This post was created with Zentura IT, Danish Citrix Partner, they specialize in the entire Citrix product portfolio.

Customers are demanding, and thank goodness for that!

That helps us, as IT-consultants, to explore new possibilities with the products we know, and even new products to find solutions to our customers’ headaches.

Luckily for this customer, they already had chosen Zentura IT (which happens to be very NetScaler-savvy) as their partner , so there was no need for new tools … just MORE NetScaler.

Customer X is a franchiser company, it has one public domain, and each franchiser has its own subdomain.


  • Main domain:
  • Subdomain:

Each franchiser has their own exchange and lync infrastructure, so users are actually named user1@, but they’re not aware of that. The users think they are named

This can be a problem when trying login on Lync (Skype for Business) or Outlook, since they use autodiscover. Autodiscover will try and contact the server of when the user enters credentials when, in fact, it should contact

Lync will still work … but only the voice part. All integration to MS UM is disabled if autodiscover doesn’t work.

According to the creators of Lync and Outlook, this is unfixable!

Fortunately for us, NetScaler has all the required functionality to make this work. This is another good reason to use NetScaler as a frontend to your Microsoft Applications. (remember to check out the the latest deployment guides for MS apps here)

The solution:
Intercept the autodiscover request, pick the user credentials, ask an external database to where this user belongs, redirect them to the right server.

How was this implemented:
When the autodiscover starts it generates a HTTP request that looks like the following:

 Cache-Control: no-cache
 Pragma: no-cache
 User-Agent: OC/15.0.4701.1000 (Microsoft Lync)
 Proxy-Connection: Keep-Alive

The important part of this HTTP request is the X-AnchorMailbox header, which contains the username/email address/UPN

Whenever a request comes in with the X-AnchorMailbox we need to invoke a HTTPcallout that looks up in an external database and gets the correct url that the client should contact for the meta data. This is done with a responder policy.

The callout script works as described below:

Output: “”


<callout ip> == ip of server hosting webscript that returns the real exchange server
<external ip> == ip of CS server reciving the requests from the clients.
add policy httpCallout Callout_company -IPAddress -port 80 -returnType TEXT -hostExpr "\"\"" -urlStemExpr "\"/autodiscover.php?emailaddress=\" + HTTP.REQ.HEADER(\"X-AnchorMailbox\")" -scheme http -resultExpr "HTTP.RES.BODY(100)"
 add responder action Action_company_Autodiscover redirect "SYS.HTTP_CALLOUT(Callout_company)" -bypassSafetyCheck YES
 add responder policy Responer_company "HTTP.REQ.HEADER(\"X-AnchorMailbox\").EXISTS" Action_company_Autodiscover
 add cs vserver cs_company_Autodiscover SSL 443 -cltTimeout 180
 bind cs vserver cs_company_Autodiscover -policyName Responer_company -priority 100 -gotoPriorityExpression END -type REQUEST

Possible workarounds:
Outlook: You can manually enter the server information, that requires an good manual, or good users.
Lync: You need AutoDiscover, there is no workaround if you want proper integration. You need NetScaler!

Tools used:
NetScaler – saves the day yet again!
Lots and lots of coffee!