I have set up Exchange 2010 and Outlook 2007 in a test lab. Everything works (with SSL, OOO, etc). But there is one niggle:
During autodiscover from an external machine on the Internet, the end user inputs their name, email, and password twice, clicks next..
Then, on my setup I get a windows login prompt, with the username as being "[email protected]" already filled in. Entering the password fails. Username set to "FredSmith" also fails... but "contoso\fredsmith" works perfectly!
The IIS log shows error 401 for the first hit, which was contoso.co.uk\fredsmith. So Outlook is taking my email domain name and using that as a logon domain, which fails because only contoso.local works.
Now, my philosophy is that the end user shouldn't have to ever know or type in the domain name. This is particularly because this is an SBS 2011 test site.
So to recap, end user has to complete autoconfiguration wizard by effectively logging in twice, with different credentials. The whole idea, surely, is that any end user can set up outlook. Let's imagine 20% of end users don't even know the difference between a forward slash and a back slash when it comes to that username.
In my experience, this has always happened: the default username for authenticating to the Autodiscover service is the user's email address, which just doesn't make any sense at all (unless it matches the user's UPN, which is quite unusual).
I'd be really glad if someone else could provide a different answer, as this has been bugging me for a while...
It's easy! Load Active Directory Sites and Trusts, right click the root node, Properties, and add in these host names:-
autodiscover.domain.com domain.com
Job done! Now Outlook doesn't ask you for 2 sets of credentials! Just the one that is contained within the wizard.. Perfect!
Source and thanks to: How can I trick SBS 2011 into allowing me to assign a UPN alias so users can logon as [email protected] (but it applies to Windows Server 2003+).