So off I went to hunt down a solution to the problem. There were two main suggestions that permeated throughout the internet:
- Map the internal server name to the matching external name by setting up new DNS zones on the domain controller.
- Changing the Exchange server to user external DNS names.
Option number 1 didn’t work properly for me. It was probably a configuration fault on my part as others have reported success with that approach. However, it is kind of cumbersome as you have to create a new DNS zone for each external address (you’ll need at least two – server.domain.com and autodiscover.domain.com).
Option 2 however was far more successful. Using a guide provided online by Digicert I discovered that using the Exchange Management Shell on the server, there are three Exchange entries that you need to change with the following commands:
- Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xml
- Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmx
- Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab
Once you have run these commands in Exchange Management Shell on the server, you need to then open IIS Manager, expand Application Pools, right click on MSExchangeAutodiscoverAppPool and then choose the Recycle option.
Once you’ve done this Outlook will no longer complain about invalid SSL certificates.
No comments:
Post a Comment