We need to set the URLs and hostnames for the below:
- Outlook Anywhere
- Exchange Control Panel
- Outlook Web Access
- Exchange Web Services
- Offline Address Book
- Service Connection Point (for autodiscover)
Each of the hostnames that we use need to be configured on the SSL certificate configured on all CAS servers in that particular site otherwise we may see an outlook certificate warning "The name on the security certificate is invalid or does not match the name of the site". To create SSL certificate requests and import them for use on your CAS servers, see here.
Should I set the internal and external names to be the same?
For simplicity and to reduce the number of names required on the certificates, it's recommended to use the same names for internal and external URLs. This may require you to set up split brain DNS if your internal and external domain names are not the same. You should set up internal A records to resolve to the internal IPs of your CAS servers and the external A records to resolve to the external IPs of your CAS servers.
For the purposes of this lab, our setup is below:
- Single Exchange 2013 server called litex01.litwareinc.com
- Internal domain: litwareinc.com
- External domain: litwareinc.com
Set Outlook Anywhere hostnames
To set the hostnames used for Outlook Anywhere, use the below command run on a single line. Outlook Anywhere hostnames specify what addresses Outlook connects to.
Get-OutlookAnywhere -Server litex01 | Set-OutlookAnywhere -InternalHostname "mail.litwareinc.com" -InternalClientAuthenticationMethod Ntlm -InternalClientsRequireSsl $true -ExternalHostname "mail.litwareinc.com" -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl $true -IISAuthenticationMethods Negotiate,NTLM,Basic
Set Exchange Control Panel URLs
Get-EcpVirtualDirectory -Server litex01 | Set-EcpVirtualDirectory -InternalUrl https://mail.litwareinc.com/ecp -ExternalUrl https://mail.litwareinc.com/ecp
In the above screenshot, we see that we need to make the same change to the OWA virtual directory so we'll do that next.
Set Outlook Web Access URLs
Get-OwaVirtualDirectory -Server litex01 | Set-OwaVirtualDirectory -InternalUrl https://mail.litwareinc.com/owa -ExternalUrl https://mail.litwareinc.com/owa
Set Exchange Web Services URLs
Get-WebServicesVirtualDirectory -Server litex01 | Set-WebServicesVirtualDirectory -InternalUrl https://mail.litwareinc.com/EWS/Exchange.asmx -ExternalUrl https://mail.litwareinc.com/EWS/Exchange.asmx
Set ActiveSync URLs
Get-ActiveSyncVirtualDirectory -Server litex01 | Set-ActiveSyncVirtualDirectory -InternalUrl https://mail.litwareinc.com/Microsoft-Server-ActiveSync -ExternalUrl https://mail.litwareinc.com/Microsoft-Server-ActiveSync
Set Offline Address Book URLs
Get-OabVirtualDirectory -Server litex01 | Set-OabVirtualDirectory -InternalUrl https://mail.litwareinc.com/OAB -ExternalUrl https://mail.litwareinc.com/OAB
Service Connection Point URL
The Service Connection Point (SCP) is an entry made on the CAS server object in the Configuration naming context in AD. It provides an autodiscover URL to internal Outlook clients so they can perform autoconfiguration. To set this, run the below command:
Get-ClientAccessServer -Identity litex01 | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.litwareinc.com/Autodiscover/Autodiscover.xml
How do I confirm these settings have applied to Outlook clients?
It may take a bit of time for Autodiscover to apply the new settings but you can force it by recycling the MSExchangeAutodiscoverAppPool app pool in IIS.
To confirm what settings the Outlook clients are now using, you can use the Test E-mail AutoConfiguration utility which is built into Outlook. Instructions on how to use this are here. This should show your new URLs configured.
This is the output of the Test E-mail AutoConfiguration utility from before we made the above URL changes:
This is the output after the changes were made and the MSExchangeAutodiscoverAppPool app pool was restarted:
We can now see that Outlook is using the correct URLs.