Link to home
Start Free TrialLog in
Avatar of SSAN_NH
SSAN_NH

asked on

Problems with external OWA and the autodiscovery for outlook clients

Hi

I would appreciate some help with resolving a few problems.  I will go through what i think is needed and would appreciate if you could let me know if I'm on the right track.

Basically we have been using active office for emails and have decided to migrate the operation to hosted exchange 2010 servers.  The set up is as follows we have a mail store server ----> CAS/HUB -----> (DMZ) edge transport server.

I have migrated myself over and am able to send and receive without problems both internally and externally.

When i was setting up my outlook client it auto discovered to CAS01.domain.local however this only connects if i have a persistent route on the local machine which i want to avoid as this will then use our MPLS connection and i would rather the email traffic be routed over the net.  Am i right in thinking i will need to get a certificate that has autodiscover.domain.com with the name space being directed at the edge transport servers external IP which should in turn route it to the CAS? (for the routing to and from the edge server does edge sync need to be activated?)  As i already have the connectors set up.

So basically to configure the outlook clients to connect over the internet is the above steps correct?

Secondly regarding the OWA set up i have the internal URL configured to https://CAS01.domain.local and internally this is working fine.  However when i am trying to connect to the external URL of https://mail.domain.com it does not connect and times out.  The namespace is pointing to the external IP of the edge server.  However when i try the external URL from the edge transport server it connects, so i assume that the port 443 is not open and https traffic is not being redirected to CAS.  I have asked the hosting company to check their firewall settings.  Do you think this would be the cause?

Many thanks in advance
Avatar of James
James
Flag of Ireland image

On both senarios this would be correct. You do need a SSL Cert with the SPN names for Autodiscover etc. With regard to the hosting company this would appear to be a firewall issue. They may well need to redirect port 443.
You will need to purchase a SSL Cert that will support multiple SPN - Server Principal Names. As far as I know Thawte SSL Certs support multiple SPN names. You can verify this on their website. Also, I have provided a link with some interesting information regarding this. This applys to Exchange 2007, but there is not much variation of the Autodiscovery service in Exchange 2010.

http://busbar.blogspot.com/2008/03/autodiscovery-and-commercial.html
Avatar of SSAN_NH
SSAN_NH

ASKER

Hi JBond

Thanks for the replies.  

Is there anyway of using a self signed certificate for testing purposes?

I was thinking that i would need a Subject Address Name SSL cert for the multiple names.  Is it a SPN or SAN that is required for the autodiscovery, legacy etc?

ASKER CERTIFIED SOLUTION
Avatar of James
James
Flag of Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of SSAN_NH

ASKER

Thanks, that's a great link
Your welcome:)
Avatar of SSAN_NH

ASKER

One final query as it does not mention in the article.  

For the name spaces do i point them at the external IP of the Edge transport server and have the firewall just redirect the requests to the internal IP of the Client access server?
Yes, this should work fine.