If you have been using an SSL Certificate to secure internal domains for your Exchange deployment such as the Client Access Server's internal FQDN (e.g. CASServer01.yourcompanyinternaldomain.com)then you will need to make preparations to not use these internal names in your SSL Certificate because of a recent CAB Forum change Certificate Authorities can no longer issue SSL Certificates with internal domain names supported.
For more detailed Exchange Management Shell instructions, please see our blog - Replace Your Certificates for Internal Names – Part II.
To update your Exchange 2007, Exchange 2010, or Exchange 2013 server, you will need to run the following commands from the Exchange Management Shell and replace the Server running the Client Access Role with your external domain name. These commands update the URL for the Autodiscover service, Exchange Web Services (EWS), and the OWA Web-based Offline Address boo,k respectively.
Before running these commands, check to make sure that a DNS record exists mapping the IP Address to the Exchange Client Access (CAS) server.
Run These Commands:
Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xmlSet-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmxSet-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab
Depending on Your Configuration, You May Need to Run Some Additional Commands:
Set-ActiveSyncVirtualDirectory -Identity "HostName\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl https://mail.yourdomain.com/Microsoft-Server-ActiveSyncSet-OWAVirtualDirectory -Identity "HostName\owa (Default Web Site)" -InternalUrl https://mail.yourdomain.com/owaSet-ECPVirtualDirectory -Identity "HostName\ecp (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ecpSet-OutlookAnywhere -Identity "HostName\Rpc (Default Web Site)" -InternalHostname mail.yourdomain.com -InternalClientsRequireSsl $true
Next, to make these commands take effect, you have to tell IIS to push these changes by recycling the application pools.