[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Problems with external OWA and the autodiscovery for outlook clients

Posted on 2011-05-01
8
Medium Priority
?
881 Views
Last Modified: 2012-05-11
Hi

I would appreciate some help with resolving a few problems.  I will go through what i think is needed and would appreciate if you could let me know if I'm on the right track.

Basically we have been using active office for emails and have decided to migrate the operation to hosted exchange 2010 servers.  The set up is as follows we have a mail store server ----> CAS/HUB -----> (DMZ) edge transport server.

I have migrated myself over and am able to send and receive without problems both internally and externally.

When i was setting up my outlook client it auto discovered to CAS01.domain.local however this only connects if i have a persistent route on the local machine which i want to avoid as this will then use our MPLS connection and i would rather the email traffic be routed over the net.  Am i right in thinking i will need to get a certificate that has autodiscover.domain.com with the name space being directed at the edge transport servers external IP which should in turn route it to the CAS? (for the routing to and from the edge server does edge sync need to be activated?)  As i already have the connectors set up.

So basically to configure the outlook clients to connect over the internet is the above steps correct?

Secondly regarding the OWA set up i have the internal URL configured to https://CAS01.domain.local and internally this is working fine.  However when i am trying to connect to the external URL of https://mail.domain.com it does not connect and times out.  The namespace is pointing to the external IP of the edge server.  However when i try the external URL from the edge transport server it connects, so i assume that the port 443 is not open and https traffic is not being redirected to CAS.  I have asked the hosting company to check their firewall settings.  Do you think this would be the cause?

Many thanks in advance
0
Comment
Question by:SSAN_NH
  • 5
  • 3
8 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 35500129
On both senarios this would be correct. You do need a SSL Cert with the SPN names for Autodiscover etc. With regard to the hosting company this would appear to be a firewall issue. They may well need to redirect port 443.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 35500148
You will need to purchase a SSL Cert that will support multiple SPN - Server Principal Names. As far as I know Thawte SSL Certs support multiple SPN names. You can verify this on their website. Also, I have provided a link with some interesting information regarding this. This applys to Exchange 2007, but there is not much variation of the Autodiscovery service in Exchange 2010.

http://busbar.blogspot.com/2008/03/autodiscovery-and-commercial.html
0
 

Author Comment

by:SSAN_NH
ID: 35500202
Hi JBond

Thanks for the replies.  

Is there anyway of using a self signed certificate for testing purposes?

I was thinking that i would need a Subject Address Name SSL cert for the multiple names.  Is it a SPN or SAN that is required for the autodiscovery, legacy etc?

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 15

Accepted Solution

by:
JBond2010 earned 2000 total points
ID: 35500222
You would be using a SAN Certificate. Refer to the link below and this will guide in the right direction.

http://blogs.catapultsystems.com/IT/archive/2010/02/17/exchange-2010-part-2-of-4-%E2%80%93-understanding-the-new-uc-san-certificate-requirement.aspx
0
 

Author Comment

by:SSAN_NH
ID: 35500250
Thanks, that's a great link
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 35500257
Your welcome:)
0
 

Author Comment

by:SSAN_NH
ID: 35500274
One final query as it does not mention in the article.  

For the name spaces do i point them at the external IP of the Edge transport server and have the firewall just redirect the requests to the internal IP of the Client access server?
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 35500281
Yes, this should work fine.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question