OUTLOOK 2K7 & 2K10 FOR PROXY WIN7

1. Outlook 2007/2010 and Windows 7

During the course of migration from XP to a windows 7 environment the rules on how programs operate
has changed. In Windows XP one could load up programs, load a proxy server setting, and go about your
business if not on the web. Not true anymore. In windows 7 if a program needs access to the internet then
all programs are deemed to go through internet options. This can be disastrous when needing to institute a
web proxy.

In each case with Outlook when trying to open via RPC over HTTP users receive a prompt for username and
password. This is annoying and unproductive. If the user chooses cancel a prompt in Outlook will change
to say needing password where the connection should reside.

In order to get around this, organizations with remote users taking advantage of Outlook over RPC are
going to need to make a few modifications to allow for Outlook to function appropriately.

2. The Infamous XML File

Outlook 2010 uses xml files to authenticate to specific items. One of these items is to use a configuration
that will bypass proxy and allow outlook to use the https:// rpc protocol with msstd. This XML file needs to
be placed in the directory:

C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\Name.xml

Name= your organization name. If you are mail.aloha.com then your file will be aloha.xml

Here is an example of the XML file that you need.

<?xml version="1.0" encoding="utf-8" ?>

<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response
xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<Account>
<AccountType>email</AccountType>
<Action>redirectUrl</Action>
<RedirectUrl>https://mail.aloha.com/autodiscover/autodiscover.xml</RedirectUrl>
</Account>
</Response>
</Autodiscover>

Save this and rename it to your organization.

3. Making the appropriate adjustments to Registry
In order for Outlook to take advantage of this XML file a registry needs to be modified which allows outlook
to default over. Open regedit and go to:

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover]

One there two keys need to be created. One is regular string value named aloha.com. Once created put in
the value of the xml location as seen here:

C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\aloha.XML

After creating this registry the next key to create is a regular dword value and name it: PreferLocalXML

Assign the value in decimal to this dword =1

4. Testing Autodiscover with these files in place.

Once you have copied these items to the PC it is time to test Autodiscover and make sure if it working
correctly. On a machine that is operating remotely open Outlook and allow the connection to the Exchange
server to be made.

If no prompts come up and Outlook says connected to Exchange then everything should be okay. It is still
good to go ahead and check Autodiscover to make sure however.

To do this go down to the Outlook Icon in the system tray, hold down the ctrl
key and click the icon. You will see the option to test the Autodiscover. This
will bring up a new window which allows username credentials to be added.

It is important that when testing the “use guessmart” and “secure gessmart
authentication are unchecked. Once these are unchecked choose the test
button to begin the test

If Autodiscover completes successfully a

log file view will show this status. If
autodiscover continues to fail this is a
function of the exchange server not
having the appropriate certificate. At this
point two options are available. One is to
install a single certificate on the exchange
server that is multi-domain capable and
add autodiscover.aloha.com to the cert.
The other option is to set up a secondary
cert on the exchange server.
5. Deploying the registry changes and xml file through GPO.
Now that outlook is working on one machine it is time to create a GPO and get this applied to all machines
affected. The simplest way to do this is through the logon script option in GPO. Please note the following
VBscript which will install the file as well as change the appropriate registry.

' Editing the Registry and File Copy for Websense.vbs

' Objective:
' VBScript to change registry and file copy for Websense:
' Will allow Outlook to function appropriately when out of the office.
' Author James Mosley
' August 17th 2010
' -----------------------------------------------------------------'

'Delcare all administrative overhead

Option Explicit

'Comment this out for testing.

On Error Resume Next

'Declare Variables that will be used for the script.

Dim objShell
Dim strKeyPath, strValue, strValue2
Dim dwValue

'Create an object that is going to the work as a user.

Set objShell = CreateObject("Wscript.Shell")

'This allows for creation of the key at the path provided all together.
strKeyPath = "HKCU\Software\Microsoft\Office\14.0\Outlook\Autodiscover\aloha.com"

'Assign the value that you wish to have within the key
strValue = "C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\aloha.xml"
strValue2 = "C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\aloha.xml"

