Configure the Calendar Connector to Trust Autodiscover Redirect URLs
You can customize the manner in which the Calendar Connector can query for Microsoft Exchange servers by using the Autodiscover redirect URL trust list.
When you first set up the Expressway-based Calendar Connector for Microsoft Exchange 2013 or later or Office 365, the Calendar Connector will use the Autodiscover service to locate the mailbox of a user in your domain. This will allow you to successfully set up the Calendar Connector. After this preliminary configuration is complete, the Calendar Connector will proceed to make periodic use of Autodiscover in order to locate user mailboxes based on their email addresses.
In order to find a mailbox, the Calendar Connector will go through a series of processes, the first of which may be a lookup for a Service Connection Point (SCP) record in Active Directory, although this will depend on the configuration that you have chosen. In the event that it does not work, it will attempt to perform an authenticated lookup using HTTPS. If that doesn’t work either, it will try sending an unauthenticated GET request to one or more non-SSL URLs or it will attempt a DNS query for the domain, both of which are described in steps 4 and 5 of the Microsoft Exchange documentation titled “Implementing an Autodiscover Client.” During each of these two processes, the Calendar Connector might obtain a response that includes one or more redirect URLs. Due to the fact that certain redirect URLs originated from an unauthenticated source, an additional validation step is required for them. In order to carry out this validation, the Calendar Connector will automatically add the redirect URLs in question to the trust list in the pending state. This will enable you to inspect the redirect URLs and decide whether or not to permit or prohibit them.
Unless you specifically enable it, the Calendar Connector will not use a pending URL to discover user mailboxes. This can be changed in the settings. (In all practical respects, the pending state is equivalent to the blocked state.)
Any redirect URLs that are received by the Calendar Connector from a reliable source are added to the list in a permitted state while the Autodiscover process is being carried out.
You also have the option of manually including URLs in the Autodiscover redirect trust list. You might wish to do this as a backup plan in the event that a SCP lookup or one of the other techniques fails due to unforeseen complications.
Before you begin
In order to use the Autodiscover redirect URL capability, your Calendar Connector needs to be running release 8.10-1.0.5279 or a later version.
1. To configure the autodiscover redirect URL, navigate to Applications > Hybrid Services > Calendar Service > Autodiscover Redirect URL Configuration on the host for the Expressway-C connector.
URLs that have been added to the trust list in the past by either you or the Calendar Connector are displayed in this list.
2. To add a new entry to the list, provide a value for the Redirect URL field. The structure for this field should look something like this: https://domain>. After that, select the Add to Allowed option.
You have the option to either keep editing the trust list once you see the notice “Success: Redirection URLs successfully updated” or navigate away from the list.
3. To modify the level of trust associated with a URL, check the box located in the row that contains the URL, and then select the appropriate choice from the drop-down menu that appears.
- Move to Allowed.
- Move to Blocked.
- Move to Pending