Microsoft Exchange: Autodiscover problems on mobile devices

Many mobile devices, have problems with Exchange Autodiscover, if the following is true:

  • You have a webserver on the root domain (many companies usually do!)
  • The root webserver respons on HTTPS, but with wrong certificate and also have no Autodiscover setting.

This is due to the way autodiscover works (In steps):

  1. Connect to:
  2. Connect to:
  3. Autodiscover redirect URL for redirection:
  4. Search for DNS SRV record

When you have many domains on an Exchange server, you cannot have a autodiscover DNS A or CNAME record for them all, as you can only have one certificate on the Exchange server.

Therefore you can ex. use SRV records:

In your DNS zone editor add a SRV record with the following information:

  • Service _autodiscover

  • Protocol _tcp

  • Name   Enter one of the following values:

    • Enter @ if your registered domain is your cloud-based domain. For example, if your registered domain is and your cloud-based domain is, enter @.

    • Enter the subdomain name if your cloud-based domain is a subdomain of your registered domain. For example, if your registered domain is, but your cloud-based domain is the subdomain, enter test.

  • Priority 10  (or as per your design)

  • Weight 10  (or as per your design)

  • Port 443

  • Target   

  • TTL   Verify that an appropriate TTL is selected, 1 hour is a common default.  (If you are approaching a migration, this should be decremented to allow for quicker cutover)

Test with NSLOOKUP (Allow for propagation):

> set type=srv

Non-authoritative answer: SRV service location:
priority = 10
weight = 10
port = 443
svr hostname =

So now the SRV record is ready.

BUT, the problem with the mobiledevice is not solved, as if the mobile device fails step 1, due to a https response and wrong certificate, the device will prompt you for additional infos (Outlook clients will not do this, as the just keep moving through the steps). So for the purpose of Autodiscover, it will fail!

To fix:

We need to make sure, that if the root domain does respond on https AND has a valid certificate!, that it can redirect to the real autodiscover, in other words, we need to make step 1 work!

For Linux web servers, you can use .htaccess file:

RedirectMatch 302 (?i)^/Autodiscover/(.*)$$1

For Windows IIS:

Make a seperate directory called autodiscover and redirect all traffic to


When the above has been setup the root domain lookup for autodiscover on https will not fail, and the device will beredirected to the Exchange server 🙂

Homer MMM - MMMMMMMMMMM Autodiscover


  1. Charlie Smith

    Hey Martin, thanks for the article, this has been quite helpful in explaining why mobile autodiscover stopped working when we started using SRV record for autodiscover! Would you mind elaborating on how to redirect using IIS? Thanks!

    1. Martin (Post author)

      Hi Charlie,
      Thanks 🙂
      Try with this link:
      regards Martin


Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.