Solved

Internal/External URL difference and how they're used

Posted on 2008-10-08
17
2,385 Views
Last Modified: 2012-05-05
Hey there fellow EE experts! OK...for all the knowledge I've gained on Exchg 2K7, the whole certificate/URL (Internal & External) thing confuses me. Can someone please explain the Internal/External URL areas in Exchange?... how they are used, the difference, how they pertain to DNS (if at all)...just whatever, or direct me to somewhere that explains them in greater detail.

I've read many, many posts (here are a few: http://www.sembee.co.uk/archive/2008/05/30/78.aspx; http://msexchangeteam.com/archive/2007/02/19/435472.aspx; http://msexchangeteam.com/archive/2007/07/02/445698.aspx; & http://technet.microsoft.com/en-us/library/bb851505.aspx#UnderstandingCertAttributes...most of which deal with certificates), but nothing really pertaining to the Internal/External URL stuff. I know after all the support I've given on here and administering Exchg here myself I should know about this, but I dont and am seeking "the best of the best" out there from you guys/gals. :)

Thanks in advance.
~coolsport00
0
Comment
Question by:coolsport00
  • 8
  • 6
  • 2
17 Comments
 
LVL 9

Expert Comment

by:Housammuhanna
Comment Utility
I can not see any problem
ExternalURL is the URL that the User from the internet will use to access your server like when you are using OWA Published over ISA as an Example
and internalURL is the link that the internal user with the local netwrork will use to connect to your exchange server
 
0
 
LVL 26

Expert Comment

by:jar3817
Comment Utility
do yourself (and your users) a favor don't use different urls for internal vs external, it'll just confuse people. The big deal with certificates and urls is simply that an ssl cert has a common name field that lists the url, so if you go to an ssl site with a different url (like leaving off the www) you'll get a cert error in the browser, but it'll still work.

Just pick a name for your owa, like webmail.domain.com or owa.domain.com and publish it in your external and internal dns (to the correct IPs respectively of course) and tell everyone to use that url no matter where they are.
0
 
LVL 40

Author Comment

by:coolsport00
Comment Utility
Looking for much more detail 'housammuhanna'...I figured that out (not at all meaning to sound condescending there 'housammuhanna'). What I'm wanting is a better explanation of the difference (gosh, this is hard to explain!). And jar3817, so, theoretically, I can access let's say OWA internally with a different URL than externally from home? Part of the confusion for me is how I have our Exchg server set up. I have configured it to have the same URL for everything..OWA and Mobile Access, & internal OWA access if desired. (I've set up an internal DNS record to point to my server's host name [servername.mydomain.org] with the internal/external name I have configured, which is webmail.mydomain.org), if that makes sense; so, that being said, I haven't really 'learned' what the difference is between the 2 URLs. Why on earth did MS even come up with such a thing? I assume for security?....goodness!
0
 
LVL 26

Expert Comment

by:jar3817
Comment Utility
The url makes no difference whats so ever (this isn't an MS thing). Basically your server will answer for ANY url as long as the client can resolve that domain name to the IP of your server.

For example:
Lets say your exchange server has IP 10.1.1.1 and an active directory name of 'exch01' in the active directory domain 'domain.yourcompany.org'. Lets also assume you created separate dns entries externally and internally for 'webmail.company.org' that point to your external and internal ips respectively.

As long as the client can get the ip 10.1.1.1, it'll be able to connect to owa.

http://10.1.1.1/owa (internally)
http://exch01/owa (internally)
http://exch01.domain.yourcompany.org/owa (internally)
http://webmail.company.org/owa (anywhere)

Does that make any sense? As long as the client can resolve the correct IP, it'll work. So if you use the same name internally and externally it'll work anywhere.
0
 
LVL 40

Author Comment

by:coolsport00
Comment Utility
Hmm...well, yeah, it makes sense that no matter what URL is specified in those areas of Exchg (OWA, POP, Autodiscover, etc) that as long as my DNS is setup properly, clients (API or Mobile) will connect. But, if that's true, then why even have those areas in the properties of those services? Why does it matter...or does it? Is it just for SSL cert reasons? (thus, why one gets the cert warning when opening Outl 2K7 if the cert name doesn't match the host name) Thanks for walking me through this jar3817. :)
0
 
LVL 26

Expert Comment

by:jar3817
Comment Utility
Why does it matter? It really doesn't, MOST of the time. You can do something called name-based virtual hosting where you specify host headers (the domain name in the url) and map them to specific web apps (forgive me if my lingo is off, I'm a Linux Apache guy, not a windows IIS guy). So you technically can have webmail.company.org on that server map to the exchange application, and have a different subdomain like crm.company.org map to some other app like a customer relations management package on the same server. But since we're talking about exchange here, you don't want to run any other applications on an exchange server, so it doesn't really apply.

a little clearer?
0
 
LVL 40

Author Comment

by:coolsport00
Comment Utility
Hahahahah...actually, no...I think you made it worse :)  I know in the properties of IIS and ISA you can do URL redirection; is that what you're referring to? (we have 1 Exchg server and then use ISA virtually as our "Edge" server).
0
 
LVL 26

Expert Comment

by:jar3817
Comment Utility
I'm not really talking about url redirection, but virtual hosting. This page has pictures:

http://www.simpledns.com/kb.aspx?kbid=1149

You can have multiple "websites" on the same server and you can assign a particular host header (domain name) for each, so that "website" will only be accessed through that particular host header. Be default all host headers (any domain name) will access all the sites.

