Microsoft Online Services (BPOS) on terminal server with Outlook 2007

Microsoft Online Services, soon to be Office365, is a viable option for many companies for delievering access to Exchange, Sharepoint and Communicator to it’s users.

The caveat is that for configuring access to Online Services, Microsoft recommends using their Sign On tool for automatic configuration of Outlook, and for seamless access to all services. This is fine and well for users working from their own personal computer, but many companies have invested heavily in centrally managed terminalservers for giving users access to common application and tools. The Microsoft Sign On tool does not play well in this sort of environment. In fact, on Citrix servers, the application hangs and causes screen flickering because it lacks write access to c:\windows\system32 on a terminal servers for most common users. All though there is a hotfix available for this specific problem, the Sign-On tool may still not be a good option for many companies. By default this tools will start at login for all users on a terminalserver, regardless of whether they have any use for it. Not all users necessarily use Online Servics.

Luckily there is a way to omit using this tool, and still get a somewhat automated configuration for Outlook users connected to Online Services. By utilizing the autodiscover functionality available in Outlook 2007 (and Outlook 2010), it is possible to let Outlook semiautomatically configure itself to connect to Online Services.

One good source of information, is this KB article from Microsoft, http://support.microsoft.com/kb/956990. It explaines how to troubleshoot and configure autodiscovery for Outlook for Online Services.

The following must be done in order to get this working:

  • In DNS for the domain used for e-mail, a CNAME or SRV record for the autodiscover host must be set to point to the autodiscover server provided by Microsoft
  • An XML-file used for pointing Outlook in the right direction for autodiscovery must be created and made available in a common folder in the network.
  • A .reg-file (or any other way of distributing registry entries for users) must be set up, configuring some default settings for autodiscovery in HKCU for each user. This will among other things refer to the above mentioned XML-file.
  • A script for import the .reg-file (is used) in to the user registry setting.
Setting up the DNS CNAME or SRV record is fairly straightforward. Either notify the DNS hosting provider to add the record for you, or do it yourself. In the last case I set up BPOS, the customer had already set up a CNAME record which pointed to the european autodiscover service from Microsoft, ref. the article linked above.
Getting hold of the necessary XML-file for the autodiscover information for setting up outlook was a bit harder. I ended up installing Microsofts Sign In tool, and logging on there with a user on Online Service that was provided to me by the customer. This automatically created the XML-file, and saved in the local application data folder for the windows user I was logged in with. The content of this file tells Outlook where to look for autodiscover information for Outlook, and how to get hold of the global addressbook, calendar and other things for a full Outlook experience.
The content is as follows:

<Autodiscover xmlns=”http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006&#8243; xmlns:fo=”http://www.w3.org/1999/XSL/Format”&gt;

xmlns=”http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a”&gt;

<Account>

<Action>redirectUrl</Action>

<RedirectUrl>https://autodiscover-RED002.mail.emea.microsoftonline.com/autodiscover/autodiscover.xml</RedirectUrl&gt;

</Account>

</Response>

</Autodiscover>

Please note that this is for accessing the european Exchange Online service (Ireland). For the american and asian regions there are other server that should be used.
The .reg-file that must be imported, forces Outlook to use local autodiscover, and also shows where the XML-file above is located. In this scenario, the XML-file was moved to the customers netlogon-share for easy access.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Setup]

“First-Run”=hex:00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]

“PreferLocalXML”=dword:1

“ExcludeHttpRedirect”=dword:0

“ExcludeHttpsAutodiscoverDomain”=dword:1

“ExcludeHttpsRootDomain”=dword:1

“ExcludeScpLookup”=dword:1

“ExcludeSrvLookup”=dword:1″ExcludeSrvRecord”=dword:1

“domainname.no”=”\\\\domainnanme.no\\netlogon\\ms_online_services\\outlook-autodiscovery.xml”

The “First-Run” key shows if Outlook has been started earlier, or if this is the first time the user starts it. By setting this key to 00 hex, Outlook will automatically show the first run startup wizard, so that the user can input his/her e-mail address from Online Services (i.e firstname.lastname@domainname.no), and get Outlook to do the rest of the work.

What happens then, is that Outlook looks at the domainname of the e-mail address, and checks the registry for information on how to find the server handling mail for this particular domain.
It will then find the key “domainname.no”, and see that it refers to the xml-file on the netlogon-share. By opening this file, it will see that it needs to connect to Microsoft’s server. The user will be prompted for his/hers Online Services username and password, and Outlook will connect to the server, configure the connection and save the new profile in Outlook.
To deploy this configuration to only a few users at a time, I opted to use a kix-script (www.kixtart.org) that checks if the user is member of a particular group in AD. It that is they case, this will execute a new script that imports the above reg-file, and copies a textfile to the users application data folder. This textfile signifies that this user now has the new Outlook configuration.
The kix-file for checking the group membership looks something like this:

gosub OUTLOOK_PROFILE

exit

:OUTLOOK_PROFILE

If ingroup(“DOMAIN\G_Outlook_MS_Online_Services”)

? “Configuring MS Online Services”

shell “\\domain.no\NETLOGON\Outl2k7CABCTX\outlook_autodiscover_ms_online_services.cmd”

ENDif

Return

The cmd-file that is referred to here, looks like this:

@Echo off

if not exist “%appdata%\outlook_ms_online_services.txt” goto migrate

goto exit

:migrate

@echo off

reg delete “HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles” /F

regedit /s \\kis.no\NETLOGON\Outl2k7CABCTX\outl2k7_autodiscover_ms_online_services.reg

copy \\kis.no\NETLOGON\Outl2k7CABCTX\outlook_ms_online_services.txt “%appdata%”

:exit

This script deletes any existing Outlook profile information from the user’s profile, and imports the regfile for configuring the new connection.

The next-to-last line copies an empty text-file to the users %applicationdata% folder to signify a completed configuration. To reconfigure the user’s profile at a later time, simply delete this textfile from the user’s profile.
After these scripts has run, all the user has to do, is to start Outlook. The wizard is pretty self-explaining, and should only require a short explanation from the IT manager.
Voila, your user is connected to Microsoft Online Services!
Advertisements

One thought on “Microsoft Online Services (BPOS) on terminal server with Outlook 2007

  1. Cooper

    I read a lot of interesting posts here. Probably you spend a lot of time writing, i know
    how to save you a lot of work, there is an online tool that creates readable,
    google friendly posts in seconds, just type in google – laranitas free content source

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s