2.2 Simplifying Device Setup for Users with the AutoDiscover Service

By default, mobile device users need to know the IP address or DNS hostname of the Mobility server in order to configure their email accounts on their devices. The AutoDiscover Service enables you to configure DNS so that supported mobile devices are automatically redirected to the Mobility server based on users’ email addresses.

2.2.1 Configuring the AutoDiscover Service in a Single-Server Mobility System

When a mobile device presents an email address and tries to access your Mobility system, the AutoDiscover Service uses a DNS CNAME record and SRV record in order to determine the IP address of the Mobility server, so that the device can log in.

Your Mobility server already has a DNS A record that maps a hostname to an IP address, similar to the following example:

mobility.example.com IN A 172.16.5.18

To set up the AutoDiscover Service, you must add the CNAME and SRV records:

  • CNAME record: A canonical name record that provides an alias from one hostname to another

  • SRV record: A service locator record that defines the hostname of a specific service

The following examples show the format for each type of DNS record:

  • CNAME record:
  • SRV record:
  • autodiscover.example.com CNAME mobility.example.com
  • _autodiscover._tcp.example.com. IN SRV 0 0 443 mobility.example.com

The user interface that you use to create the DNS SRV record might look similar to the following example:

  • Service Name:
  • Domain Name:
  • Target Host:
  • Target Port:
  • Priority and Weight:
  • _autodiscover.*
  • example.com
  • mobility.example.com
  • 443
  • 0 0

Skip to Section 2.2.3, Setting Up SSL for the AutoDiscover Service.

2.2.2 Configuring the AutoDiscover Service in a Multiple-Server Mobility System

In a multiple-server Mobility system, the AutoDiscover Service uses a DNS CNAME record and multiple DNS SRV records to direct users’ devices to the correct Mobility server for each user so that devices can log in.

Your Mobility servers already have DNS A records that map hostnames to IP addresses, similar to the following examples:

mobility1.example.com IN A 172.16.5.18
mobility2.example.com IN A 172.16.5.19
mobility3.example.com IN A 172.16.5.20

To set up the AutoDiscover Service, you must add the CNAME record and SRV records:

  • CNAME record: A canonical name record that provides an alias from one hostname to another

  • SRV record: A service locator record that defines the hostname of a specific service

The following example shows the format for the SRV records that correspond to the A records:

  • CNAME record:
  • SRV record:
  • SRV record:
  • SRV record:
  • SRV record:
  • autodiscover.example.com CNAME mobility1.example.com
  • _autodiscover._tcp.example.com. IN SRV 0 0 443 mobility1.example.com
  • _ngms._tcp.example.com. IN SRV 0 0 443 mobility1.example.com
  • _ngms._tcp.example.com. IN SRV 0 0 443 mobility2.example.com
  • _ngms._tcp.example.com. IN SRV 0 0 443 mobility3.example.com

The user interface that you use to create the SRV records might look similar to the following example:

  • Service Name:
  • Domain Name:
  • Domain Name:
  • Domain Name:
  • Target Host:
  • Target Host:
  • Target Host:
  • Target Port:
  • Priority and Weight:
  • _autodiscover.* and _ngms*
  • example.com
  • example.com
  • example.com
  • mobility1.example.com
  • mobility2.example.com
  • mobility3.example.com
  • 443
  • 0 0

Continue with Setting Up SSL for the AutoDiscover Service.

2.2.3 Setting Up SSL for the AutoDiscover Service

The functionality of the AutoDiscover Service requires SSL. The following three conditions must be met:

  • A valid and trusted SSL certificate must be available on the Mobility server and must be current (not expired).

  • Mobile devices must be able to follow the certificate chain from the certificate on the Mobility server to the root CA certificate.

  • The name of the SSL certificate must match the URL that mobile devices are trying to communicate with.

    This means that the certificate must be valid for all names of the Mobility server, such as mobility.example.com and autodiscover.example.com. A wildcard certificate meets this need.

    Another option is to use an SSL certificate with Subject Alternative Names (SANs), which enables you to specify a list of hostnames that are protected by a single SSL certificate.