Sat, 04 Apr 2026 10:12:52 +0000 https://bugs.horde.org/ticket/11638 ActiveSync :: The Autodiscover URL must be configurable, not extracted from the email address performing the query. If you have a single horde installation serving a couple of domains, you oftne have only one SSL certificate covering the domain of your horde installation, not of all virtual domains the horde installation serves. Because the AutoDiscover feature is usually performed via SSL and mosts clients quit autodiscovery if the find a untrusted or invalid SSL certificate, it is mandatory to return an ActiveSync URL covered with that SSL certificate, not with URL derived from the email Domain. Example: * Horde installation at https://www.my-horde.tld, covered with a valid and trusted SSL certificate. * Virtual domain and email address user@virtual-customer.tld The current implementation returns a ActiveSync URL which is: https://virtual-customer.tld/Microsoft-Server-ActiveSync --> this URL is not covered by the SSL certificate of https://www.my-horde.tld -> AutoDiscover fails. The right implementation should be a ActiveSync URL which is configurable in the Administration/ActiveSync prefs. In this example it should be configured as "www.my-horde.tld" which would return a URL "https://www.dannhauer.de/Microsoft-Server-ActiveSync" which is covered by the SSL certificate. I'm not totally aware of all pref-system details, so I cannot provide a working solution. Anyway, I'm sure this is a 5 minutes task if someone is aware of the horde pref system. The relevant function which requires adaption is: Horde/Core/ActiveSync/Driver.php :: autoDiscover() Many thanks, Torben Dannhauer Sun, 04 Nov 2012 16:53:14 +0000 https://bugs.horde.org/ticket/11638#t74357 oops, there was a mistake in my text, it should be [...] The right implementation should be a ActiveSync URL which is configurable in the Administration/ActiveSync prefs. In this example it should be configured as "www.my-horde.tld" which would return a URL "https://www.my-horde.tld/Microsoft-Server-ActiveSync" which is covered by the SSL certificate. [...] Sun, 04 Nov 2012 17:06:07 +0000 https://bugs.horde.org/ticket/11638#t74358 > If you have a single horde installation serving a couple of domains, > you oftne have only one SSL certificate covering the domain of your > horde installation, not of all virtual domains the horde installation > serves. > > Because the AutoDiscover feature is usually performed via SSL and > mosts clients quit autodiscovery if the find a untrusted or invalid > SSL certificate, it is mandatory to return an ActiveSync URL covered > with that SSL certificate, not with URL derived from the email Domain. The host is NOT directly calculated on ther server from the email address provided by the user/client. It's parsed out of the result of Horde::url(), which returns a URL based on $conf['server']['name']. Are you using virtual-domain specific configuration files? If so, that might explain why this is happening since the *client* uses the email address to determine which server to query for the Autodiscovery. Telling ActiveSync to use the one domain for all activesync requests will cause your custom domain specific configuration files to be ignored. Instead of adding this as a configuration option, I'm going to add a new hook. I've had various hooks planned for autodiscover but were pretty low priority for me. Mon, 05 Nov 2012 15:08:13 +0000 https://bugs.horde.org/ticket/11638#t74393 >> If you have a single horde installation serving a couple of domains, >> you oftne have only one SSL certificate covering the domain of your >> horde installation, not of all virtual domains the horde installation >> serves. >> >> Because the AutoDiscover feature is usually performed via SSL and >> mosts clients quit autodiscovery if the find a untrusted or invalid >> SSL certificate, it is mandatory to return an ActiveSync URL covered >> with that SSL certificate, not with URL derived from the email Domain. > > The host is NOT directly calculated on ther server from the email > address provided by the user/client. It's parsed out of the result of > Horde::url(), which returns a URL based on $conf['server']['name']. > > Are you using virtual-domain specific configuration files? If so, > that might explain why this is happening since the *client* uses the > email address to determine which server to query for the > Autodiscovery. > > Telling ActiveSync to use the one domain for all activesync requests > will cause your custom domain specific configuration files to be > ignored. > > Instead of adding this as a configuration option, I'm going to add a > new hook. I've had various hooks planned for autodiscover but were > pretty low priority for me. Hmm, that sounds horde has already the right behaviour I need. Maybe I've mixed something up, I was hunting several horde problems in the last days. I'll check this again after work and will comment this bug again. Yeah hooks sounds great, this would allow to modify the autodiscover behavior without adding lots of new