윤중서 / 차장

CSS

한국마이크로소프트

CAS 의 주요 기능

What is Autodiscover

자동으로 클라이언트를 설정하여 Exchange 2007 Mailbox 에 최초 접속을 하게 되며,

메일박스가 Move하더라도, 사용자에게 알릴 필요 없이자동적으로 업데이트 됨.

Why do we need Autodiscover ?

반드시 필요한 건 아니지만, 여러분의 삶을 쉽게 해줌.

많은 데스크탑을 적절히 셋팅하는 것은 큰 burden

모든 아웃룩 유저대상 교육 burden

아웃룩 2007 클라이언트만이 Autodiscover를 사용할 수있음.

What does it do For Me?

AutoDiscover 는 아웃룩 2007 에 다음 정보를 제공

Display Name

Server

Alias

Availability Server URL

OOF URL

OAB URL or Location

Unified Messaging URL

Auth Package

Flow

AutoDiscoverService

Outlook providerActive Sync provider

ServicesDiscovery Active

Directory

XML Request

XML Response

Exchange 2007 Client Access Server

AD Lookup

OutlookClient

AutoDiscover Service(I)

CAS role 추가 시 자동적으로 인스톨.

가상디렉토리가 기본 웹사이트 내에 생성 통합인증

SSL방식 enabled

MSexchangeAutodiscoverAppPool

Aspnet_isapi.dll

AutoDiscover과 Provider가 사용하는 파일/폴더 \Microsoft\Exchange Server\ClientAccess\Autodiscover

Autidiscover.xml/default.aspx/Global.asax/web.config

\Microsoft\Exchange Server\ClientAccess\Autodiscover\bin

Microsoft.Exchange.Autodiscover.Common.dll

Microsoft.Exchange.Autodiscover.Core.dll

Microsoft.Exchange.Autodiscover.Providers.MobileSync.dll

Microsoft.Exchange.Autodiscover.Providers.Outlook.dll

Microsoft.Exchange.Autodiscover.Web.dll

Autodisocver Service(II)

SCP(Service-Connection-Point) 오브젝트가 AD에 생성됨

SCP? AutoDiscover 서비스에 대한 URL정보 포함

<CASNetiosname>.domain.com/AutoDiscover/AutoDiscover.xml

Intranet Client를 위해 존재

이것이 있기 때문에 DNS를 통해 AutoDiscover 서비스를 찾을필요가 없음.

현재까지 Outlook 2007 만이 SCP를 Retrieval할 수 있는 유일한클라이언트임

CAS가 추가 될때 마다 생성. 복수개의 SCP가 존재할 수 있다.

Self signed certificate가 기본 웹사이트에 인스톨 MS에서는 completely trusted certificate를 권장함.

Autodisocver Service(III)

SCP Domain logon

OL2007는 SCP부터 찾음.

SCP에는 AutoDiscover svc에 대한 URL포함하고 있음.

여러 개 존재 시, Outlook은 가장 가까운 것을 선택한다.

DNS Not domain logon or SCP 없을때.

DNS를 통해서 AutoDiscover SVC를 찾음

SMTP suffix 이용 : jungseo@ads.com

https://ads.com/autodiscover/autodiscover.xml

https://autodiscover.ads.com/autodiscover/autodiscover.xml

http://ads.com/autodiscover/autodiscover.xml

http://autodiscover.ads.com/autodiscover/autodiscover.xml

Exchange captures Outlook request, and builds specific

connection settings for Outlook

AD

XML Config

AutoDiscoverService

HTTPS Request

Configuration Information

AD Lookup

https://server.name/autodiscover/autodiscover.xml

Outlook 2007 John@contoso.com

2 Outlook queries for SCP’s in AD to locate an Exchange Client Access

Server

4

Configuration settings are

downloaded by Outlook and applied

to profile

5

Client Access Server role

1 Outlook automatically fills out the user’s email address

and password from AD

10

Outlook does an HTTPS query to the autodiscover URL obtained from the

SCP

3

Profile creation

Exchange captures Outlook request, and builds specific

connection settings for Outlook

AD

XML Config

AutoDiscoverService

HTTPS Request

Configuration Information

AD Lookup

autodiscover.contoso.com contoso.com/autodiscover

Outlook 12John@contoso.com

1 Outlook parses email address provided to locate an Exchange

Client Access Server at a pre-defined location

(domain.com/autodisover or

autodiscover.domain.com)

2

Configuration settings are

downloaded by Outlook and applied

to profile

3Client Access server role

11

DNS

Profile creation

Because of failure, Outlook performs

AutoDiscover Request

Exchange captures Outlook request, and builds new

connection settings for Outlook.

