Configure the Calendar Connector to Trust Autodiscover Redirect URLs
When you first set up the Expressway-based Calendar Connector for Microsoft Exchange 2013 and later or Office 365, the Calendar Connector uses the Autodiscover service to locate the mailbox of a user in your domain. After this initial setup, the Calendar Connector continues to use Autodiscover periodically to locate user mailboxes by email address.
While attempting to locate a mailbox, the Calendar Connector goes through a series of steps, which may start with a Service Connection Point (SCP) record lookup in Active Directory, depending on your configuration. If that fails, it tries to do an authenticated lookup with HTTPS. If that also fails, it tries sending an unauthenticated GET request to one or more non-SSL URLs or doing a DNS lookup for the domain, as described in steps 4 and 5 of Implementing an Autodiscover Client in Microsoft Exchange. In either of these steps, the Calendar Connector may receive a response containing one or more redirect URLs. Because these redirect URLs came from an unauthenticated source, they require an extra validation step. To do this validation, the Calendar Connector automatically adds these redirect URLs to the trust list in pending state so that you can inspect and allow or block them.
The Calendar Connector will not use a pending URL to locate user mailboxes unless you choose to allow it. (The pending state is essentially the same as the blocked state.)
During the Autodiscover process, any redirect URLs that the Calendar Connector receives from a trusted source are added to the list in allowed state.
You can also manually add to the Autodiscover redirect URL trust list. You may want to do this as a fallback mechanism in case an SCP lookup or other methods fail due to unexpected issues.
Before you begin
Your Calendar Connector must run release 8.10-1.0.5279 or later to have the Autodiscover redirect URL functionality.
1 |
From the Expressway-C connector host, go to .The trust list shows URLs that you or the Calendar Connector have previously added to the list.
|
2 |
To add a new entry to the list, enter a value for Redirect URL, in a format such as https://<domain>. Then click Add to Allowed. When you see a "Success: Redirection URLs successfully updated" message, you can either continue modifying the trust list or navigate away from the list. |
3 |
To change the trust state of a URL, check the check box in the row containing the URL and then click the appropriate option:
When moving a URL from pending to allowed, you may wish to copy the URL into a browser window to view the host certificate. |