Redirecting Internal Exchange Domains to use External Domains from the EMS

If you have been using an SSL Certificate to secure internal domains for your Exchange deployment such as the Client Access Server's internal FQDN (e.g. CASServer01.yourcompanyinternaldomain.com)then you will need to make preparations to not use these internal names in your SSL Certificate because of a recent CAB Forum change Certificate Authorities can no longer issue SSL Certificates with internal domain names supported.

Redirecting your Exchange Server to use the External DNS Name

For more detailed Exchange Management Shell instructions, please see our blog - Replace Your Certificates for Internal Names – Part II.

To update your Exchange 2007, Exchange 2010, or Exchange 2013 server you will need to run the following commands from the Exchange Management Shell and replace the Server running the Client Access Role with your external domain name. These commands update the URL for the Autodiscover service, Exchange Web Services (EWS) and the OWA Web-based Offline Address book respectively.

Before running these commands, check to make sure that a DNS record exists mapping the IP Address to the Exchange Client Access (CAS) server.

Note: Each of these commands below should be run on a single line in the Exchange Management Shell (EMS):

Run These Commands:

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xml Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmx Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab

Depending on Your Configuration, You May Need to Run Some Additional Commands:

Set-ActiveSyncVirtualDirectory -Identity "HostName\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl https://mail.yourdomain.com/Microsoft-Server-ActiveSync Set-OWAVirtualDirectory -Identity "HostName\owa (Default Web Site)" -InternalUrl https://mail.yourdomain.com/owa Set-ECPVirtualDirectory -Identity "HostName\ecp (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ecp Set-OutlookAnywhere -Identity "HostName\Rpc (Default Web Site)" -InternalHostname mail.yourdomain.com -InternalClientsRequireSsl $true

Note: Depending on your configuration, the OutlookAnywhere setting might not be set up.

Recycle the IIS Application Pools

Next to make these commands take effect you have to tell IIS to push these changes by recycling the application pools.

  1. Open IIS Manager by clicking Start, then enter inetmgr.
  2. Expand the server and expand Application Pools, then right-click on MSExchangeAutodiscoverAppPool, and select Recycle.


Buy an SSL Certificate for Exchange 2010 Today!

Buy Now