For X-Forest move will provide re-

direct to a Client Access server in

new forest.AD

Forest re-direct

Configuration Information

AD Lookup

Old Exchange Mailbox Server

1 2

Outlook downloads and applies

configuration settings for new

forest

3

New Exchange Mailbox Server

Fail

AutoDiscoverService

Outlook Fails to connect to old

server (after a move)

5

Outlook 2007 John@contoso.com

HTTP Request

AD

Configuration Information

AD Lookup

AutoDiscoverService

Outlook repeats the AutoDiscover

process with the new forest

4

Client Access Server

Cross forest moves

Providers(I)

Provider 정보가 포함된 XML 요청이 Autodiscover 서비스에 들어오면, 어떤 Provider 를 사용할 지 결정.

Outlook

Active Sync

xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006"

xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/requestschema/2006"

OUTLOOK

ActiveSync(MobileSync)

Provider(II)

Outlook Provider

OL2007로 부터 AutoDiscover 서비스를 거쳐서 온 XML 요청에 대해서 응답

OL2007이 접속을 할 수 있도록 하는 데 사용될 정보를Return해 준다.

Login Name

URL for services each needed by RPC over http

Out of Office

OAB

Availability

UMS

인증방법

포트

Setting Outlook Needs

Outlook Provider는 RPC, Outlook Anywhere 그리고Web에 따라서 다른 설정을 하게 된다.

EXCH : Exchange RPC Protocol on Intranet

EXPR : Outlook Anywhere 에 사용된 External URL

WEB : OWA에서 사용될 URL

EXCH 와 EXPR는 outlook 관련.

Service Discovery

XSO API

Provider 가 Active Directory 로 부터 저장된 URL 설정을가지고 오기 위해 이용.

CAS가 여러 개 존재하는 복잡한 환경에서 가장 최적의경우를 결정할 때 사용.

Proecess Flow of Request to Autodiscover

IIS

Authenticates

User

Config provider

processes request

and returns config

settings

Inform client we

can’t process

request

Return config

settings to client

No

Yes

Parse/Validate

Request

Client constructs service URL and

submits Autodiscover Request.

Entering domain/username &

password if prompted

NOTE: An Outlook 2007 Client

will first attempt to locate the

Service Connection Point object

in AD so DNS is not needed.

Yes

Redirect client to

Autodiscover service

in the appropriate

forest

No

Is there a

provider that can

service the

Request?

Is the Autodiscover

service in the

appropriate forest?

Requested Parsed and Validate

XML Format

POST /AutoDiscover/AutoDiscover.xml HTTP/1.1

<?xml version="1.0" encoding="utf-8"?>

<Autodiscover

xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestsch

ema/2006">

<Request>

<EMailAddress>User1@fourthcoffee.com</EMailAddress>

<AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodis

cover/outlook/responseschema/2006</AcceptableResponseSchema>

</Request>

</Autodiscover>

Locating the correct Service Provider

Service parses request to know which provider is needed.

Retrieving AutoDiscover XML

AutoDiscover uses Service Discovery to compile configuration information

Autodiscover Service 확인

Username이 전해지기 안 했기에 Invalid request 에러가 발생한 것임. 무시해도 됨.

Finding the Autodiscover Service

Outlook 2007은 다음 두가지 방법을 사용하여Autodiscover

서비스를 찾는다. 우선 AD 의 SCP먼저 찾고, 없으면DNS를 참조한다.

Service Connection Point- Service Connection Pointer (SCP) in Active Directory

- CAS가 여러대면 SCP도 여러 개 존재. 아웃룩이 존재하는 사이트내의 SCP가 우선.

