Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
윤중서 / 차장
CSS
한국마이크로소프트
CAS 의 주요 기능
What is Autodiscover
자동으로 클라이언트를 설정하여 Exchange 2007 Mailbox 에 최초 접속을 하게 되며,
메일박스가 Move하더라도, 사용자에게 알릴 필요 없이자동적으로 업데이트 됨.
Why do we need Autodiscover ?
반드시 필요한 건 아니지만, 여러분의 삶을 쉽게 해줌.
많은 데스크탑을 적절히 셋팅하는 것은 큰 burden
모든 아웃룩 유저대상 교육 burden
아웃룩 2007 클라이언트만이 Autodiscover를 사용할 수있음.
What does it do For Me?
AutoDiscover 는 아웃룩 2007 에 다음 정보를 제공
Display Name
Server
Alias
Availability Server URL
OOF URL
OAB URL or Location
Unified Messaging URL
Auth Package
Flow
AutoDiscoverService
Outlook providerActive Sync provider
ServicesDiscovery Active
Directory
XML Request
XML Response
Exchange 2007 Client Access Server
AD Lookup
OutlookClient
AutoDiscover Service(I)
CAS role 추가 시 자동적으로 인스톨.
가상디렉토리가 기본 웹사이트 내에 생성 통합인증
SSL방식 enabled
MSexchangeAutodiscoverAppPool
Aspnet_isapi.dll
AutoDiscover과 Provider가 사용하는 파일/폴더 \Microsoft\Exchange Server\ClientAccess\Autodiscover
Autidiscover.xml/default.aspx/Global.asax/web.config
\Microsoft\Exchange Server\ClientAccess\Autodiscover\bin
Microsoft.Exchange.Autodiscover.Common.dll
Microsoft.Exchange.Autodiscover.Core.dll
Microsoft.Exchange.Autodiscover.Providers.MobileSync.dll
Microsoft.Exchange.Autodiscover.Providers.Outlook.dll
Microsoft.Exchange.Autodiscover.Web.dll
Autodisocver Service(II)
SCP(Service-Connection-Point) 오브젝트가 AD에 생성됨
SCP? AutoDiscover 서비스에 대한 URL정보 포함
<CASNetiosname>.domain.com/AutoDiscover/AutoDiscover.xml
Intranet Client를 위해 존재
이것이 있기 때문에 DNS를 통해 AutoDiscover 서비스를 찾을필요가 없음.
현재까지 Outlook 2007 만이 SCP를 Retrieval할 수 있는 유일한클라이언트임
CAS가 추가 될때 마다 생성. 복수개의 SCP가 존재할 수 있다.
Self signed certificate가 기본 웹사이트에 인스톨 MS에서는 completely trusted certificate를 권장함.
Autodisocver Service(III)
SCP Domain logon
OL2007는 SCP부터 찾음.
SCP에는 AutoDiscover svc에 대한 URL포함하고 있음.
여러 개 존재 시, Outlook은 가장 가까운 것을 선택한다.
DNS Not domain logon or SCP 없을때.
DNS를 통해서 AutoDiscover SVC를 찾음
SMTP suffix 이용 : [email protected]
https://ads.com/autodiscover/autodiscover.xml
https://autodiscover.ads.com/autodiscover/autodiscover.xml
http://ads.com/autodiscover/autodiscover.xml
http://autodiscover.ads.com/autodiscover/autodiscover.xml
Exchange captures Outlook request, and builds specific
connection settings for Outlook
AD
XML Config
AutoDiscoverService
HTTPS Request
Configuration Information
AD Lookup
https://server.name/autodiscover/autodiscover.xml
Outlook 2007 [email protected]
2 Outlook queries for SCP’s in AD to locate an Exchange Client Access
Server
4
Configuration settings are
downloaded by Outlook and applied
to profile
5
Client Access Server role
1 Outlook automatically fills out the user’s email address
and password from AD
10
Outlook does an HTTPS query to the autodiscover URL obtained from the
SCP
3
Profile creation
Exchange captures Outlook request, and builds specific
connection settings for Outlook
AD
XML Config
AutoDiscoverService
HTTPS Request
Configuration Information
AD Lookup
autodiscover.contoso.com contoso.com/autodiscover
Outlook [email protected]
1 Outlook parses email address provided to locate an Exchange
Client Access Server at a pre-defined location
(domain.com/autodisover or
autodiscover.domain.com)
2
Configuration settings are
downloaded by Outlook and applied
to profile
3Client Access server role
11
DNS
Profile creation
Because of failure, Outlook performs
AutoDiscover Request
Exchange captures Outlook request, and builds new
connection settings for Outlook.
