook 2016, the Outlook client started making Autodiscover calls for more things-- Most notably, when accessing/modifying shared mailboxes and calendars on a day-to-day basis. The symptom we started seeing was that any of our users that were not joined to our domain (so anyone with local workstations such as a personal machine, or quasi-supported departments with their own domain) started being unable to make changes to calendars, etc. when an Exchange resource has any departmental domain as its primary SMTP alias. We made a Microsoft Premier ticket and they confirmed that this was expected, and to fix it, we needed to do one of 2 things:
![Autodiscover Popup Outlook 2016 Autodiscover Popup Outlook 2016](http://1.bp.blogspot.com/-Xee2JL6oqKU/VqtgcvjRC0I/AAAAAAAABMc/O_ChOF3aLvg/s1600/connectivity%2Btest%2Bfailed.png)
- Add A records for each subdomain, and users will get Autodiscover redirect popups unless we suppressed them.
- Add an 'autodiscover.dept[x].company.com' name for all subdomains in our SSL cert, and create an A record for each name pointing to Exchange. (Supposedly this was supposed to keep popups from occurring.)
![Autodiscover Popup Outlook 2016 Autodiscover Popup Outlook 2016](/uploads/1/2/5/2/125251370/861798545.png)
We chose option 2, and switched to SSL offloading with our F5 load balancer while we were at it. So right now, we have a massive SAN certificate in our load balancer with all those Autodiscover names for each departmental subdomain, and we made a few A records in our external DNS for a few of these names as a test. Lo and behold, our problems with accessing mailboxes/calendars disappears as expected, but with one caveat: Autodiscover redirection warnings are still popping up. Tried the same thing with a CNAME and the Exchange URL instead of an A record + IP, but the redirect popup still happened.
So, being still relatively new at all this, I'm at a loss... Is this expected behavior and we need to suppress these redirection popups by this method? Are we doing something wrong? If there's any other info or explanation that I can provide to better help understand the situation, I'd be glad to oblige!
81% Upvoted