I'm in the process off setting up Exchange 2010 in our organization and have a question on the AutoDiscovery service. I would like to supply all clients with the external name of the Client access server instead of the internal. The internal is exhub1 and the external exchange.domain.com. If client's get the internal address they won't be able to connect from the outside. Where can I find settings to do this. Preferably the internal name would not be used in any scenario.MCITP Server Administrator Blog: http://www.nixadmins.net

Do you have a web publishing device (like an ISA server) in your DMZ? That would help a whole lot. Basically you have to make sure that the URL lands at the autodiscover virtual directory on a CAS server, and the CAS server has a certificate with a CN or SAN that matches the hostname being used to navigate there. Having an ISA server in your DMZ can simplify the certificate issues a lot by separating external certificate requirements from internal ones. Another approach for the certificate issue is to start using a split-brain DNS, where your internal users use the same URL as external ones. You don't have to change your AD to do that, just create separate DNS zones for internal access and external access, both using the external zone. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "Mats Hellman" wrote in message news:f08baaf1-a5c6-49f8-93af-59fd3a0026a7... I'm in the process off setting up Exchange 2010 in our organization and have a question on the AutoDiscovery service. I would like to supply all clients with the external name of the Client access server instead of the internal. The internal is exhub1 and the external exchange.domain.com. If client's get the internal address they won't be able to connect from the outside. Where can I find settings to do this. Preferably the internal name would not be used in any scenario. MCITP Server Administrator Blog: http://www.nixadmins.netEd Crowley MVP "There are seldom good technological solutions to behavioral problems."

We are currently not using ISA. The certificate will be a UC certificate. The request is still pending. What do you mean by split brain? We alread have a externaldomain.com and an internaldomain.com(AD). When a client in the LAN asks for the settings AD will return exchange.internaldomain.com as a server. This will ofcourse be a problem for a laptop moving out of the office, so instead I'd like the reply to be exchange.externaldomain.com even for the internal clients.MCITP Server Administrator Blog: http://www.nixadmins.net

To much work in the last few days. What you are saying is I should add records in my internal DNS for the external.domain.com address. Point my Exchange users to it and they will use it on the inside and the outside. Ok. So I access my CA server and changed every CA roles internal address to the same as the external one. Is there anything else I need to do or will this eventually just replicate out in the domain? Right now my Outlook is still using internal.domain2.com instead of external.domain.com.MCITP Server Administrator Blog: http://www.nixadmins.net

Right. If you do that, it will vastly simplify your certificate requirements. The real problem is that a public certificate authority typically won't issue a certificate for internaldomain.com because it's not a public domain that you own. Once you can verify that you can reach all services via the internal domain addresses, you can change your URLs for the various services with the various shell commands or console settings. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "Mats Hellman" wrote in message news:80c412ae-6689-4ea9-9ad3-25fffb161cba... To much work in the last few days. What you are saying is I should add records in my internal DNS for the external.domain.com address. Point my Exchange users to it and they will use it on the inside and the outside. Ok. So I access my CA server and changed every CA roles internal address to the same as the external one. Is there anything else I need to do or will this eventually just replicate out in the domain? Right now my Outlook is still using internal.domain2.com instead of external.domain.com. MCITP Server Administrator Blog: http://www.nixadmins.netEd Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hi, Additionally, you should change the RPCClientAccess value to external name which associated with Mailbox Database. For Outlook clients which connect Autodiscover in the below order: SCP, DNS query (domain.com or Autodiscover.domain.com), HTTP redirect, SRV. Through the Autodiscover, it retrieves the name of the CAS which associated with Mailbox Database to connect the mailbox server. Thanks Allen

Where do I set the RPCClientAccess value?MCITP Server Administrator Blog: http://www.nixadmins.net

I tried to use Set-RpcClientAccess -Server server.externaldomain.com but I get the error Exchange server "server.externaldomain.com" was not found.MCITP Server Administrator Blog: http://www.nixadmins.net

Ok got it. I had to create a CAS cluster even if it is only one frontend server for now. Outlook is now connecting to the server.externaldomain.com instead of the internal one. So I'm happy. Thanks for your help guys. As for documentation on the sollution, I know there are docs on technet but I found this one really good http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/uncovering-new-rpc-client-access-service-exchange-2010-part1.html If someone stumbles on this there's the link. MCITP Server Administrator Blog: http://www.nixadmins.net