For X-Forest move will provide re-
direct to a Client Access server in
new forest.AD
Forest re-direct
Configuration Information
AD Lookup
Old Exchange Mailbox Server
1 2
Outlook downloads and applies
configuration settings for new
forest
3
New Exchange Mailbox Server
Fail
AutoDiscoverService
Outlook Fails to connect to old
server (after a move)
5
Outlook 2007 [email protected]
HTTP Request
AD
Configuration Information
AD Lookup
AutoDiscoverService
Outlook repeats the AutoDiscover
process with the new forest
4
Client Access Server
Cross forest moves
Providers(I)
Provider 정보가 포함된 XML 요청이 Autodiscover 서비스에 들어오면, 어떤 Provider 를 사용할 지 결정.
Outlook
Active Sync
xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006"
xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/requestschema/2006"
OUTLOOK
ActiveSync(MobileSync)
Provider(II)
Outlook Provider
OL2007로 부터 AutoDiscover 서비스를 거쳐서 온 XML 요청에 대해서 응답
OL2007이 접속을 할 수 있도록 하는 데 사용될 정보를Return해 준다.
Login Name
URL for services each needed by RPC over http
Out of Office
OAB
Availability
UMS
인증방법
포트
Setting Outlook Needs
Outlook Provider는 RPC, Outlook Anywhere 그리고Web에 따라서 다른 설정을 하게 된다.
EXCH : Exchange RPC Protocol on Intranet
EXPR : Outlook Anywhere 에 사용된 External URL
WEB : OWA에서 사용될 URL
EXCH 와 EXPR는 outlook 관련.
Service Discovery
XSO API
Provider 가 Active Directory 로 부터 저장된 URL 설정을가지고 오기 위해 이용.
CAS가 여러 개 존재하는 복잡한 환경에서 가장 최적의경우를 결정할 때 사용.
Proecess Flow of Request to Autodiscover
IIS
Authenticates
User
Config provider
processes request
and returns config
settings
Inform client we
can’t process
request
Return config
settings to client
No
Yes
Parse/Validate
Request
Client constructs service URL and
submits Autodiscover Request.
Entering domain/username &
password if prompted
NOTE: An Outlook 2007 Client
will first attempt to locate the
Service Connection Point object
in AD so DNS is not needed.
Yes
Redirect client to
Autodiscover service
in the appropriate
forest
No
Is there a
provider that can
service the
Request?
Is the Autodiscover
service in the
appropriate forest?
Requested Parsed and Validate
XML Format
POST /AutoDiscover/AutoDiscover.xml HTTP/1.1
<?xml version="1.0" encoding="utf-8"?>
<Autodiscover
xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestsch
ema/2006">
<Request>
<EMailAddress>[email protected]</EMailAddress>
<AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodis
cover/outlook/responseschema/2006</AcceptableResponseSchema>
</Request>
</Autodiscover>
Locating the correct Service Provider
Service parses request to know which provider is needed.
Retrieving AutoDiscover XML
AutoDiscover uses Service Discovery to compile configuration information
Autodiscover Service 확인
Username이 전해지기 안 했기에 Invalid request 에러가 발생한 것임. 무시해도 됨.
Finding the Autodiscover Service
Outlook 2007은 다음 두가지 방법을 사용하여Autodiscover
서비스를 찾는다. 우선 AD 의 SCP먼저 찾고, 없으면DNS를 참조한다.
Service Connection Point- Service Connection Pointer (SCP) in Active Directory
- CAS가 여러대면 SCP도 여러 개 존재. 아웃룩이 존재하는 사이트내의 SCP가 우선.
