Hi Experts,

I have a question about the autodiscover behaviour. Let's assume we have the below infrastructure:

SiteA :

• MBX-Server-SiteA : Member of a DAG
• CAS-Server-SiteA : outlook anywhere url = siteA.domain.com

SiteB :

• MBX-Server-SiteB : Member of a DAG
• CAS-Server-SiteB-1 : outlook anywhere url = siteB-1.domain.com
• CAS-Server-SiteB-2: outlook anywhere url = siteB-2.domain.com
  

We have DB-1 and DB-2 that have copies in both MBX servers.

My question is how does exchange select the access URLs to return in the autodiscover process? I know that it depends on where the mailbox is hosted but can't find details about the process in the technet articles.

Thanks.

Hi AmineG,

Thank you for your question.

You are right. It will depend on where the active mailbox is hosted. Then it will do a search in AD database to find CASs URL which mailbox server connect. If site A and Site B are both faced Internet, it will redirect. If there is only one site which is faced Internet, it will proxy.

We could refer to the following link:

Notice: although this link is about Exchange 2010, it also apply to Exchange 2013.

https://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx

If there are any questions regarding this issue, please be free to let me know. 

Best Regard,

Jim

Thanks Jim for the details.

However I belive the decision whether to proxy or to redirect happens after the autodiscover process. It happens when the client tries to connect to the CAS server.

Let's assume it's an internal client to make things easier.

Case 1 :

• User Mailbox is hosted on MBX-Server-SiteA . I assume the autodiscover will return the url of CAS-Server-SiteA all right?
• Will it make a difference if the user is located in SiteB? (User's Client not the mailbox)?

Case 2 :

• User Mailbox is hosted on MBX-Server-SiteB . Will the autodiscover return siteB-1.domain.com or siteB-2.domain.com? Will it be just random?

Thanks again!

Hello,

• When auto discover goes to AD,  AD will provide all the SCP objects available in AD, client will choose which CAS server is very near , then client will connect to that URL

• if you restrict the auto discover to specific site using powershell command, AD will give only SCP objects where client is sitting. it will NOT give all the available SCP objects.

• Edited by DevWarner 3 hours 3 minutes ago

Hello,

• When auto discover goes to AD,  AD will provide all the SCP objects available in AD, client will choose which CAS server is very near , then client will connect to that URL

• if you restrict the auto discover to specific site using powershell command, AD will give only SCP objects where client is sitting. it will NOT give all the available SCP objects.

• Edited by DevWarner Wednesday, March 11, 2015 4:19 AM

Hello,

• When auto discover goes to AD,  AD will provide all the SCP objects available in AD, client will choose which CAS server is very near , then client will connect to that URL

• if you restrict the auto discover to specific site using powershell command, AD will give only SCP objects where client is sitting. it will NOT give all the available SCP objects.

• Edited by DevWarner Wednesday, March 11, 2015 4:19 AM

Hello,

• When auto discover goes to AD,  AD will provide all the SCP objects available in AD, client will choose which CAS server is very near , then client will connect to that URL

• if you restrict the auto discover to specific site using powershell command, AD will give only SCP objects where client is sitting. it will NOT give all the available SCP objects.

• Edited by DevWarner Wednesday, March 11, 2015 4:19 AM

Hi,

To summarise , I have people saying that autodiscover will return the closest CAS to the user and others saying autodiscover will return the closest CAS to where the mailbox is hosted. Any clarification on this please?

I'm only asking about the initial autodiscover response not the redirection/proxying behaviour (as this will be between the client and the CAS and come after the autodiscover process).

Thanks, Amine

Hi Amine,

When installing the Client Access Server (Autodiscover is part of this Server Role) the SCP is automatically created in Active Directory and configured with the default values. If you have multiple CAS Servers there will be multiple SCPs as well.

