Depending on your situation, you may want to take control of how Exchange’s Autodiscover lookup process works. Specifically, there are a lot of scenarios where Autodiscover will break because the lookup process isn’t properly controlled. In this article, I’ll go over registry settings that will let you control which steps are used and which ones are skipped.
ADMX Templates
Before I get into it, if you work in an on-prem AD environment, you may want to control all of the systems in AD to make sure they work right with Autodiscover. This can be done with Group Policy, but requires that you install the Office ADMX templates into your central policy store. The ADMX templates for Exchange 2013 are available here. For the Office 365 licensed version as well as 2016 and 2019, go here. If you don’t know how to deploy ADMX templates, there is a good tutorial available here.The setup for a policy store in the domain is the same for all versions of Windows Server after 2003R2.
Once you have the ADMX templates installed, you can deploy the changes you want by going to User Configuration\Administrative Templates\Microsoft Outlook <version>\Account Settings\Exchange and modifying the policy called “Disable Autodiscover” (Probably the worst name ever for those people who like to have GPO settings that are easy to find). You’ll see the possible settings in this policy below. Just check the lookup steps you want to skip and deploy the GPO.
I’ll go over what each of these settings means in a minute.
Registry Settings
If you just want to control this for a single computer, there are some registry modifications you can make (or you can install the ADMX templates on a single computer). The registry keys to control Autodiscover are located at HKEY_CURRENT_USER\Software\Microsoft\Office\x.0\Outlook\AutoDiscover and HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\x.0\Outlook\AutoDiscover To work with the Autodiscover registry settings, add the key you want from the list below to both registry locations. I’ll go over the settings here and compare with the GPO settings above.
- PreferLocalXML – This one doesn’t show up in the above GPO setting, but can be used if you wish to deploy a local XML file that defines Autodiscover. This is usually more work than it’s worth, so I don’t recommend it.
- ExcludeHttpRedirect – The same as “Exclude the HTTP redirect method” above. This prevents Outlook from allowing an Autodiscover redirect from occurring. This technique allows someone to create a site to accept traffic for Autodiscover and send it to a different site. Exchange Hosting organizations (Other than O365) will use this regularly, and blocking this will prevent access to environments that use this technique.
- ExcludeHttpsAutoDiscoverDomain – This will prevent Autodiscover from checking autodiscover.domain.com for the Autodiscover.xml file. This is where autodiscover takes the email domain, adds Autodiscover. to the front, and looks at that URL. This is the most common Autodiscover technique in use today. Does the same thing as “Exclude the query for the Autodiscover domain” in the GPO.
- ExcludeHttpsRootDomain – Prevents Outlook from looking at the root email domain.com URL for the Autodiscover.xml file. It’s not particularly common for this setting to apply, but the lookup for it occurs before the most common technique. You’ll want to use this if you are hosting a web server that uses domain.com for its URL and accepts request for all child URLs. This step trips up a lot of people, so I recommend disabling this step in most situations because it will speed up Autodiscover and prevent incorrect lookups. This one is equal to the “Exclude the root domain query based on your Primary SMTP address” GPO policy.
- ExcludeScpLookup – The AD SCP is another extremely common tool for pointing to the Autodiscover.xml file. This method applies to lookup attempts for users that are logged in to computers in an Active Directory domain. The SCP is customizable, and can cause issues shortly after deploying new servers (until you set the SCP value to function properly), so you may want to disable this lookup before doing that. “Exclude the SCP object lookup” GPO setting will do the same thing.
- ExcludeSrvRecord – The SRV record technique lets you set a server for Autodiscover in a DNS SRV record. This is useful if you have a certificate with a single server name listed on it that isn’t autodiscover.domain.com. This is actually the last lookup done for Autodiscover, and disabling it is unnecessary in the vast majority of situations (unless you’re trying to disable Autodiscover, which is a bad idea at this point). This is the “Exclude the SRV record query in DNS” GPO setting.
- ExcludeLastKnownGoodURL – Autodiscover records the last URL that received a 200 code (AKA – Good URL event code for HTTPS). If you are stuck with a bad URL in Autodiscover (happens if you’re dealing with the root domain situation listed above), setting this will let things go through normally. Equals the “Exclude last known good URL” setting in the GPO.
- ExcludeExplicitO365Endpoint – Prevents Outlook 2016 and later from checking Office 365 for a matching email address or user account. The function that this disabled can be a real pain in the neck if you have Office 365 with your domain added, but no Exchange mailboxes in the cloud. Disable it with this registry setting or “Exclude initial check to Office 365 Autodiscover URL”.
Important Notes
It is possible to disable Autodiscover entirely by setting all of the above registry settings or GPO options to 1/enabled. This is a bad idea if you use Outlook 2016 or later, since those versions will only create profiles with Autodiscover. So unless you like using IMAP or POP3 to access Exchange, don’t do it.
The GPO setting to “Disable the Autodiscover V2 Service” is something you’ll probably want to ignore unless you feel like breaking Outlook integration with other pieces of the Microsoft Office suite. Autodiscover V2 allows Outlook to read things like Teams calendars without being configured. If you don’t want that, disable this GPO setting, but be aware that you may be missing some useful functionality by doing so.
Other Resources
I’ve written a lot about Autodiscover, so if you want to learn more, visit these posts:
Configure Exchange Autodiscover
Exchange Autodiscover – The Active Directory SCP
Configuring Autodiscover for Internal DNS
QuickPost: What do Exchange Virtual Directories Do?
Configuring Exchange Virtual Directories
Fixing Outlook Certificate Errors
Autodiscover – Microsoft Docs