DNS(도메인에 join 안하거나, SCP 없을떄)https://fourthcoffee.com/autodiscover/autodiscover.xmlhttps://autodiscover.fourthcoffee.com/autodiscover/autodiscover.xml
If https fails:
http://fourthcoffee.com/autodiscover/autodiscover.xmlhttp://autodiscover.fourthcoffee.com/autodiscover/autodiscover.xml
Service connection point object
Single Forest
CAS CAS
AD
MBX
SCP생성Self-signed Certi 설정
1
Outlook 2007
AD로부터 SCP Retrieve
2
URL데이타가Safe하다고memory상에flagging설정
3
Auto Discover URL에접속 하여 셋팅정보받아옴
4
MBX,Availability,OOF,OAB에 접속함.
5
Multiple Trusted Forests
SCP생성Self-signed Certi 설정
1
Export-AutoDiscoverConfig
2
Import LDIF into Client Forest
3
Exchange Forest에 대한 LDAP URL
4
AD로부터 SCP Retrieve
5URL데이타가 Safe하다고memory상에 flagging설정
6
Auto Discover URL에 접속하여 셋팅정보 받아옴
7
MBX,Availability,OOF,OAB에 접속함.
8
AD CAS
AD
MBX Server
Client Forest Exchange Forest
2,3은 메뉴얼작업을 할것
Outlook Anywhere
Exchange Organization
CAS & RPC Server
AD인터넷
1.SCP 오브젝트 생성2.Self-Signed Certificate인스톨3.Enable Outlook Anywhere4.인터넷상에서 AutoDiscover가 접근가능한지 점검 및 DNS 셋팅
5. 도메인로그인 안했기 떄문에 SCP 얻지못함아웃룩 프롬프트 뜸.(Email 주소/패스워드)6. 알려진 URL를 가지고 AutoDiscover를 찾음7.아웃룩은 Autodiscover URL에 연결 후 설정값을 가지고 옴.8. HTTP를 통해서 아웃룩은 MBX에 접속
Exchange Management Shell(I)
New-OutlookProvider:셋업 중 생성됨
Remove-OutlookProvider
Get-OutlookProvider | fl
Get-OutlookProvider –Identity:EXCH|fl
Set-OutlookProvider
Set-OutlookProvider-Identity:EXCH –SSL:$False 넷몬을위해서 SSL을 turnoff
Exchange Management Shell(II)
Get-WebServicesVirtualDirectory
Get-OABVirtualDirectory
Get-OutlookAnywhere
Enable-OutlookAnywhere
Disable-OutlookAnywhere
Get-ClientAccessServer
Set-ClientAccessServer
Exchange Management Shell(I)
New-OutlookProvider:셋업 중 생성됨
Remove-OutlookProvider
Get-OutlookProvider | fl
Get-OutlookProvider –Identity:EXCH|fl
Set-OutlookProvider
Set-OutlookProvider-Identity:EXCH –SSL:$False 넷몬을위해서 SSL을 turnoff
Exchange Management Shell(II)
Get-WebServicesVirtualDirectory
Get-OABVirtualDirectory
Get-OutlookAnywhere
Enable-OutlookAnywhere
Disable-OutlookAnywhere
Get-ClientAccessServer
Set-ClientAccessServer
T-shoot(III)
OUTLOOK and Logging (Olkdisc.txt)
C:\documents and settings\user name\local settings\temp
T-shoot(IV)
EXTRA
MSExchangeAutoDiscover
Framework
OutlookProvider
Trace Type
PFD,Fatal,Error,Warning,Info,Debug
Event logging
Set-Eventloglevel “msexchange autodiscover\core” –level:expert
Set-eventloglever “msexchange autodiscover\provider” –level:expert
Set-eventloglever “msexchange autodiscover\web” –level:expert
NEMON
Reference
http://msexchangeteam.com/archive/2007/04/30/438249.aspx
http://msexchangeteam.com/archive/2007/07/02/445698.aspx
http://msexchangeteam.com/archive/2006/10/23/429296.aspx
http://technet.microsoft.com/en-us/library/bb332063.aspx
© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.