options to the configuration. Torben Mon, 05 Nov 2012 15:22:15 +0000 https://bugs.horde.org/ticket/11638#t74395 >>> If you have a single horde installation serving a couple of domains, >>> you oftne have only one SSL certificate covering the domain of your >>> horde installation, not of all virtual domains the horde installation >>> serves. >>> >>> Because the AutoDiscover feature is usually performed via SSL and >>> mosts clients quit autodiscovery if the find a untrusted or invalid >>> SSL certificate, it is mandatory to return an ActiveSync URL covered >>> with that SSL certificate, not with URL derived from the email Domain. >> >> The host is NOT directly calculated on ther server from the email >> address provided by the user/client. It's parsed out of the result of >> Horde::url(), which returns a URL based on $conf['server']['name']. >> >> Are you using virtual-domain specific configuration files? If so, >> that might explain why this is happening since the *client* uses the >> email address to determine which server to query for the >> Autodiscovery. >> >> Telling ActiveSync to use the one domain for all activesync requests >> will cause your custom domain specific configuration files to be >> ignored. >> >> Instead of adding this as a configuration option, I'm going to add a >> new hook. I've had various hooks planned for autodiscover but were >> pretty low priority for me. > > Hmm, that sounds horde has already the right behaviour I need. Maybe > I've mixed something up, I was hunting several horde problems in the > last days. > > I'll check this again after work and will comment this bug again. > > Yeah hooks sounds great, this would allow to modify the autodiscover > behavior without adding lots of new options to the configuration. > > Torben Hi, I have no vhost configs, I have a single horde installation for multiple domains.. Of course the client uses the email address to determine the url to query for autodetection, but each of my virtual domains has a DNS redirect entry and horde is only availableto redirect autodiscover queries to www.my-host.tld - and it works with outlook. So according to the specs, each client device should restart the autodiscover at www.my-host.tld. I have verified the problem: My horde is located at 'www.my-host.tld' while to have only a single SSL certificate to buy. emailadresses with user@virtual-domain.tld get a ActiveSync URL 'https://virtual-domain.tld/Microsoft-Server-ActiveSync' but not 'https://www.my-host.tld/Microsoft-Server-ActiveSync' Even when I use an email-address user@my-host.tld it uses 'https://my-host.tld/Microsoft-Server-ActiveSync' and not 'https://www.my-host.tld/Microsoft-Server-ActiveSync' -- is that the correct behaviour? Anyway, the tip to specify my correct horde URL in $conf['server']['name'] as $conf['server']['name'] = 'www.my-host.tld' instead of using SERVER_NAME did the trick, now it works correctly. For me this issue is closed... Many thanks, Torben By the way: the interesting question is why my webserver delivers horde querys vor http://virtual.tld but the apaceh vhost is configured only for https://www.my-host.tld .... THAT seems to be a true bug ;) Mon, 05 Nov 2012 20:02:43 +0000 https://bugs.horde.org/ticket/11638#t74434 > Hi, > I have no vhost configs, I have a single horde installation for > multiple domains.. > > Of course the client uses the email address to determine the url to > query for autodetection, but each of my virtual domains has a DNS > redirect entry and horde is only availableto redirect autodiscover > queries to www.my-host.tld - and it works with outlook. So according > to the specs, each client device should restart the autodiscover at > www.my-host.tld. > > I have verified the problem: > My horde is located at 'www.my-host.tld' while to have only a single > SSL certificate to buy. > emailadresses with user@virtual-domain.tld get a ActiveSync URL > 'https://virtual-domain.tld/Microsoft-Server-ActiveSync' but not > 'https://www.my-host.tld/Microsoft-Server-ActiveSync' > Even when I use an email-address user@my-host.tld it uses > 'https://my-host.tld/Microsoft-Server-ActiveSync' and not > 'https://www.my-host.tld/Microsoft-Server-ActiveSync' > -- is that the correct behaviour? Yes. Probably because Apache is returning my-host.tld as $_SERVER['SERVER_NAME'] because that is what it is answering the request as (since this is what the client is requesting based on the email address). This is what the $conf['server']['name'] configuration is designed to override. For more detailed information on the AUTOCONFIGURE process you can read http://blogs.msdn.com/b/exchangedev/archive/2011/07/08/autodiscover-for-exchange-activesync-developers.aspx > By the way: the interesting question is why my webserver delivers > horde querys vor http://virtual.tld but the apaceh vhost is > configured only for https://www.my-host.tld .... THAT seems to be a > true bug ;) Maybe because your my-host.tld server is the default virtual domain? Mon, 05 Nov 2012 21:01:07 +0000 https://bugs.horde.org/ticket/11638#t74438