Home

Complete guide to configure multi-tenant hosting for Exchange 2007 with ISA 2006 (Part 4)

Published date Wed, 2009-04-15 03:02
Category
Author Wan Ziyang, Triston
Printable Version | Email this Article
Your rating: None Average: 5 (3 votes)
Post to del.icio.us | Furl it | Spurl it

In this article, I will be showing how do we make use of ISA 2006 to achieve Autodiscover function for multi-tenant infrastructure.

What will happen if we do not do this?

The outlook 2007 users will get security prompt about the certificate on the ISA server whenever they perform an auto profile configuration and offline address book download.

This is kind of annoying and some users might not happy to see that.

So steps below will show you how to get around that.

Pre-requisition

1. The certificate that installed on ISA must from public trusted CA.

2. an additional dedicated IP address is required. This IP Address must not share with other SSL connection or tied with any other certificate.

Some overview of autodiscover feature.

Let me quote the line below from msexchangeteam.com

"Outlook is hard coded to find the Autodiscover end point by looking up either https://company.com/Autodiscover/Autodiscover.xml or https://Autodiscover.company.com/Autodiscover/Autodiscover.xml (where company.com is the portion of the users SMTP address following the @ sign)"

This simply explained how this feature works. In additional to this information, outlook will also try to look for the end point via non-secure protocol(http).

To understand more about it, press & hold Ctrl and right click on the outlook icon in system tray.

system tray.jpg

Click on "Test E-mail AutoConfiguration.."

test config.jpg

Fill up a valid email address and password, check only "Use AutoDiscover" and click on "Test"

From the result output, you will have a clearer picture on how outlook finds the autodiscovery end point.

Here we use CNAME in DNS to redirect the traffic to our ISA server.

e.g autodiscover.coa.com CN autodiscover.united.com (ISA IP address)

This time I am creating a "Publish Web Site" rule

1.JPG

2.JPG

3.JPG

4.JPG

We will use the non-secure connection

5.JPG

6.JPG

It is optional to fill up the path

7.JPG

8.JPG

We need to create a new listener for autodiscover

9.JPG

10.JPG

11.JPG

12.JPG

Use a separate IP Address

13.JPG

14.JPG

15.JPG

16.JPG

17.JPG

18.JPG

19.JPG

20.JPG

There are additional configuration after create the rule.

under properties of the rule

21.JPG

You need to add the publish DNS name of autodiscover entry for each individual customer

22.JPG

23.JPG

Specify the "Internal Path"

24.JPG

25.JPG

26.JPG

Now you can give a try from outlook client and there should not have any security prompt about the certificate.

Hope you find this article is useful. Cheers.. :)

Discuss/Post to digWin

About Wan Ziyang(Triston)

Wan Ziyang (Triston) is Sr.Consultant with a System Integrator based in Singapore. He is MCSE since year 2005 and MVP in Exchange Server. Triston leads Singapore MessagingTalk User Group activities where folks interested in Microsoft Messaging Technologies gather for learning and networking. He has done several implementation on various versions of Exchange Servers. He is also Redhat Certified Engineer on EL4.

Recent Articles by the author

Featured Links

advertise here

Subscribe to Articles

Receive monthly article updates.
Join our Exchange forum | View forums