I have an exchange 2010 on server 2008 R2 I need to reconfigure Exchange 2010 to use FQDN so I can get rid of the popup that says my xyz.loc is not valid

I have the new certificate installed and it seems fine send and receive mail outside the local network everything seems ok also it is just inside where I get the popup that tells me my xyz.loc is not trusted.

If I can at least get pointed to the right direction that would be great some said self signed certificate but Im thinking exchange uses only one certificate. I have heard split dns so internal sees the external FQDN and directs it to the inside ip

when I came across this I was thinking this would work but when I got to thinking about it my internal owa.xyz.org does not resolve internally so it couldn't work am sure I am overlooking something and I want to get it figured out before I make any changes so it works right aqway

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

EMC > Server Configuration > Client Access > OWA tab > OWA > Properties > 

Change Internal URL from .local/owa to com/owa

EPC tab > EPC > Properties >

Change Internal URL from .local/epc to com/epc

Exchange ActiveSync tab > Microsoft-Server-ActiveSync > Properties >

Change Internal URL from .local/Microsoft-Server-ActiveSync to .com/Microsoft-Server-ActiveSync

Recycled MSExchangeAutodiscoverAppPool and restart Outlook.

/////////////////////////////////////////////////////////////////////////////////////

Hi John,

Exchange allows you to configure both an internl and external URL for Exchange Client Access Servers, including OWA, ActiveSync, Outlook Anywhere and etc. It is up to you if you want to use .local for internal use and .com for external use. But it is a best-pratice to keep it consistent. By that I mean the following:

• Make sure you have split-DNS configured. By hosting an internal DNZ zone for youcompany.com.
• Create internal DNS-records for <hostname>.yourdomain.com that point to your internal Exchange Client Access Services.
• Make sure your Exchange Client Access Servers have a valid SSL multiple-domain certificate that includes all the hostnames of the DNS-records you created.
• Within Exchange link the SSL certificate to the right Exchange service.
• Configure the internal and external URL's with the same hostnames (e.g. owa.yourdomain.com).

Exchange Autodscover will then point you always to the same URL. But as you mentioned you have to have split-DNS (or a Proxy Server).

As you may understand, it's quite a lot to explain everything in detail. But this information should help you get into the right direction. Hope this information is informative t

Can you run Get-OutlookProvider?

Also run Get-ClientAccessServer | FL Identity, *Autodiscover*

and

Get-OutlookAnywhere | fl servername, *hostname*

Thanks for the help it is appreciated

[PS] C:\Users\admin\Desktop>Get-OutlookProvider

Name                          Server                        CertPrincipalName             TTL
----                          ------                        -----------------             ---
EXCH                                                                                      1
EXPR                                                                                      1
WEB                                                                                       1


[PS] C:\Users\admin\Desktop>Get-ClientAccessServer | FL Identity, *Autodiscover*


Identity                       : AB-EXCH
AutoDiscoverServiceCN          : ab-exch
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://ab-exch.XYZ.loc/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site-Name}



[PS] C:\Users\admin\Desktop>Get-OutlookAnywhere | fl servername, *hostname*


ServerName       : ab-EXCH
ExternalHostname : owa.XYZ.org

perfect. The autodiscoverinternaluri is the issue here.

Does owa.xyz.org resolve to an internal address internally?

If not, create a DNS Zone for owa.xyz.org with just an A record pointing to the exchange server.

Once you do that you can run:

Get-ClientAccessServer | Set-ClientAcessServer -AutodiscoverServiceUri https://owa.xyz.org/Autodiscover/Autodiscover.xml

 Give IIS a recycle and that should take care of it.

Make sure you have split-DNS configured. By hosting an internal DNZ zone for youcompany.com

I made a new zone xyz.org with an a record for owa.xyz.org and now the owa.xyz.org resolves to the internal address but the xyz.org does not resolve to the external address

I'm thinking the zone should of been just .org or maybe a stub zone honestly I'm not sure? As soon as I get the DNS configured I can move on the the exchange external address matching the internal and it should be good.

Thanks for the help

Make sure you have split-DNS configured. By hosting an internal DNZ zone for youcompany.com

I made a new zone xyz.org with an a record for owa.xyz.org and now the owa.xyz.org resolves to the internal address but the xyz.org does not resolve to the external address

I'm thinking the zone should of been just .org or maybe a stub zone honestly I'm not sure? As soon as I get the DNS configured I can move on the the exchange external address matching the internal and it should be good.

Thanks for the

Thanks for your help I am getting an error when I try to run this command

Get-ClientAccessServer | Set-ClientAcessServer -AutodiscoverServiceUri https://owa.123.org/Autodiscover/Autodiscover.xml

[PS] C:\Windows\system32>Get-ClientAccessServer | Set-ClientAcessServer -AutodiscoverServiceUri https://owa.123.org/Autodiscover/Autodiscover.xml
The term 'Set-ClientAcessServer' is not recognized as the name of a cmdlet, function, script file, or operable program.
 Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:47
+ Get-ClientAccessServer | Set-ClientAcessServer <<<<  -AutodiscoverServiceUri https://owa.123.org/Autodiscover/Autodi
scover.xml

    + CategoryInfo          : ObjectNotFound: (Set-ClientAcessServer:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

[PS] C:\Windows\system32>

I ran this command successfully

Set-ClientAccessServer AutodiscoverServiceInternalUrl -identity 123-exch
https://owa.123.org/autodiscover/autodiscover.xml

This AutoDiscoverServiceCN seems to be pointing to my .loc

Now when I run this

Get-ClientAccessServer | FL Identity, *Autodiscover*

I get this
Identity                       : 123-EXCH
AutoDiscoverServiceCN          : 123-exch
AutoDiscoverServiceClassName   : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri : https://owa.123.org/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid        : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope          : {Default-First-Site-Name}

Thanks in advance when I get it I will mark the answer so to help others I keep looking at it not wanting to ask thanks again