When Outlook is installed on a domain joined workstation then the Outlook client will query Active Directory for the Autodiscover information. Active Directory will return a list of SCPs and the Outlook client will automatically select the first SCP in this list. Using the information found in the SCP the Outlook client will contact the Client Access Server for its configuration information and the Outlook client will be configured automatically

If there are any questions regarding this issue, please be free to let me know. 

Best Regard,

Jim

I have people saying that autodiscover will return the closest CAS to the user and others saying autodiscover will return the closest CAS to where the mailbox is hosted. Any clarification on this please?

There's quite a few details that are involved in the Autodiscover process. First of all - probably the most important thing is that there are 2 stages to the whole process.

In the first stage, the client is simply concerned with getting the address of a CAS server that will help it further. We'll keep things simple and assume your scenario where the client is located inside the network and is domain-joined. The details of the LDAP query are detailed in this link. (At the time I was investigating this I've actually went ahead and ran the queries using the ldp.exe client against the Configuration partition of the respective AD domain - it's worth seeing the actual responses.) An interesting trick here is the 'keywords' attribute that's stamped on those SCP entries. The reason behind it is that you don't want a client located in a site to go half across the globe in order to connect to a CAS server, when there's one available in its own site. One simple way to get the 'keywords' attribute stamped is through the Set-ClientAccessServer cmdlet, using the -AutodiscoverSiteScope parameter. In your example, you'd probably want to run it against the CAS server in Site A and specify the name of the corresponding AD site ('SiteA') and correspondingly against the 2 CAS servers in Site B (using 'SiteB'). Once the client has got the response to his query, it will attempt to select one server that's handling the site he's in (essentially it will filter the results based on 'keywords' -contains <client-site>). Now that we got our endpoint we can go to stage 2.

In stage 2, the client will actually use EWS in order to query the Autodiscover service itself running on our target server. There are 2 possible interfaces of accessing the Autodiscover service: POX (Plain Old XML) and SOAP. POX will be targeting the ../Autodiscover.xml URLS, while the SOAP one will be using ../Autodiscover.svc URLs. Details about this including some hardcoded parts are here. What happens next is detailed in point 3, section 2.1 The Autodiscover Process here. This last link is the key to the whole process:

"It provides a list of CAS that has AutodiscoverSiteScope information set for the Associated AD site of the Database where the client Mailbox is located."

In other words, the CAS is smart enough to return the URLs belonging to a CAS server in the AD site where the client's mailbox' database is active.

My advice is to test this on your scenario. Tests can be done here first-hand: the Outlook's tray icon Test E-Mail AutoConfiguration can be used or alternatively - if you want to see the details in the communication - SoapUI for the SOAP access method, for POX there's an extension called 'Postman for Chrome' that can be used. I've used all these in my tests back when I was fighting conflicting results from the articles around the web about Autodiscover.

• Marked as answer by Amine.G 11 hours 3 minutes ago

There's quite a few details that are involved in the Autodiscover process. First of all - probably the most important thing is that there are 2 stages to the whole process.

In the first stage, the client is simply concerned with getting the address of a CAS server that will help it further. We'll keep things simple and assume your scenario where the client is located inside the network and is domain-joined. The details of the LDAP query are detailed in this link. (At the time I was investigating this I've actually went ahead and ran the queries using the ldp.exe client against the Configuration partition of the respective AD domain - it's worth seeing the actual responses.) An interesting trick here is the 'keywords' attribute that's stamped on those SCP entries. The reason behind it is that you don't want a client located in a site to go half across the globe in order to connect to a CAS server, when there's one available in its own site. One simple way to get the 'keywords' attribute stamped is through the Set-ClientAccessServer cmdlet, using the -AutodiscoverSiteScope parameter. In your example, you'd probably want to run it against the CAS server in Site A and specify the name of the corresponding AD site ('SiteA') and correspondingly against the 2 CAS servers in Site B (using 'SiteB'). Once the client has got the response to his query, it will attempt to select one server that's handling the site he's in (essentially it will filter the results based on 'keywords' -contains <client-site>). Now that we got our endpoint we can go to stage 2.