'Called method to actually write the key that we want. The last value states whay type of key it is going to be. Optional
objShell.RegWrite strKeyPath,strValue,"REG_SZ"
objShell.RegWrite strKeyPath,strValue2,"REG_SZ"

strKeyPath = "HKCU\Software\Microsoft\Office\14.0\Outlook\Autodiscover\PreferLocalXML"
dwValue = 1
objShell.RegWrite strKeyPath,dwValue,"REG_DWORD"

strKeyPath = "HKCU\Software\Microsoft\Office\12.0\Outlook\Autodiscover\aloha.com"
strValue = "C:\Program Files (x86)\Microsoft Office\Office12\OutlookAutoDiscover\aloha.xml"
objShell.RegWrite strKeyPath,strValue,"REG_SZ"

strKeyPath = "HKCU\Software\Microsoft\Office\12.0\Outlook\Autodiscover\PreferLocalXML"
strValue = "PreferLocalXML"
dwValue = 1
objShell.RegWrite strKeyPath,dwValue,"REG_DWORD"

'======================================================================'

'Declare the variables that are going to copy our files to allow for Outlook to bypass Autodiscover
Dim FSO

'Create the object that is going to be a worker process

Set FSO = CreateObject("Scripting.FileSystemObject")

'Copy all of the files from a unique location to the place that we want. Note the use of the "_"
'For line continuation

FSO.CopyFile "\\swhqfsr01\apps\Firefox Modifier\AutodiscoverAloha\aloha.XML", _

"C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\aloha.XML", True

FSO.CopyFile "\\swhqfsr01\apps\Firefox Modifier\AutodiscoverAloha\aloha.XML", _

"C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\aloha.XML", True

FSO.CopyFile "\\swhqfsr01\apps\Firefox Modifier\AutodiscoverAloha\aloha.XML", _

"C:\Program Files (x86)\Microsoft Office\Office12\OutlookAutoDiscover\aloha.XML", True

FSO.CopyFile "\\swhqfsr01\apps\Firefox Modifier\AutodiscoverAloha\aloha.XML", _

"C:\Program Files\Microsoft Office\Office12\OutlookAutoDiscover\aloha.XML", True

wscript.quit

6. Exchange 2007 and the Autodiscover certificate

The information provided here is additional troubleshooting if autodiscover is still failing in the
organization. Please see the link below and follow along. It is of interesting note that this fix is not 100%
accurate for the multiple certificate issue. Included are additional steps which should help in getting a
multiple certificate infrastructure set up.

http://msexchangeteam.com/archive/2007/04/30/438249.aspx

Note that it is important to configure your SCP to point to the appropriate url. The context of configuring
the SCP can be found at:

http://technet.microsoft.com/en-us/library/bb332063%28EXCHG.80%29.aspx#Scenario3
Scroll down in this section and locate the “Step2: Modify the Service Connection Point.” This article also
contains good information regarding the autodiscover service.

Lastly included are the steps taken with Microsoft when resolving autodiscover using two certs.

Correcting SSL Certificate with WebSite (Two separate SSL EXCH Hub)

1. Make sure that you provide additional IP and DNS addressing internal and external.

2. Re-register ASP 2.0 for the new web site from a command prompt (especially if this is a 64bit OS
install):

cscript %SYSTEMDRIVE%\inetpub\adminscripts\ads
util.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 0

%SYSTEMROOT%\Microsoft.NET\Framework64\v2.0.50
727\aspnet_regiis.exe -i

(Note: it will say there may have been errors but that is normal)

iisreset

3. Create a new website named: Autodiscover Web Site

Add your SSL certificate at the root.
Home directory should point to default
Inetputb\wwwroot

4. From the exchange command shell:

Get-AutodiscoverVirtualDirectory
New-AutodiscoverVirtualDirectory -WebSiteName "Autodiscover
Web Site"
If you receive an error then remove the old autodiscover first and then re-add.

Remove-AutodiscoverVirtualDirectory -Identity "swhqex04\Autodiscover (Default Web Site)"

(Say Y to remove. Close IISManager and re-open. The autodiscover should be gone.)

(Re-add the default autodiscover and then add the new autodiscover on the website.)

New-AutodiscoverVirtualDirectory

(Check to make sure they are created. Properties of the autodiscover should be identical to default web
site.)

5. Create a new Exchange SCP pointing to the site. Also done from the exchange command shell.

Set-ClientAccessServer -identity <servername> -AutodiscoverServiceInternalUri

https://autodiscover.contoso.com/autodiscover/autodiscover.xml

6. Test outlook settings. Turn off both guess smart. Look at log and you should see two fails and then a
succeed.

The above is provided as a framework and does not imply that ALL steps are provided. It is assumed that
the administrator understands websites, directories, etc.