Don't get confused, by default (at least with exchange 2003) all the owa and oma sites are located under the default website container in IIS, so any host header will access them.
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 40

Author Comment

by:coolsport00
Comment Utility
OK...I guess I understand that, but really, I just want info for the External/Internal URL setting in those EM Console services. I think we went waaayyyy off tangent there.
0
 
LVL 9

Expert Comment

by:Housammuhanna
Comment Utility

In Exchange 2007 Several things have Internal URL and External URL
like AutoDiscover - OWA  - OAB - Recive Connector
listen, lets say that you have a network doamin.local
and you need to setup a certificate with Single Subject name, and your external site is domain.com
You will need to configure the External URL with Domain.com and the internalURL with domain.local so Exchange can understand to which is internal and which is external,
so when exchange have an incomming traffic from domain.com, its will respone with the external URL config you have in your Exchange
http://www.amset.info/exchange/singlenamessl.asp
I understand that you will need to configure your Exchange with UC or SAN Cert. but this may have more info about what you are looking for
and what about DNS Setting and as I told you that your internal network is domain.local were your external network us domain.com, so when users try to connect from internal network they will have a problem regarding to certificate,
you will need to split your DNS and have another ZONE named as Domain.com with the HOST A that point to your server and your client will use the Name that is placed on the Certificate,( Which match the external name) to connect to your exchange with no problem
I hope the info was clear, and you had what you are looking for
 
0
 
LVL 40

Author Comment

by:coolsport00
Comment Utility
Sorry Housammuhanna...it really wasn't too clear. I have a single Exchg srvr setup, with ISA 2K6 in my DMZ acting as our "Edge", and do NOT have a split DNS. I don't really understand split DNS really either (even though I read a bit on that on Simon's [aka Sembee] site), nor the need to have one. Again, I'm not a complete idiot :) I understand a great deal about Exchg obviously...I support it here on EE; but there are just some things that I don't understand, like the whole Internal/External URL thing and their exact purpose. I'm not sure if you can explain further in an easier way or not. Maybe you've shared it the best you can...I don't know. Any further insight is certainly welcomed. Thanks for your input thus far. Maybe I'm thinking too much about it? :)
0
 
LVL 40

Author Comment

by:coolsport00
Comment Utility
Not "DID" get what I was looking for, but "did NOT"...sorry. My keyboard is messing up on me. :(
0
 
LVL 26

Expert Comment

by:jar3817
Comment Utility
I answered his question in two separate posts. Poster either doesn't know what he is asking or wants to hear something that he didn't. Either way we answered his posted question and deserve the points.
0
 
LVL 40

Author Comment

by:coolsport00
Comment Utility
No...u didn't answer it; I know what the WORDS "internal" and "external" mean explicitly. And, I knew as much as what "Housammuhanna" explained in the 1st post to this question, but that isn't EXPLAINING how they are USED; UNLESS...it is as simple as them both (internal & external) using the URLs that are associated with a UCC SSL cert. If that is the case, then you should've explicitly stated so. (as well as "Housammuhanna")...but neither did; you went off on this tangent about IIS and virtual hosting and I didn't care about any of that...I just wanted to simply know what and/or how internal and external URLs (THE SETTINGS/PROPERTIES WITHIN EXCHANGE) are used (for OWA, OAB, ActiveSync, etc.). I can't explain what I want any easier than that.

In re-reading over my initial question, I can understand how you might have gotten confused because I ran everything together. This is the question I want answered: In the Exchange EMC, there are settings (properties) for OWA, OAB, A/S, etc that you can set an Internal URL for and an External URL for. Now, aside from the obvious (internal is used within a domain/org and external is 'internet-based'), how are they used? In other words, do certain apps (say Outlook) look at the "internal URL" setting in one of those areas and say a request made from the outside looks at the 'external URL' setting in one of those areas? Does that make sense? Do I need to explain further? As I mentioned at the end of my last post to "Housammuhanna", I may be overthinking this, which isn't the 1st time that's happened, and certainly won't be the last. :)

Thanks in advance!
0
 
LVL 26

Expert Comment

by:jar3817
Comment Utility
"I just wanted to simply know what and/or how internal and external URLs (THE SETTINGS/PROPERTIES WITHIN EXCHANGE) are used (for OWA, OAB, ActiveSync, etc.). I can't explain what I want any easier than that."

You're absolutely right. However that is not the question you asked originally. Your original question was about urls with certificates, which was answered.
0
 
LVL 40

Accepted Solution

by:
coolsport00 earned 0 total points
Comment Utility
Actually, that isn't what my original question was about (see orig post -> "please explain the Internal/External URL areas in Exchange"), but the 1st half of my 1st sentence ("the whole certificate/URL [Internal & External] thing confuses me") does lead one to believe that is what I was wanting. Again, what I was wanting was after the "PLEASE EXPLAIN..." part. We as experts need to make sure we read questions carefully and, if need be, ask for more info to make sure what the poster is asking/wanting. (and I have done the whole misread/assumption thing before on here too)

The 2nd part of my question where I list the links I've looked at, I stated that those links deal with SSL certs but that was not what I was wanting, but instead the Internal/External URL settings in Exchg. I was only stating what those links were about, and that they had nothing to do with the actual question I was wanting answered ("please explain the Internal/External URL areas in Exchange"). If you answered my question based off that, then you didn't fully read my question. Now..a couple things here - first, I have absolutely no problems/quorems giving points...it's no big deal to me, but I feel you and "Housammuhanna"  didn't answer what I was wanting. Second...I do understand if my question was a bit confusing and thus frustrating for you and "Housammuhanna", but I did try to re-explain what I wanted. If anything, "Housammuhanna" came the closest to what I was wanting. And, to prove my point further about the URL and Cert thing you keep coming back to, "Housammuhanna" at least got the idea that I wasn't asking about info regarding URLs & Certs and provided answers that didn't refer to those things. So, my question was at least a little clear to him.
0

Featured Post

Want to promote your upcoming event?

Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

5 Experts available now in Live!

Get 1:1 Help Now