So I read this post by coolsport00 and it is a great question. There is a lot of autodiscover/CAS information out there about configuring internal/external URL's but it is NOT clear why there are two URLs to begin with. I have a few theories but am hoping to get someone like sembee or kieran_b to clear this up or point me to good material.
Question: What is the very basic reason for having internal and external URLs for Exchange 2007 web services?
Point 1: Let's say I have an MX record that points to "MAIL.CONTOSO.COM". I then configure my OWA external URL to be "MAIL.CONTOSO.COM" so that my users can connect outside of the domain. Why would I configure my internal URL to be anything different? If I only had one URL to configure, then the only other step would be to configure DNS internally to point to the correct IP. Therefore, one URL to configure making it much simpler.
Point 2: I could see this being used only if I didn't want my internal NETBIOS name published in my SAN SSL certificate. However ISA would have to be used.
I would deploy an enterprise CA internally and request a certificate for whatever I wanted my internal URL to be and import the certificate into the CA certificate snap-in. I would import it and then enable it. All domain users would trust the cert by default since they are domain members.
Then I would request a SAN certificate with autodiscover and external CN such as "MAIL.CONTOSO.COM". I would then import it into exchange as well. HOWEVER, I would NOT ENABLE it as this would overwrite the internal CA issued certificate. I would instead export it and import it into the ISA server. This works however it is a kludge and cannot be what MS intended the multiple URLs to be used for.
Thank in advance as this will be a long post im sure.