Reply to post: Autodiscover order

Story of the creds-leaking Exchange Autodiscover flaw – the one Microsoft wouldn't fix even after 5 years

Anonymous Coward
Anonymous Coward

Autodiscover order

The autodiscover order is boneheaded in that it checks the root domain before checking for autodiscover.domain. This has caused no end of issues where the clients website is on some other hosting. Badly configured cPanel sites are particularly annoying. They return a valid format autodiscover response but with incorrect details. At this point the client just shrugs its shoulders and quits.

The root domain method is completely useless for anybody on O365 and pretty much useless for anyone else.

It is possible to disable the various autodiscover methods in Outlook through GPO or reg hacks, so we normally disable everything except autodiscover.domain.

Microsoft and other client vendors should just drop the root domain check, or at the very least move it down the order so it is checked after every other method has failed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022