I currently have over 10 inbound SMTP routing domains and want to know the following answersas far as the names to include in my SAN/UCC cert as it seems most cert providers start with a basic 4/5 name starting price. 1. Do I need to include an "autodiscover.domain1.com", "autodiscover.domain2.com"name for each domain I want users to be able to auto create profile for? 2. Additionally, do I need to include separate "domain1.com", "domain2.com" names in my SAN/UCC cert? All users in my environment have different email address domains, so when prompted to auto create their profile, they will all be using their own email address domain. The way I understand it,Outlook 2007 first tries to query "autodiscover + the default domain name of the user's email address used" and if this fails, tries just the domain name of the user's email address used. I could create a DNSCNAME record for each email domain,pointing them all back to a single"autodiscover.domain1.com" and "domain1.com" name/ip of the name I use in my SAN/UCC cert; or does the exactdomain usedby the user have to exist in the SAN/UCC cert? I am trying to limit the names I use in my cert process (from a cost perspective) and I do not want to use a wilcard cert. I have the following so far, however it only incldes one inbound email domain. webmail.domain1.com --> For OWA and Active Sync Users autodiscover.domain1.com --> For autodiscover domain1.com --> For autodiscover internalcasservername1.domain1.local --> for internal name resolution internalcasnetbiosname1 --> for internal name resolution internalcasservername2.domain1.local --> for internal name resolution internalcasnetbiosname2 --> for internal name resolution Can I get away with using CNAME records and still have autodiscover work correctly? Thanks NTNEWS

Dear customer: An Outlook 2007 client connects to the Autodiscover service as follows: 1. Outlook 2007 sends a Lightweight Directory Access Protocol (LDAP) query to Active Directory looking for all available SCP objects. 2. Outlook 2007 sorts and enumerates the returned results based on the client's Active Directory site by using the keyword attribute of the SCP record. One of two lists is created, an in-site list or an out-of-site list. The in-site list provides the SCP records that have AutodiscoverSiteScope information. AutodiscoverSiteScope is a parameter that is set on the Client Access server by using the Set-ClientAccessServer cmdlet. The parameter specifies the site for which the Autodiscover service is authoritative. The AutodiscoverSiteScope information contained in the SCP records for the in-site list matches the Active Directory site for the Outlook client. If there are no in-site records, an out-of-site SCP record list will be generated. The list is not sorted in any particular order. Therefore, the list is approximately in the order of oldest SCP records (based on creation date) first. 3. Outlook first tries to connect to each Autodiscover URL that it had previously generated from either an in-site list or an out-of-site list. If that doesn't work, Outlook will try to connect to the predefined URLs (for example, https://autodiscover.contoso.com/autodiscover/autodiscover.xml) by using DNS. If that fails also, Outlook will try the HTTP redirect method and, failing that, Outlook will try to use the SRV record lookup method. If all lookup methods fail, Outlook will be unable to obtain Outlook Anywhere configuration and URL settings. 4. The Autodiscover service queries Active Directory to obtain the connection settings and URLs for the Exchange services that have been configured. 5. The Autodiscover service returns an HTTPS response with an XML file that includes the connection settings and URLs for the available Exchange services. 6. Outlook uses the appropriate configuration information and connection settings to connect to your Exchange messaging environment. For the first question, you should include an "autodiscover.domain1.com", "autodiscover.domain2.com" name for each domain. For the second question, you should include separate "domain1.com", "domain2.com" names in your SAN/UCC certificate. If you concern the cost of the Unified Communications certificate, you could install Windows Certificate Services and create and install your own SSL certificate that includes multiple DNS names. Although this may be the least expensive approach at first, you will incur the additional administrative overhead of distributing and maintaining the root certificates to your users so that clients that are not domain-connected can follow the certificate chain up to the trusted root certificate store. Additionally, your Outlook Anywhere users must manually install the root certificate on their remote workstations and Exchange ActiveSync users must manually install the root certificate on their mobile devices. For more information about Exchange 2007 Autodiscover Service, please refer to the following article: White Paper: Exchange 2007 Autodiscover Service http://technet.microsoft.com/en-us/library/bb332063.aspx Hope it helps. Rock Wang - MSFTRock Wang MSFT

Hi,Thanks for the information, but how do you create (or where can I find info on) a UCC using the Windows Certificate Server?Please advise,@ndyP