DNS(도메인에 join 안하거나, SCP 없을떄)https://fourthcoffee.com/autodiscover/autodiscover.xmlhttps://autodiscover.fourthcoffee.com/autodiscover/autodiscover.xml

If https fails:

http://fourthcoffee.com/autodiscover/autodiscover.xmlhttp://autodiscover.fourthcoffee.com/autodiscover/autodiscover.xml

Service connection point object

Single Forest

CAS CAS

AD

MBX

SCP생성Self-signed Certi 설정

1

Outlook 2007

AD로부터 SCP Retrieve

2

URL데이타가Safe하다고memory상에flagging설정

3

Auto Discover URL에접속 하여 셋팅정보받아옴

4

MBX,Availability,OOF,OAB에 접속함.

5

Multiple Trusted Forests

SCP생성Self-signed Certi 설정

1

Export-AutoDiscoverConfig

2

Import LDIF into Client Forest

3

Exchange Forest에 대한 LDAP URL

4

AD로부터 SCP Retrieve

5URL데이타가 Safe하다고memory상에 flagging설정

6

Auto Discover URL에 접속하여 셋팅정보 받아옴

7

MBX,Availability,OOF,OAB에 접속함.

8

AD CAS

AD

MBX Server

Client Forest Exchange Forest

2,3은 메뉴얼작업을 할것

Outlook Anywhere

Exchange Organization

CAS & RPC Server

AD인터넷

1.SCP 오브젝트 생성2.Self-Signed Certificate인스톨3.Enable Outlook Anywhere4.인터넷상에서 AutoDiscover가 접근가능한지 점검 및 DNS 셋팅

5. 도메인로그인 안했기 떄문에 SCP 얻지못함아웃룩 프롬프트 뜸.(Email 주소/패스워드)6. 알려진 URL를 가지고 AutoDiscover를 찾음7.아웃룩은 Autodiscover URL에 연결 후 설정값을 가지고 옴.8. HTTP를 통해서 아웃룩은 MBX에 접속

Exchange Management Shell(I)

New-OutlookProvider:셋업 중 생성됨

Remove-OutlookProvider

Get-OutlookProvider | fl

Get-OutlookProvider –Identity:EXCH|fl

Set-OutlookProvider

Set-OutlookProvider-Identity:EXCH –SSL:$False 넷몬을위해서 SSL을 turnoff

Exchange Management Shell(II)

Get-WebServicesVirtualDirectory

Get-OABVirtualDirectory

Get-OutlookAnywhere

Enable-OutlookAnywhere

Disable-OutlookAnywhere

Get-ClientAccessServer

Set-ClientAccessServer

Exchange Management Shell(I)

New-OutlookProvider:셋업 중 생성됨

Remove-OutlookProvider

Get-OutlookProvider | fl

Get-OutlookProvider –Identity:EXCH|fl

Set-OutlookProvider

Set-OutlookProvider-Identity:EXCH –SSL:$False 넷몬을위해서 SSL을 turnoff

Exchange Management Shell(II)

Get-WebServicesVirtualDirectory

Get-OABVirtualDirectory

Get-OutlookAnywhere

Enable-OutlookAnywhere

Disable-OutlookAnywhere

Get-ClientAccessServer

Set-ClientAccessServer

T-shoot(III)

OUTLOOK and Logging (Olkdisc.txt)

C:\documents and settings\user name\local settings\temp

T-shoot(IV)

EXTRA

MSExchangeAutoDiscover

Framework

OutlookProvider

Trace Type

PFD,Fatal,Error,Warning,Info,Debug

Event logging

Set-Eventloglevel “msexchange autodiscover\core” –level:expert

Set-eventloglever “msexchange autodiscover\provider” –level:expert

Set-eventloglever “msexchange autodiscover\web” –level:expert

NEMON

Reference

http://msexchangeteam.com/archive/2007/04/30/438249.aspx

http://msexchangeteam.com/archive/2007/07/02/445698.aspx

http://msexchangeteam.com/archive/2006/10/23/429296.aspx

http://technet.microsoft.com/en-us/library/bb332063.aspx

© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.