?
Solved

Internal/External URL difference and how they're used

Posted on 2008-10-08
17
Medium Priority
?
4,073 Views
Last Modified: 2012-05-05
Hey there fellow EE experts! OK...for all the knowledge I've gained on Exchg 2K7, the whole certificate/URL (Internal & External) thing confuses me. Can someone please explain the Internal/External URL areas in Exchange?... how they are used, the difference, how they pertain to DNS (if at all)...just whatever, or direct me to somewhere that explains them in greater detail.

I've read many, many posts (here are a few: http://www.sembee.co.uk/archive/2008/05/30/78.aspx; http://msexchangeteam.com/archive/2007/02/19/435472.aspx; http://msexchangeteam.com/archive/2007/07/02/445698.aspx; & http://technet.microsoft.com/en-us/library/bb851505.aspx#UnderstandingCertAttributes...most of which deal with certificates), but nothing really pertaining to the Internal/External URL stuff. I know after all the support I've given on here and administering Exchg here myself I should know about this, but I dont and am seeking "the best of the best" out there from you guys/gals. :)

Thanks in advance.
~coolsport00
0
Comment
Question by:coolsport00
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 2
17 Comments
 
LVL 9

Expert Comment

by:Housammuhanna
ID: 22668683
I can not see any problem
ExternalURL is the URL that the User from the internet will use to access your server like when you are using OWA Published over ISA as an Example
and internalURL is the link that the internal user with the local netwrork will use to connect to your exchange server
 
0
 
LVL 26

Expert Comment

by:jar3817
ID: 22668739
do yourself (and your users) a favor don't use different urls for internal vs external, it'll just confuse people. The big deal with certificates and urls is simply that an ssl cert has a common name field that lists the url, so if you go to an ssl site with a different url (like leaving off the www) you'll get a cert error in the browser, but it'll still work.

Just pick a name for your owa, like webmail.domain.com or owa.domain.com and publish it in your external and internal dns (to the correct IPs respectively of course) and tell everyone to use that url no matter where they are.
0
 
LVL 40

Author Comment

by:coolsport00
ID: 22668788
Looking for much more detail 'housammuhanna'...I figured that out (not at all meaning to sound condescending there 'housammuhanna'). What I'm wanting is a better explanation of the difference (gosh, this is hard to explain!). And jar3817, so, theoretically, I can access let's say OWA internally with a different URL than externally from home? Part of the confusion for me is how I have our Exchg server set up. I have configured it to have the same URL for everything..OWA and Mobile Access, & internal OWA access if desired. (I've set up an internal DNS record to point to my server's host name [servername.mydomain.org] with the internal/external name I have configured, which is webmail.mydomain.org), if that makes sense; so, that being said, I haven't really 'learned' what the difference is between the 2 URLs. Why on earth did MS even come up with such a thing? I assume for security?....goodness!
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 
LVL 26

Expert Comment

by:jar3817
ID: 22668875
The url makes no difference whats so ever (this isn't an MS thing). Basically your server will answer for ANY url as long as the client can resolve that domain name to the IP of your server.

For example:
Lets say your exchange server has IP 10.1.1.1 and an active directory name of 'exch01' in the active directory domain 'domain.yourcompany.org'. Lets also assume you created separate dns entries externally and internally for 'webmail.company.org' that point to your external and internal ips respectively.

As long as the client can get the ip 10.1.1.1, it'll be able to connect to owa.

http://10.1.1.1/owa (internally)
http://exch01/owa (internally)
http://exch01.domain.yourcompany.org/owa (internally)
http://webmail.company.org/owa (anywhere)

Does that make any sense? As long as the client can resolve the correct IP, it'll work. So if you use the same name internally and externally it'll work anywhere.
0
 
LVL 40

Author Comment

by:coolsport00
ID: 22669086
Hmm...well, yeah, it makes sense that no matter what URL is specified in those areas of Exchg (OWA, POP, Autodiscover, etc) that as long as my DNS is setup properly, clients (API or Mobile) will connect. But, if that's true, then why even have those areas in the properties of those services? Why does it matter...or does it? Is it just for SSL cert reasons? (thus, why one gets the cert warning when opening Outl 2K7 if the cert name doesn't match the host name) Thanks for walking me through this jar3817. :)
0
 
LVL 26

Expert Comment

by:jar3817
ID: 22669137
Why does it matter? It really doesn't, MOST of the time. You can do something called name-based virtual hosting where you specify host headers (the domain name in the url) and map them to specific web apps (forgive me if my lingo is off, I'm a Linux Apache guy, not a windows IIS guy). So you technically can have webmail.company.org on that server map to the exchange application, and have a different subdomain like crm.company.org map to some other app like a customer relations management package on the same server. But since we're talking about exchange here, you don't want to run any other applications on an exchange server, so it doesn't really apply.

a little clearer?
0
 
LVL 40

Author Comment

by:coolsport00
ID: 22669171
Hahahahah...actually, no...I think you made it worse :)  I know in the properties of IIS and ISA you can do URL redirection; is that what you're referring to? (we have 1 Exchg server and then use ISA virtually as our "Edge" server).
0
 
LVL 26

Expert Comment

by:jar3817
ID: 22669646
I'm not really talking about url redirection, but virtual hosting. This page has pictures:

http://www.simpledns.com/kb.aspx?kbid=1149

You can have multiple "websites" on the same server and you can assign a particular host header (domain name) for each, so that "website" will only be accessed through that particular host header. Be default all host headers (any domain name) will access all the sites.

