I have set up Exchange 2010 and Outlook 2007 in a test lab. Everything works (with SSL, OOO, etc). But there is one niggle:
During autodiscover from an external machine on the Internet, the end user inputs their name, email, and password twice, clicks next..
Then, on my setup I get a windows login prompt, with the username as being "FredSmith@contoso.com" already filled in. Entering the password fails. Username set to "FredSmith" also fails… but "contoso\fredsmith" works perfectly!
The IIS log shows error 401 for the first hit, which was contoso.co.uk\fredsmith. So Outlook is taking my email domain name and using that as a logon domain, which fails because only contoso.local works.
Now, my philosophy is that the end user shouldn't have to ever know or type in the domain name. This is particularly because this is an SBS 2011 test site.
So to recap, end user has to complete autoconfiguration wizard by effectively logging in twice, with different credentials. The whole idea, surely, is that any end user can set up outlook. Let's imagine 20% of end users don't even know the difference between a forward slash and a back slash when it comes to that username.
Best Answer
In my experience, this has always happened: the default username for authenticating to the Autodiscover service is the user's email address, which just doesn't make any sense at all (unless it matches the user's UPN, which is quite unusual).
I'd be really glad if someone else could provide a different answer, as this has been bugging me for a while...