SBS SRV Record for Autodiscover


The details on how to set this record up are all in KB940881, but I’ll briefly summarize it here:

1. Get rid of any CNAME or A records for “autodiscover”, and any wildcard “*” records in the public DNS zone. This is a critical step, so don’t just drift past it.
2. Build the SRV record to look like this:

Service: _autodiscover
Protocol: _tcp
Port Number: 443

Why do you need to do this for Autodiscover to work? Well when you feed an Outlook client an email address, it tries to autoconfigure itself, and it does this by trying to contact a series of hosts as follows:


Because your certificate is tied to a single name:, any https connection to the autodiscover URL will fail. If you want to create an A or CNAME record for ‘autodiscover’ that points to your server’s public IP and allow port 80 to your server, autodiscover will work, but you would then have allowed port 80 traffic to your server.

An alternate option, still using SSL, is what this article is about. This method takes advantage of a feature that was added in Outlook 2007 SP1 that allows it to look for an SRV record and use the SRV record to find the “real” autodiscover host. In this case, the SRV record is pointing to, which is the name covered by the cert, so a secure connection to that server to get Autodiscover information will succeed.


Please sign in to leave a comment.
Powered by Zendesk