Fixing Issues with Autodiscover

Autodiscover will always try the following steps in the presented order.

- Office 365
- Root domain look up (Fancy way of saying it queries the A record)
- Secure URL look up
- Local Autodiscover (SCP object)
- HTTP redirect (The method we use)
- SRV record look up

When autodiscover queries these records, it, unfortunately, must connect before it can determine if a
active autodiscover service exists on the host. Because it connects, it pulls ssl certificate
information. Because of this, its possible that its pulling an incorrect certificate from the A record.

To address this we can either tackle it from the webservers perspective or the clients perspective.
I will detail both below:

Web Server Side:

You will need to contact the hosts that host the server that is listed as the A record for the root
domain of your client. (If their domain is lawyers.com, you will need to look for the A records for
lawyers.com to find the webhost).

Once contacted, you will need to request that they not only disable any form of autodiscover service
they have running, but block connections to the following URLs:

https://yourdomain.com:443/autodiscover/autodiscover.xml
https://autodiscover.yourdomain.com:443/autodiscover/autodiscover.xml

(See https://graphco.com/Autodiscover/Autodiscover.xml for an example. This should produce a 404 error, but it is resolving to a page instead. If it resolves to a page and doesn't give a 404 error, then Autodiscovery is not working.)

These need to be blocked in a way that returns the error 404 to force clients querying these records
for autodiscover to fail over to the next step.

Client Side:

This perspective has more overhead as these changes would need to happen on every client with the
exception of Active Directory joined machines. However, for testing purposes these changes have
proven invaluable. All changes have been derived from the following article:
https://support.microsoft.com/en-us/help/2212902/unexpected-autodiscover-behavior-when-you-have-registry-settings-under-the-autodiscover-key
The below article will only apply to Active Directory enabled machines for group policy updates.
https://support.microsoft.com/en-us/help/2612922/how-to-control-outlook-autodiscover-by-using-group-policy

1. Start Registry Editor: In Windows 10 and Windows 8, press the Windows Key + R to open a Run
dialog box. Type regedit.exe and then press OK. In Windows 7, click Start , type regedit in the
Search programs and files box, and then press Enter.

2. Locate and then select the following registry subkey:
HKEY_CURRENT_USERSoftwareMicrosoftOfficex.0OutlookAutoDiscover
Please note this registry path corresponds to the Outlook version (16.0 = Outlook 2016, 15.0 =
Outlook 2013, 14.0 = Outlook 2010, 12.0 = Outlook 2007).

3.Review the following possible DWORD values that may be located under the Autodiscover subkey.
PreferLocalXML

ExcludeHttpRedirect
ExcludeHttpsAutoDiscoverDomain
ExcludeHttpsRootDomain
ExcludeScpLookup
ExcludeSrvRecord
ExcludeLastKnownGoodURL (only applies to Outlook 2010 version 14.0.7140.5001 and later versions)
ExcludeExplicitO365Endpoint (only applies to Outlook 2016 version 16.0.6741.2017 and later
versions)

If these DWORDS exist, set their value to 1 to enable the registry key. If not, you will first
need to add these DWORDS to the registry and then set their value to 1. Every DWORD that is set to 1
will exclude that specific step from the autodiscover process.

Repeat step 3 by using the following registry subkey:
HKEY_CURRENT_USERSoftwarePoliciesMicrosoftOfficex.0OutlookAutoDiscover

Note x.0 in this registry path corresponds to the Outlook version (16.0 = Outlook 2016, 15.0 =
Outlook 2013, 14.0 = Outlook 2010, 12.0 = Outlook 2007).

Beyond this, you can also edit a machines host file to redirect autodiscover.yourdomain.com to our
autodiscover IP address. To obtain this IP address, simply ping autodiscover.emailsrvr.com. This
will cause all traffic from that client destined for autodiscover.yourdomain.com to immediately be
forwarded to us.

The below article can give you a more detailed walk through regarding this process.
https://support.rackspace.com/how-to/modify-your-hosts-file/

For reference: https://support.microsoft.com/en-us/help/3211279/outlook-2016-implementation-of-autodiscover