When will we be able to disable autodiscovery in Outlook 2007? This morning I got a delightful scare from Outlook informing me of an SSL certificate name mismatch. Long story short, our local DNS crapped out and it went looking out on the internet for the autodiscover sub-domain. Having never been configured with our registrar, it defaulted to our host IP leading to aforementioned confusion.
While I'm sure the fine developers in Redmond will pass this off as a mere nuisance, I would point out that a clever man might hijack the domain, as was done to Comcast recently by a bunch of bored teenagers, setup a redirect on the autodiscover sub-domain, and reconfigure Outlook clients to his whim. Seeing as this service is only useful if you're running Exchange 2007, those of us who don't would like a way to patch this security hole.
While I'm sure the fine developers in Redmond will pass this off as a mere nuisance, I would point out that a clever man might hijack the domain, as was done to Comcast recently by a bunch of bored teenagers, setup a redirect on the autodiscover sub-domain, and reconfigure Outlook clients to his whim. Seeing as this service is only useful if you're running Exchange 2007, those of us who don't would like a way to patch this security hole.