In stage 2, the client will actually use EWS in order to query the Autodiscover service itself running on our target server. There are 2 possible interfaces of accessing the Autodiscover service: POX (Plain Old XML) and SOAP. POX will be targeting the ../Autodiscover.xml URLS, while the SOAP one will be using ../Autodiscover.svc URLs. Details about this including some hardcoded parts are here. What happens next is detailed in point 3, section 2.1 The Autodiscover Process here. This last link is the key to the whole process:

"It provides a list of CAS that has AutodiscoverSiteScope information set for the Associated AD site of the Database where the client Mailbox is located."

In other words, the CAS is smart enough to return the URLs belonging to a CAS server in the AD site where the client's mailbox' database is active.

My advice is to test this on your scenario. Tests can be done here first-hand: the Outlook's tray icon Test E-Mail AutoConfiguration can be used or alternatively - if you want to see the details in the communication - SoapUI for the SOAP access method, for POX there's an extension called 'Postman for Chrome' that can be used. I've used all these in my tests back when I was fighting conflicting results from the articles around the web about Autodiscover.

• Marked as answer by Amine.G Friday, March 13, 2015 8:19 PM

There's quite a few details that are involved in the Autodiscover process. First of all - probably the most important thing is that there are 2 stages to the whole process.

In the first stage, the client is simply concerned with getting the address of a CAS server that will help it further. We'll keep things simple and assume your scenario where the client is located inside the network and is domain-joined. The details of the LDAP query are detailed in this link. (At the time I was investigating this I've actually went ahead and ran the queries using the ldp.exe client against the Configuration partition of the respective AD domain - it's worth seeing the actual responses.) An interesting trick here is the 'keywords' attribute that's stamped on those SCP entries. The reason behind it is that you don't want a client located in a site to go half across the globe in order to connect to a CAS server, when there's one available in its own site. One simple way to get the 'keywords' attribute stamped is through the Set-ClientAccessServer cmdlet, using the -AutodiscoverSiteScope parameter. In your example, you'd probably want to run it against the CAS server in Site A and specify the name of the corresponding AD site ('SiteA') and correspondingly against the 2 CAS servers in Site B (using 'SiteB'). Once the client has got the response to his query, it will attempt to select one server that's handling the site he's in (essentially it will filter the results based on 'keywords' -contains <client-site>). Now that we got our endpoint we can go to stage 2.

In stage 2, the client will actually use EWS in order to query the Autodiscover service itself running on our target server. There are 2 possible interfaces of accessing the Autodiscover service: POX (Plain Old XML) and SOAP. POX will be targeting the ../Autodiscover.xml URLS, while the SOAP one will be using ../Autodiscover.svc URLs. Details about this including some hardcoded parts are here. What happens next is detailed in point 3, section 2.1 The Autodiscover Process here. This last link is the key to the whole process:

"It provides a list of CAS that has AutodiscoverSiteScope information set for the Associated AD site of the Database where the client Mailbox is located."

In other words, the CAS is smart enough to return the URLs belonging to a CAS server in the AD site where the client's mailbox' database is active.

My advice is to test this on your scenario. Tests can be done here first-hand: the Outlook's tray icon Test E-Mail AutoConfiguration can be used or alternatively - if you want to see the details in the communication - SoapUI for the SOAP access method, for POX there's an extension called 'Postman for Chrome' that can be used. I've used all these in my tests back when I was fighting conflicting results from the articles around the web about Autodiscover.

That's a long way of saying we get the AutoD URL of a CAS server closest to the workstation, which then provides the configuration to use which are the the URLs closest to the mailbox  :)

By all means look at the SOAP response, but Outlook will only use POX.  Lync does SOAP along with other 3rd party apps.

Hi Amine,

SCP include autodiscover service to point to CAS server. so when it choose SCP, it means it choose CAS server.
We could refer to the following link:
https://msdn.microsoft.com/en-us/library/office/dn467395%28v=exchg.150%29.aspx 

If there are any questions regarding this issue, please be free to let me know.
 
Best Regard,