AutoDiscover redirection permits the tenant organizations to connect to the hosting organization by using a single instance of AutoDiscover. AutoDiscover redirection also permits all of the tenants to use the same SSL certificate.
In order to use AutoDiscover features with hosted e-mail domains, you must set up and configure a site that will function as a redirector to the main Exchange AutoDiscover Web site. For each hosted e-mail domain that you offer, an alias (CNAME) will be setup in DNS to refer AutoDiscover capabilities to this AutoDiscover Redirection Web site. This AutoDiscover Redirection Web site will re-direct the users to the main Exchange AutoDiscover Web site which will then provide the correct information to Outlook clients.
Configure AutoDiscover redirection:
- Setup the AutoDiscover redirect site
- Configure the Client Access servers to handle AutoDiscover requests
- Setup the DNS record for the tenant organization.
Prerequisites:
Have a server running Internet Information Services (IIS), the Client Access Server and the Domain Controller can’t be the same server.
Or to have other IP on same server Client server on below scenario I have only one server with below rules:
- Exchange server (Mailbox, Access, Hub, OWA).
- Auto Discover Redirect rule.
- Setup the AutoDiscover redirect site
- On the server that will be running IIS and the Autodiscover redirect, install the HTTP Redirection module.
- Create a virtual website for Autodiscover redirection.
- On the Server that is running IIS manager, open the IIS manager.
- In the console tree, expand the server.
- Right-click on Sites, and then click Add Web Site.
- In the Site name field, type AutodiscoverRedirection.
- Select a Physical path to the virtual website. For example D:\Autodiscover Redirection.
- In the binding section, complete the following options
Type: http
IP address: Type or select the explicit IP Address to the redirection server. - Click OK.
- Create a virtual directory for Autodiscover redirection.
- In the console tree, right-click on the AutodiscoverRedirection website, and then select Add Virtual Directory.
- In the Add Virtual Directory dialog box, complete the following options:
Alias: Autodiscover
Physical path: Select the physical path to the virtual directory. This should be a sub folder of the Autodiscover Redirection virtual website that you created in the previous step. For example D:\Autodiscover Redirection\Autodiscover. - Click OK.
- Configure HTTP Redirection for Autodiscover.
- In the console tree, click on the Autodiscover virtual directory. In the results pane double-click on HTTP Redirect.
- Click the Redirect requests to this destination checkbox.
- Type the autodiscover redirection address. For example, https://mail.domain.com/autodiscover. This address will match the ExternalURL that you will use in configuring Client Access servers to handle the Autodiscover requests.
- Configure the Client Access servers to handle AutoDiscover requests
- Enable Outlook Anywhere by using the Enable-OutlookAnywhere cmdlet. You must set the following options:
- DefaultAuthenticationMethod: Basic
- ExternalHostName: The ExternalHostName specifies the host name that users outside of the organization will connect to Outlook Anywhere. For example, mail.domain.com.
- SSLOffloading: $false
This example enables the server Server01 for Outlook Anywhere. The external host name is set to mail.domain.com, Basic authentication is used, and SSL offloading is set to $false.
Enable-OutlookAnywhere -Server Server01 -ExternalHostname mail.domain.com -DefaultAuthenticationMethod:Basic -SSLOffloading $False
- Configure the AutoDiscover Virtual Directory by using the Set-AutoDiscoverVirtualDirectory cmdlet. You must set the following options:
- BasicAuthenication: $true
- InternalURL: The url that is used to connect to the virtual directory from outside the organization. Use /autodiscover at the end of the URL to specify the autodiscover virtual directory.
- ExternalURL: The url that is used to connect to the virtual directory from inside the organization. Use /autodiscover at the end of the URL to specify the autodiscover virtual directory.
This example sets the InternalURL and ExternalURL of the default autodiscover virtual directory to https://mail.domain.com/autodiscover with basic authentication enabled.
Set-AutodiscoverVirtualDirectory -Identity ‘autodiscover (default Web site)’ -ExternalURL ‘https://mail.domain.com/autodiscover’ -InternalURL ‘https://mail.domain.com/autodiscover’ -BasicAuthentication $true
- Set the OAB Virtual Directory by using the Set-OABVirtualDirectory cmdlet. You must set the following options:
- RequireSSL: $true
- InternalURL: The InternalURL specifies the URL that is used to connect to the virtual directory from inside of the organization. Use /OAB at the end of the URL to specify the OAB virtual directory.
- ExternalURL: The ExternalURL specifies the URL that is used to connect to the virtual directory from outside of the organization. Use /OAB at the end of the URL to specify the OAB virtual directory.
- BasicAuthentication: $true
This example sets the default OAB virtual directory that resides on Server01 to require SSL, and sets the internal URL and external URL to https://mail.domain.com/OAB. It also sets the authentication method to basic authentication.
Set-OABVirtualDirectory -Identity “Server1\OAB (Default Web Site)” -ExternalUrl “https://mail.domain.com/OAB” –InternalURL https://mail.domain.com/OAB -BasicAuthentication $true -RequireSSL $true
- Set the Web Services Virtual Directory by using the Set-WebServicesVirtualDirectory cmdlet. You must set the following settings:
- ExternalURL: The ExternalURL specifies the URL that is used to connect to the virtual directory from outside of the organization. Use /EWS/Exchange.asmx at the end of the URL to specify the web services virtual directory.
- InternalURL: The InternalURL specifies the URL that is used to connect to the virtual directory from inside of the organization. Use /EWS/Exchange.asmx at the end of the URL to specify the web services virtual directory.
- BasicAuthentication: $true
This example sets the authentication method to Basic authentication for the virtual directory EWS on the server SERVER01. This example also sets the external and internal URLs for this virtual directory to https://www.domain.com/EWS/Exchange.asmx.
Set-WebServicesVirtualDirectory -Identity “SERVER01\EWS(default Web site)”-BasicAuthentication $true -ExternalUrl https://mail.domain.com/EWS/exchange.asmx -InternalUrl https://mail.domain.com/EWS/exchange.asmx
- Setup the DNS record for the tenant organization.
Only create Autodiscover record and make it redirect to Redirect IP.
Now you can test Run Remote Connectivity Analyzer
Configure Autodiscover Redirection for the Multi-Tenant Organization
IT Blog 
Posted by stefan on May 16, 2013 at 1:23 pm
Hy, nice guide 🙂
autodiscover works for me with tenant-domains but i get a certificate warning with outlook: “The name of the security certificate is invalid or does not match the name of the site.”
dns-names in the cert:
DNS-Name=mail.tenant-domain.at
DNS-Name=webmail.tenant-domain.at
DNS-Name=autodiscover.tenant-domain.at
any idea?
Posted by Tarek Mostafa Kamel on May 22, 2013 at 6:48 am
Hi Stefan,
Thanks, i have same issue here, you will need to have SSL include all domains Up to unlimited 🙂