2.3 Using Autodiscovery to Simplify Mobile Device Setup

By default, mobile users must know the IP address or DNS host name of their Mobility server to add their email account in their device’s email app.

Mobility supports ActiveSync’s Autodiscovery service. This lets you configure DNS so that users only need to enter their email address and password to add their account.

Use the information in the following sections to understand Autodiscovery for Mobility and how to implement it on your network.

2.3.1 How Autodiscovery Works with GroupWise Mobility Service

When mobile users add their GroupWise email accounts in a device’s mail application, the application tries to configure the accounts automatically by default.

Figure 2-1 illustrates the process, which is further explained in Table 2-2.

Figure 2-1 GMS Autodiscovery Visual Overview

Table 2-2 Connecting to GMS Through Autodiscovery

Letter	Description
	A user in the example.com organization begins adding their GroupWise account to their mail app on their mobile device. iPhone example, The user taps Settings > Mail > Accounts > Add Account > Microsoft Exchange. After entering their Email address, they tap Next. The device prompts for the Email Password.
	The device checks DNS for a canonical name (CNAME) associated with the alias, autodiscover. In this case, the CNAME is gms1.example.com.
	The device then checks DNS for an _autodiscover service (SRV) entry that specifies an associated email service. The associated service is running on gms1.example.com.
	The device then contacts the specified email service on gms1.example.com for the user-specified email account (user@example.com). If the account is located, Mobility skips to letter , below. If not the process continues with letter
	If the user account is not found on gms1.example.com, the Mobility service queries DNS for entries that specify where additional _ngms (GMS) services (SRV) are located. In this case, gms1.example.com, gms2.example.com, and gms3.example.com are each specified as potential candidates where the user account might be located. IMPORTANT:If additional Mobility services are not configured in DNS, the attempt at autodiscovery and configuration fails, and the user is prompted to configure the account manually.
	The first Mobility server then queries each specified server in turn until the user account is located. IMPORTANT:If the user account is not located, the attempt at autodiscovery and configuration fails, and the user is prompted to configure the account manually.
	When the user account is located, Mobility sends the required configuration settings back to the device, which then adds the account and signs in to the Mobility service that has the user account.

2.3.2 Setting Up SSL for the Autodiscover Service

IMPORTANT:Autodiscovery requires SSL.

Your Mobility deployment must meet each of the conditions below.

SSL Certificate: Each Mobility server must have a current, valid, and trusted SSL certificate installed.
Accessible Certificate Chain: Mobile devices must be able to follow the certificate chain from the certificate on the Mobility server to the root CA certificate.
One Wildcard Cert That Covers All Mobility Servers: This must be an SSL certificate with Subject Alternative Names (SANs) so that you can specify a list of host names that are protected by it.

For information about configuring Mobility with a certificate, see Securing Communication between the Device Sync Agent and Mobile Devices.

When these conditions are met, continue with Setting Up the Autodiscover Service.

2.3.3 Setting Up the Autodiscover Service

To set up the Autodiscover Service, you must configure DNS as follows:

IMPORTANT:We recommend that you use the DNS configuration tools provided with your DNS service to complete the following steps.

Only required fields are included in the instructions. Of course, you can adjust additional parameters to meet your network’s DNS requirements. Additional information about DNS CNAME and SRV records is available on the Web.

As illustrated and described in How Autodiscovery Works with GroupWise Mobility Service above, ActiveSync’s Autodiscover mechanism begins by finding the Mobility server (the CNAME) associated with the alias name autodiscover.

Using your DNS management interface, create an Alias (CNAME) Resource Record in your DNS service by using the information in the following table.

Variable	Value	Example	Description
alias	autodiscover.your.domain	autodiscover.example.com	Set the alias to autodiscover.
canonical name	your_gms_server.your.email.domain Or alternatively your_external_nat/port_forward.your.email.domain	gms.example.com Or alternatively nat.example.com	One of your Mobility server’s host name. Alternatively, if your Mobility servers are fronted by a NAT or port forward, specify the host name of the NAT or port forward.

Variable

Value

Example

Description

alias

autodiscover.your.domain

autodiscover.example.com

Set the alias to autodiscover.

canonical name

your_gms_server.your.email.domain

Or alternatively

your_external_nat/port_forward.your.email.domain

gms.example.com

Or alternatively

nat.example.com

One of your Mobility server’s host name.

Alternatively, if your Mobility servers are fronted by a NAT or port forward, specify the host name of the NAT or port forward.

At a terminal prompt, check that the autodiscover alias is configured correctly by entering the following command:

dig autodiscover.your.email.domain CNAME +short

Your Mobility server canonical name is returned:

your_gms_server.your.email.domain

Continue with Step 3

Next, you must create an _autodiscover service (SRV) record for the email domain.

Using your DNS management interface, create an SRV Resource Record by using the information in the following table.

Variable	Value	Example	Description
service	_autodiscover	n/a	Set the service to _autodiscover.
protocol	_tcp	n/a	Set the protocol to _tcp.
port	443	n/a	Set the port to 443.
target	your_gms_server.your.email.domain Or alternatively your_external_nat/port_forward.your.email.domain	gms.example.com Or alternatively nat.example.com	The Mobility server that you specified as the CNAME for autodiscover in Step 1. Alternatively, if your Mobility servers are fronted by a NAT or port forward, specify the host name of the NAT or port forward.

At a terminal prompt, check that the _autodiscover service is configured correctly by entering the following command:

dig _autodiscover._tcp.your.email.domain SRV +short

A string similar to the following is returned that includes the port number you specified and your Mobility server’s DNS name:

10 0 443 your_gms_server.your.email.domain

NOTE:If you have only one Mobility server, you have successfully configured DNS for Autodiscovery. GroupWise users can now automatically configure mail accounts on their mobile devices.

(Conditional) If you have more than one Mobility server, you must create an _ngms service (SRV) record for each Mobility server.

As illustrated and described in How Autodiscovery Works with GroupWise Mobility Service above, when the first attempt to find a user account fails, the first Mobility server then queries other Mobility servers in turn, utilizing the _ngms SRV records in DNS, until the user account is found.

Using your DNS management interface, create an SRV Resource Record for each Mobility server (including the server you specified in previous steps), by using the information in the following table.

Variable	Value	Example	Description
service	_ngms	n/a	Set the service to _ngms.
protocol	_tcp	n/a	Set the protocol to _tcp.
port	443	n/a	Set the port to 443.
target	your_gms_server.your.email.domain	gms.example.com	Set the target to your Mobility server.

IMPORTANT:Make sure to create an SRV record for each one of your Mobility servers. Only then can Autodiscover find them.

At a terminal prompt, check that every _ngms service (SRV) is configured correctly by entering the following command:

dig _ngms._tcp.your.email.domain SRV +short

Strings similar to the following are returned, one for each Mobility server, and each including the port number you specified and a Mobility server’s DNS name ending with a period.

0 0 443 first_gms_server.your.email.domain.

0 0 443 second_gms_server.your.email.domain.

0 0 443 third_gms_server.your.email.domain.

etc.

NOTE:If the test succeeds, you have successfully configured DNS for Autodiscovery on multiple Mobility servers.

GroupWise users can now automatically configure mail accounts on their mobile devices.