Tuesday, 20 October 2015

Exchange 2010, 2013, 2016 - Set Virtual Directory

When setting up Exchange 2010, 2013, 2016 servers, you will need to configure the virtual directory URLs and Outlook Anywhere hostnames so that the clients receive these correct URLs from autodiscover. 

We need to set the URLs and hostnames for the below:

  • Outlook Anywhere
  • Exchange Control Panel
  • Outlook Web Access
  • Exchange Web Services
  • ActiveSync
  • Offline Address Book
  • Service Connection Point (for autodiscover)

Each of the hostnames that we use need to be configured on the SSL certificate configured on all CAS servers in that particular site otherwise we may see an outlook certificate warning "The name on the security certificate is invalid or does not match the name of the site". To create SSL certificate requests and import them for use on your CAS servers, see here.

Should I set the internal and external names to be the same?

For simplicity and to reduce the number of names required on the certificates, it's recommended to use the same names for internal and external URLs. This may require you to set up split brain DNS if your internal and external domain names are not the same. You should set up internal A records to resolve to the internal IPs of your CAS servers and the external A records to resolve to the external IPs of your CAS servers. 

Current environment

For the purposes of this lab, our setup is below:
  • Single Exchange 2013 server called litex01.litwareinc.com
  • Internal domain: litwareinc.com
  • External domain: litwareinc.com

Set Outlook Anywhere hostnames

To set the hostnames used for Outlook Anywhere, use the below command run on a single line. Outlook Anywhere hostnames specify what addresses Outlook connects to.

Get-OutlookAnywhere -Server litex01 | Set-OutlookAnywhere -InternalHostname "mail.litwareinc.com" -InternalClientAuthenticationMethod Ntlm -InternalClientsRequireSsl $true -ExternalHostname "mail.litwareinc.com" -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl $true -IISAuthenticationMethods Negotiate,NTLM,Basic




Set Exchange Control Panel URLs

Get-EcpVirtualDirectory -Server litex01 | Set-EcpVirtualDirectory -InternalUrl https://mail.litwareinc.com/ecp -ExternalUrl https://mail.litwareinc.com/ecp




In the above screenshot, we see that we need to make the same change to the OWA virtual directory so we'll do that next.

Set Outlook Web Access URLs

Get-OwaVirtualDirectory -Server litex01 | Set-OwaVirtualDirectory -InternalUrl https://mail.litwareinc.com/owa -ExternalUrl https://mail.litwareinc.com/owa





Set Exchange Web Services URLs

Get-WebServicesVirtualDirectory -Server litex01 | Set-WebServicesVirtualDirectory -InternalUrl https://mail.litwareinc.com/EWS/Exchange.asmx -ExternalUrl https://mail.litwareinc.com/EWS/Exchange.asmx





Set ActiveSync URLs

Get-ActiveSyncVirtualDirectory -Server litex01 | Set-ActiveSyncVirtualDirectory -InternalUrl https://mail.litwareinc.com/Microsoft-Server-ActiveSync -ExternalUrl https://mail.litwareinc.com/Microsoft-Server-ActiveSync




Set Offline Address Book URLs

Get-OabVirtualDirectory -Server litex01 | Set-OabVirtualDirectory -InternalUrl https://mail.litwareinc.com/OAB -ExternalUrl https://mail.litwareinc.com/OAB




Service Connection Point URL

The Service Connection Point (SCP) is an entry made on the CAS server object in the Configuration naming context in AD. It provides an autodiscover URL to internal Outlook clients so they can perform autoconfiguration. To set this, run the below command:

Get-ClientAccessServer -Identity litex01 | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.litwareinc.com/Autodiscover/Autodiscover.xml




How do I confirm these settings have applied to Outlook clients?

It may take a bit of time for Autodiscover to apply the new settings but you can force it by recycling the MSExchangeAutodiscoverAppPool app pool in IIS. 

To confirm what settings the Outlook clients are now using, you can use the Test E-mail AutoConfiguration utility which is built into Outlook. Instructions on how to use this are here. This should show your new URLs configured. 

This is the output of the Test E-mail AutoConfiguration utility from before we made the above URL changes:



This is the output after the changes were made and the MSExchangeAutodiscoverAppPool app pool was restarted:




We can now see that Outlook is using the correct URLs.

1 comment:

  1. Great, great text. It helped me a lot. Many thanks

    ReplyDelete