Don't get confused, by default (at least with exchange 2003) all the owa and oma sites are located under the default website container in IIS, so any host header will access them.
0
 
LVL 40

Author Comment

by:coolsport00
ID: 22669705
OK...I guess I understand that, but really, I just want info for the External/Internal URL setting in those EM Console services. I think we went waaayyyy off tangent there.
0
 
LVL 9

Expert Comment

by:Housammuhanna
ID: 22685124

In Exchange 2007 Several things have Internal URL and External URL
like AutoDiscover - OWA  - OAB - Recive Connector
listen, lets say that you have a network doamin.local
and you need to setup a certificate with Single Subject name, and your external site is domain.com
You will need to configure the External URL with Domain.com and the internalURL with domain.local so Exchange can understand to which is internal and which is external,
so when exchange have an incomming traffic from domain.com, its will respone with the external URL config you have in your Exchange
http://www.amset.info/exchange/singlenamessl.asp
I understand that you will need to configure your Exchange with UC or SAN Cert. but this may have more info about what you are looking for
and what about DNS Setting and as I told you that your internal network is domain.local were your external network us domain.com, so when users try to connect from internal network they will have a problem regarding to certificate,
you will need to split your DNS and have another ZONE named as Domain.com with the HOST A that point to your server and your client will use the Name that is placed on the Certificate,( Which match the external name) to connect to your exchange with no problem
I hope the info was clear, and you had what you are looking for
 
0
 
LVL 40

Author Comment

by:coolsport00
ID: 22711210
Sorry Housammuhanna...it really wasn't too clear. I have a single Exchg srvr setup, with ISA 2K6 in my DMZ acting as our "Edge", and do NOT have a split DNS. I don't really understand split DNS really either (even though I read a bit on that on Simon's [aka Sembee] site), nor the need to have one. Again, I'm not a complete idiot :) I understand a great deal about Exchg obviously...I support it here on EE; but there are just some things that I don't understand, like the whole Internal/External URL thing and their exact purpose. I'm not sure if you can explain further in an easier way or not. Maybe you've shared it the best you can...I don't know. Any further insight is certainly welcomed. Thanks for your input thus far. Maybe I'm thinking too much about it? :)
0
 
LVL 40

Author Comment

by:coolsport00
ID: 22735172
Not "DID" get what I was looking for, but "did NOT"...sorry. My keyboard is messing up on me. :(
0
 
LVL 26

Expert Comment

by:jar3817
ID: 22735822
I answered his question in two separate posts. Poster either doesn't know what he is asking or wants to hear something that he didn't. Either way we answered his posted question and deserve the points.
0
 
LVL 40

Author Comment

by:coolsport00
ID: 22736508
No...u didn't answer it; I know what the WORDS "internal" and "external" mean explicitly. And, I knew as much as what "Housammuhanna" explained in the 1st post to this question, but that isn't EXPLAINING how they are USED; UNLESS...it is as simple as them both (internal & external) using the URLs that are associated with a UCC SSL cert. If that is the case, then you should've explicitly stated so. (as well as "Housammuhanna")...but neither did; you went off on this tangent about IIS and virtual hosting and I didn't care about any of that...I just wanted to simply know what and/or how internal and external URLs (THE SETTINGS/PROPERTIES WITHIN EXCHANGE) are used (for OWA, OAB, ActiveSync, etc.). I can't explain what I want any easier than that.

In re-reading over my initial question, I can understand how you might have gotten confused because I ran everything together. This is the question I want answered: In the Exchange EMC, there are settings (properties) for OWA, OAB, A/S, etc that you can set an Internal URL for and an External URL for. Now, aside from the obvious (internal is used within a domain/org and external is 'internet-based'), how are they used? In other words, do certain apps (say Outlook) look at the "internal URL" setting in one of those areas and say a request made from the outside looks at the 'external URL' setting in one of those areas? Does that make sense? Do I need to explain further? As I mentioned at the end of my last post to "Housammuhanna", I may be overthinking this, which isn't the 1st time that's happened, and certainly won't be the last. :)

Thanks in advance!
0
 
LVL 26

Expert Comment

by:jar3817
ID: 22740443
"I just wanted to simply know what and/or how internal and external URLs (THE SETTINGS/PROPERTIES WITHIN EXCHANGE) are used (for OWA, OAB, ActiveSync, etc.). I can't explain what I want any easier than that."

You're absolutely right. However that is not the question you asked originally. Your original question was about urls with certificates, which was answered.
0
 
LVL 40

Accepted Solution

by:
coolsport00 earned 0 total points
ID: 22740672
Actually, that isn't what my original question was about (see orig post -> "please explain the Internal/External URL areas in Exchange"), but the 1st half of my 1st sentence ("the whole certificate/URL [Internal & External] thing confuses me") does lead one to believe that is what I was wanting. Again, what I was wanting was after the "PLEASE EXPLAIN..." part. We as experts need to make sure we read questions carefully and, if need be, ask for more info to make sure what the poster is asking/wanting. (and I have done the whole misread/assumption thing before on here too)

The 2nd part of my question where I list the links I've looked at, I stated that those links deal with SSL certs but that was not what I was wanting, but instead the Internal/External URL settings in Exchg. I was only stating what those links were about, and that they had nothing to do with the actual question I was wanting answered ("please explain the Internal/External URL areas in Exchange"). If you answered my question based off that, then you didn't fully read my question. Now..a couple things here - first, I have absolutely no problems/quorems giving points...it's no big deal to me, but I feel you and "Housammuhanna"  didn't answer what I was wanting. Second...I do understand if my question was a bit confusing and thus frustrating for you and "Housammuhanna", but I did try to re-explain what I wanted. If anything, "Housammuhanna" came the closest to what I was wanting. And, to prove my point further about the URL and Cert thing you keep coming back to, "Housammuhanna" at least got the idea that I wasn't asking about info regarding URLs & Certs and provided answers that didn't refer to those things. So, my question was at least a little clear to him.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question