Hi all!

I have a really strange one here...
First of all, everything is working just fine, Exchange 2013 CU9 and outlook client 2013 latest updates. We use MAPI over HTTP.

Now the problem is and only with non domain joined PC`s with autodiscover and root domain query.
I have my root doain on port 443 CLOSED on my firewall and we do not use it at all.

When I add outlook profile it takes almost 10 minutes to set up an account.

If I use registry to disable root domain autodiscover lookup, account sets up INSTANTLY.

Isn`t Outlook supposed to connect to root domain and if it fails to autodiscover.rootdomain ?
In my case outlooks (2013 and I tested with 2016 aswell) keeps connecting to root autodiscover domain for 5-10 minutes even though I have port 443 closed.

Any idea?

Hello 

Autodiscover for non domain joined comouter always try to connect to root domain for SCP information.

Please let us know if you are trying to connect from internet or within company network. 

it used email address fileds are @ like in XXXX@mydomain.com, it will search for mydomain.com for the autodiscover xml file and same information is stored in registry we call SCP.

Hi!

I try to connect from outside network which has nothing to do with company network.

Problem is, that this root query takes a very long time before it figures out that it is not available and then go to autodiscover.rootdomain query which works instantly.I have to add like 10 delegate mailboxes and imagine how long it takes to proccess each mailbox. I waited almost 2 hours to add all of them.

When I disabled root domain query in registry it took 2 minutes to configure outlook with 10 delegate mailboxes...

Hello

You need to check the public url for Autodiscover. Let say it is 

"https://" + domain + "/autodiscover/autodiscover" + fileExtension

Check your Autodiscover SRV record using nslookup as below:

Type cmd in run, and enter nslookup

>Set q=srv

> _autodiscover._tcp.yourdomain.com

check the server it is hitting. Now you can go to that server and manually specify a domain controller using the powershell to be used by exchange query.

Set-ADServerSettings -SetPreferredDomainControllers DC.yourdomain.com

Let me know if this helps.

How could this help?

Any why should I set SRV record if I have autodiscover.domain.com and this is outside client, not inside...

Please read my post again.

Hello

if you check in nslookup

>server 8.8.8.8

>autodiscover.yourdomain.com

you will find a public IP. That will be NAT to you internet facing CAS server. Did you check if this is corectly configured. 

also check which domain controller is set primary for exchange using below command

Get-ADServerSetting

I have 1 DC.

Autodiscover works just fine, problem is just that when it is doing root domain check it takes forever to move to next check which is autodiscover.domain.com