Wednesday, August 8, 2012

Prevent Autodiscovery from Using a Pre-production CAS

When you install a Client Access server (CAS) into an existing Exchange environment, an SCP object is created in Active Directory for autodiscover. That object is immediately available in Active Directory and can be located by Outlook clients. If the CAS is not ready, and you've not configured certificates on the CAS yet, then users may start getting the errors about untrusted certificates.

To prevent clients from using the new CAS before it is configured (effectively disabling autodiscover), you can modify the SCP object by using the following cmdlet:

Set-ClientAccessServer ServerName -AutoDiscoverServiceInternalUri $NULL

Later, when the CAS is ready for production, you need to put the correct URI back into the object with the following cmdlet:

Set-ClientAccessServer ServerName -AutoDiscoverServiceInternalUri https://ServerFQDN/Autodiscover/Autodiscover.xml

No comments:

Post a Comment