Knowledgebase

Redirect Internal Names to use a Registered Domain  Print this Article

If you have been using an SSL Certificate to secure internal domains for your Exchange deployment such as the Client Access Server's internal FQDN (e.g. CASServer01.yourcompanyinternaldomain.com) then you will need to make preparations to not use these internal names in your SSL Certificate because of a recent CAB Forum change Certificate Authorities can no longer issue SSL Certificates with internal domain names supported.

To reconfigure your domain to use only the external domain name you have a couple of options. If you are using Active Directory you can migrate an internal Active Directory domain to a registered External name. This will change the internal FQDN of your Exchange Servers so they will reroute to a valid subdomain of your registered external domain (e.g. change from CASServer01.yourcompany.internal to CASServer01.yourcompany.com) allowing you to use a SAN certificate or a Wildcard to secure these names. Alternatively, you can redirect the internal names to use the external mail URL, but this method will not allow access to mail using the Outlook Anywhere service so users connecting over a VPN would have connection problems.

Redirecting your Exchange Server to use the External DNS Name

To update your Exchange 2007 or Exchange 2010 server you will need to run the following commands from the Exchange Management Shell and replace the Server running the Client Access Role with your external domain name. These commands update the URL for the Autodiscover service, Exchange Web Services (EWS) and the OWA Web-based Offline Address book respectively.

Before running these commands you will just need to check make sure a DNS record exists mapping the IP Address to the Exchange Client Access (CAS) server. 

Note: Each of these commands below should be run on a single line in the Exchange Management Shell (EMS):

Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xmlSet-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmxSet-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab

Recycle the IIS Application Pools

Next to make these commands take effect you have to tell IIS to push these changes by recycling the application pools.

  1. Open IIS Manager by clicking Start, then enter inetmgr.
  2. Expand the server and expand Application Pools, then right-click on MSExchangeAutodiscoverAppPool, and select Recycle.

Was this answer helpful?

Related Articles

What is an SSL certificate?
A SSL certificate is an electronic document signed by a certification authority. SSL is an...
What is validation process for issuing an SSL certificate?
The validation procedures are different and depend on the certificate validation type (DV, OV or...
What is SSL?
SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link...
What does a warranty mean?
The warranty that you get when you purchase an SSL certificate insurers the end user up to a...
What is a Wildcard option?
Certificates with a Wildcard option, secure the main domain name (e.g. your-address.com) and...