Hello I'm pretty unsure, how to configure all these Web directory. What I would like to do: Using Exchange Server 2007 on Server 2008. I would like to use the Autodiscover, ActiveSync (Win Mobile 6.x) and Outlook Anywhere (no plans for UM...). To secure this, we will buy a UCCertificate from GoDaddy. For thiscmdlets I have some questions: Set-AutodiscoverVirtualDirectory Which Authentication type should be used? Current configuration, Digest is enabled, Basic and Windowsare disabled. For which connection is this "InternalUrl", Outlook will loke in AD or DNS to find the service, or not? Set-ClientAccessServer -AutoDiscoverServiceInternalUrl Also here, for which connection is this "InternalUrl" and why is there no "ExternalUrl"? Set-ActiveSyncVirtualDirectory For which connection is this "InternalUrl"? Which Authentication type should be used? Current configuration, Basic is enabled, Windows is disabled. Set-WebServicesVirtualDirectory Which Authentication type should be used? Current configuration, Digest is disabled, Basic and Windows are enabled. Set-OabVirtualDirectory Is it recommended to use the "-RequireSSLtrue" switch? Could this causes problems with some clients (ex. Outlook 2003)? Enable-OutlookAnywhere Which Authentication type should be used? Current configuration, -ExternalAuthenticationMethod "Basic". Is it recommended to use the "-SSLOffloadingfalse" switch? Could this causes problems with some clients (ex. Outlook 2003)? Set-OwaVirtualDirectory Which Authentication type should be used? Current configuration, Digest is disabled, Basic and Windows are enabled. Thanks a lot for yome feedback to this configs. Regards Norbert

Hello. InternalURL is used by clients when they have connection to AD, ie when on internal network. ExternalURL is the url clients use when they are not connected to your AD domain. Startwith getting the autodiscovery to work, when this work outlook will receive URL for OAB, webservices. I would start with setting externalURL to basic auth and internalurl to windows integrated auth. always use SSL/HTTPS. SSLoffloading can be turned on but only in case when you have another device infront of Exchange that handleSSL/HTTPS and then forward traffic as plain HTTP to Exchange. The most common solution is to access IIS in Exchange with HTTPS/SSL, this is also required by default settings. Provide more info about your Exchange design, number of servers, are they spread out geographically etc.

Hello and thanks for your reply Ok, lets start with the Autodiscover Service ;-) To configure this, I would use these two cmdlets: "Set-ClientAccessServer -AutoDiscoverServiceInternalUri" and "Set-AutoDiscoverVirtualDirectory", or do both the same? Concerning the permission settings. Do you always configure external to basiv and internal to windows, this means also on EWS, OWA and OAB? Would this cmdlet work to realize this? Code SnippetSet-OwaVirtualDirectory -Identity "Exchange\OWA (Default Web Site)" -InternalUrl "h ttps://domain.local/owa" -WindowsAuthentication:$True -BasicAuthentication:$False -BasicAuthentication:$False -ExternalUrl "h ttps://doamin.com/owa"-WindowsAuthentication:$False -BasicAuthentication:$True -BasicAuthentication:$False Third questions to Autodiscover, just for my understanding. Will the internal URL refeer to the entry in Active Directory. This means, Domain integrated clients will find the CAS in AD on connect on this URL? Informations about my infrastructure: 1x CCR, 2x HT/CAS (Totally 6 Exchange Servers)installed in a Windows Server 2008 enverinment in one site/subnet. 2000 clients connect most with MAPI and now would also like to connect with OAnywhere and EActiveSync. Thanks Norbert

I dont always set internal auth to windows integrated and external to basic. that is just something that is common. Internal URL would often be the FQDN of your CAS server, or if you have a LoadBalancer it would be the virtual IP.that loadbalancer uses. set the auth to both basic and windows.... remember that this is HTTPS and that the URL that clients use must match the name in the certificate used on CAS. so if you have bought a cert with mail.externaldomainname.com you set the url to the same name and make sure that clients can resolve that name to your CAS server IP. test this with outlook 2007, hold down CTRL and right clickoutlook icon on the taskbar, select 'Test E-mail autoconfig'. you can then see if outlook pick upp the right URL and if outlook can actually communicate with the autodiscover webservice. iis logs can also reveal som info. If outlook cannot reach a DC it will try the hardcoded URL like https://smtpdomain.com/autodiscover... https://autodoscover.smtpdomain.com/autodisocover.. also make sure that certificate match this URL. thats why its often needed to have SAN cert to make this work better. depending on your environment perhaps you can use this script http://exchangeninjas.com/set-allvdirs

Hi and thanks again for your reply I will buy a SAN Certificate, this makes it much easier ;-) This means, I will have to include the internal names of ALL Client Access Servers (QFDN and NetBIOS), right? I will then set the value https:\\servername for -internal and the official name for the external url. This is now clear thanks. What I still not understand, do I've to configure "Set-ClientAccessServer -AutoDiscoverServiceInternalUri" and "Set-AutoDiscoverVirtualDirectory", or do both the same? Thanks! Norbert

include all names/urls that clients will use to connect to CAS with. that is often ickl. all names,NETbios and internal FQDN. Yes, set both internal and externalurl.internal is probably best to se to internalFQDN (if you dont have a load balancer in front) and the externalurl to the url used from Internet. dont forget to add /autodiscover/autodiscover.xml at the of the url's