Microsoft Exchange and Blackberry Server Specialists

Web Services and Other Client Access Host Name Configuration on Exchange 2010 Server

Short URL: http://semb.ee/hostnames2010

On This Page

  • Other versions of Exchange
  • Introduction
  • Prerequisites
  • Implementation with a Load Balancer
  • Client Access URLs
  • Client Receive Connector
  • Autodiscover URL
  • Web Services URL
  • Outlook Anywhere URL
  • Script for these changes
  • Testing

Other Versions of Exchange

This article is available for other versions of Exchange:

Exchange 2007
Exchange 2013

Introduction

From November 2015, you will no longer be able to get SSL certificates from commercial providers with internal server names on them. Therefore external names will need to be used internally as well as externally. This will require modifications to the configuration of Exchange so that the correct information is issued by Autodiscover and clients are able to connect on the new URLs.

Prerequisites

A Split DNS system will also be required so that the external name resolve internally.

These changes should be made AFTER an SSL certificate has been acquired with the relevant host names on it. The modifications shown remove the need for the FQDN of the server to be used, instead use a generic URL.

Implementation With a Load Balancer

When you are going to implement a load balancer, initially point the host names at the relevant Client Access Server role, once you are satisfied they are working correctly, configure the load balancer with port 443 and then adjust the DNS entries to match.
The URLs should be unique per AD site. Do not attempt to use the same URL across multiple sites. However all servers in the same AD site with the same load balancer should have the same URL set in their properties.

Client Access URLs

The client access URLs are what autodiscover gives to the clients, and also what is sent to the client web browser when access is made through the wrong server.

On servers where you have a single server holding all of the roles, set both the internal and external name to the external SSL certificate name - so replace host.domain.local with mail.example.net. Do take care to leave the rest of the URL as shown.

Fig 4: Properties of the OWA Virtual Directory
Fig 1: Properties of the OWA Virtual Directory
Fig 5: Properties of the Microsoft Server ActiveSync Virtual Directory
Fig 2: Properties of the Microsoft Server ActiveSync Virtual Directory
Fig 6: Properties of the OAB Virtual Directory
Fig 3: Properties of the OAB Virtual Directory
Fig 7: Properties of the ECP Virtual Directory
Fig 4: Properties of the ECP Virtual Directory

Client Receive Connector

Adjust the CLIENT Receive Connector in Server configuration, Hub Transport. Change the FQDN to match your external certificate. To use the example above - mail.example.net . DO NOT Change the Default Receive Connector.

Fig 3: Select Resource Record Type
Fig 6: Client Receive Connector Properties

Autodiscover URL

If you are using a single server or all servers are in the same AD site, then the following commands can be used:



However if you are using multiple servers in multiple AD sites, then you need to set the commands as per the box below, replacing "CAS-Server" with the real name of the server that holds the CAS role.


 

Web Services URL

As with Autodiscover, if you are using a single server then the following commands can be used:



However if you are using multiple servers, then you need to set the commands as per the box below, replacing "CAS-Server" with the real name of the server that holds the CAS role.


 

Outlook Anywhere URL

Right click on the Client Access Server and choose Properties. Click on the tab Outlook Anywhere and adjust the URL to match the external name on the SSL certificate.

Cycle the Exchange Services
After making the changes, cycle the Exchange services to ensure that the changes are live.

Script for the Above

Using the power of PowerShell, the above changes can be easily scripted.
Copy the text below in to a new notepad document and modify the two lines at the top - remember to leave the " in place. Then it as a file name ending in ps1 - for example URLs.ps1 on the Exchange server itself.

Start Exchange Management Shell and run this command first:

Set-ExecutionPolicy "RemoteSigned"

That will allow the script to be run, as it isn't signed.
Then you can run the script - the best way is to CD to the directory and then use tab - and EMS will recognise the script.

This is a modified version of the script, suitable for running in a domain with multiple Exchange installations, and would need to be customised for each server.

Testing

To test the configuration, use Outlook 2007 or higher on a workstation.
Start Outlook and wait for it to connect.

Then hold down CTRL and right click on the Outlook icon in the system tray next to your clock. Choose "Test Email AutoConfiguration…" Then select the option to test the configuration.
Should you have everything configured correctly, then all of the URLs should appear as your external certificate name and you do not get any certificate prompts.

MSSTD URL

If the URL for Outlook Anywhere under MSSTD is not correct, then you may have to set that manually.
To do that, use the following command in EMS:

Version for Exchange 2013