2.3 Using Autodiscovery to Simplify Mobile Device Setup

By default, mobile users must know the IP address or DNS host name of their GMS server to add their email account in their device’s email app.

GMS supports ActiveSync’s Autodiscovery service. This lets you configure DNS so that users only need to enter their email address and password to add their account.

Use the information in the following sections to understand Autodiscovery for GMS and how to implement it on your network.

2.3.1 How Autodiscovery Works with GMS

When mobile users add their GroupWise email accounts in a device’s mail application, the application tries to configure the accounts automatically by default.

Figure 2-1 illustrates the process, which is further explained in Table 2-2.

Figure 2-1 GMS Autodiscovery Visual Overview

Table 2-2 Connecting to GMS Through Autodiscovery

Letter	Description
	A user in the example.com organization begins adding their GroupWise account to their mail app on their mobile device. iPhone example, The user taps Settings > Mail > Accounts > Add Account > Microsoft Exchange. After entering their Email address, they tap Next. The device prompts for the Email Password.
	The device checks DNS for a canonical name (CNAME) associated with the alias, autodiscover. In this case, the CNAME is gms1.example.com.
	The device then checks DNS for an _autodiscover service (SRV) entry that specifies an associated email service. The associated service is running on gms1.example.com.
	The device then contacts the specified email service on gms1.example.com for the user-specified email account (user@example.com). If the account is located, GMS skips to letter , below. If not the process continues with letter
	If the user account is not found on gms1.example.com, the GMS service queries DNS for entries that specify where additional _ngms (GMS) services (SRV) are located. In this case, gms1.example.com, gms2.example.com, and gms3.example.com are each specified as potential candidates where the user account might be located. IMPORTANT:If additional GMS services are not configured in DNS, the attempt at autodiscovery and configuration fails, and the user is prompted to configure the account manually.
	The first GMS server then queries each specified server in turn until the user account is located. IMPORTANT:If the user account is not located, the attempt at autodiscovery and configuration fails, and the user is prompted to configure the account manually.
	When the user account is located, GMS sends the required configuration settings back to the device, which then adds the account and signs in to the GMS service that has the user account.

2.3.2 Setting Up SSL for the Autodiscover Service

IMPORTANT:Autodiscovery requires SSL.

Your GMS deployment must meet each of the conditions below.

SSL Certificate: Each GMS server must have a current, valid, and trusted SSL certificate installed.
Accessible Certificate Chain: Mobile devices must be able to follow the certificate chain from the certificate on the GMS server to the root CA certificate.
One Wildcard Cert That Covers All GMS Servers: This must be an SSL certificate with Subject Alternative Names (SANs) so that you can specify a list of host names that are protected by it.

For information about configuring GMS with a certificate, see Securing Communication between the Device Sync Agent and Mobile Devices.

When these conditions are met, continue with Setting Up the Autodiscover Service.

2.3.3 Setting Up the Autodiscover Service

To set up the Autodiscover Service, you must configure DNS as follows:

IMPORTANT:We recommend that you use the DNS configuration tools provided with your DNS service to complete the following steps.

Only required fields are included in the instructions. Of course, you can adjust additional parameters to meet your network’s DNS requirements. Additional information about DNS CNAME and SRV records is available on the Web.

As illustrated and described in How Autodiscovery Works with GMS above, ActiveSync’s Autodiscover mechanism begins by finding the GMS server (the CNAME) associated with the alias name autodiscover.

Using your DNS management interface, create an Alias (CNAME) Resource Record in your DNS service by using the information in the following table.

Variable	Value	Example	Description
alias	autodiscover.your.domain	autodiscover.example.com	Set the alias to autodiscover.
canonical name	your_gms_server.your.email.domain Or alternatively your_external_nat/port_forward.your.email.domain	gms.example.com Or alternatively nat.example.com	One of your GMS server’s host name. Alternatively, if your GMS servers are fronted by a NAT or port forward, specify the host name of the NAT or port forward.

Variable

Value

Example

Description

alias

autodiscover.your.domain

autodiscover.example.com

Set the alias to autodiscover.

canonical name

your_gms_server.your.email.domain

Or alternatively

your_external_nat/port_forward.your.email.domain

gms.example.com

Or alternatively

nat.example.com

One of your GMS server’s host name.

Alternatively, if your GMS servers are fronted by a NAT or port forward, specify the host name of the NAT or port forward.

At a terminal prompt, check that the autodiscover alias is configured correctly by entering the following command:

dig autodiscover.your.email.domain CNAME +short

Your GMS server canonical name is returned:

your_gms_server.your.email.domain

Continue with Step 3

Next, you must create an _autodiscover service (SRV) record for the email domain.

Using your DNS management interface, create an SRV Resource Record by using the information in the following table.

Variable	Value	Example	Description
service	_autodiscover	n/a	Set the service to _autodiscover.
protocol	_tcp	n/a	Set the protocol to _tcp.
port	443	n/a	Set the port to 443.
target	your_gms_server.your.email.domain Or alternatively your_external_nat/port_forward.your.email.domain	gms.example.com Or alternatively nat.example.com	The GMS server that you specified as the CNAME for autodiscover in Step 1. Alternatively, if your GMS servers are fronted by a NAT or port forward, specify the host name of the NAT or port forward.

At a terminal prompt, check that the _autodiscover service is configured correctly by entering the following command:

dig _autodiscover._tcp.your.email.domain SRV +short

A string similar to the following is returned that includes the port number you specified and your GMS server’s DNS name:

10 0 443 your_gms_server.your.email.domain

NOTE:If you have only one GMS server, you have successfully configured DNS for Autodiscovery. GroupWise users can now automatically configure mail accounts on their mobile devices.

(Conditional) If you have more than one GMS server, you must create an _ngms service (SRV) record for each GMS server.

As illustrated and described in How Autodiscovery Works with GMS above, when the first attempt to find a user account fails, the first GMS server then queries other GMS servers in turn, utilizing the _ngms SRV records in DNS, until the user account is found.

Using your DNS management interface, create an SRV Resource Record for each GMS server (including the server you specified in previous steps), by using the information in the following table.

Variable	Value	Example	Description
service	_ngms	n/a	Set the service to _ngms.
protocol	_tcp	n/a	Set the protocol to _tcp.
port	443	n/a	Set the port to 443.
target	your_gms_server.your.email.domain	gms.example.com	Set the target to your GMS server.

IMPORTANT:Make sure to create an SRV record for each one of your GMS servers. Only then can Autodiscover find them.

At a terminal prompt, check that every _ngms service (SRV) is configured correctly by entering the following command:

dig _ngms._tcp.your.email.domain SRV +short

Strings similar to the following are returned, one for each GMS server, and each including the port number you specified and a GMS server’s DNS name ending with a period.

0 0 443 first_gms_server.your.email.domain.

0 0 443 second_gms_server.your.email.domain.

0 0 443 third_gms_server.your.email.domain.

etc.

NOTE:If the test succeeds, you have successfully configured DNS for Autodiscovery on multiple GMS servers.

GroupWise users can now automatically configure mail accounts on their mobile devices.