Exchange 2010 access for internal clients

I have installed Exchange 2010 within my environment, migrating from 2003.

Currently I changed my DNS so that OWA access goes through the TMG server, even from internally. However I am getting security alerts from Outlook since the the default settings have Outlook clients check into the 2010 server by its server name and the SSL does not match.

What I was thinking of doing was changing the settings via Powershell so that Outlook will look to the 2010 server by using the name on the SSL certificate, but when changing it, that means that the server will also have to serve OWA internally as well.

This means that I will need to create redirects for the default web page and means that there are two ways that OWA will be accessed depending on whether it is external or internal.

Is there a way to make it so that internal Outlook can access the 2010 server, but going through TMG so that I can keep the DNS the same and the OWA access path the same?
LVL 12
ryan80Asked:
Who is Participating?
 
Prashant ShrivastavaConsultantCommented:
You are correct.
0
 
Prashant ShrivastavaConsultantCommented:
Considering you are not using EV certificate but worth trying - easy path would be to add the external domain name and server public IP address is DNS server. When IP will match with DNS name then it will not show any error message.
0
 
ryan80Author Commented:
Currently I have the URL for OWA pointing to the IP for the TMG server both internally and externally. That URL is what is on the name of the SSL.

However, per http://support.microsoft.com/kb/940726 , it says that I should run those commands so that the published address matches the SSL name. However since my DNS points to the TMG server, I doubt that Outlook will then work. I am hoping there is a way that I can set this up so that I dont have to change the 2010 server with redirects.

If not I will just update the redirects, internal DNS, and run these powershell scripts, but I was hoping there was another way.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Prashant ShrivastavaConsultantCommented:
OK try updating the host file name with FQDN ( Fully qualified domain name - URL DOMAIN NAME) and public IP address and then try browsing.
0
 
ryan80Author Commented:
This isnt just for one computer, but a whole network of computers. I either have to allow Outlook to connect through the TMG server, which I am not sure can be done since RPC uses a wide range of ports, or I need to update the redirect on the 2010 server, which I can do but rather not.
0
 
Prashant ShrivastavaConsultantCommented:
unfortunately you need to take decision here how you will connect - I have used this in production environment where certificate name and internal domain names were different and we used public domain name in DNS server to make sure names and correspondent IP is same. I don't think you need to change any configuration here just treat this website from TMG server as an external.
0
 
ryan80Author Commented:
I know that I can put the corresponding name in the internal DNS to point to the correct internal IP, but what I am saying is that currently that name points to TMG which performs the http and root domain redirects.

Currently users connect with standard RPC and not Outlook anywhere, so I am not sure of the impact on the Outlook clients.
0
 
Prashant ShrivastavaConsultantCommented:
Hmm in that case our hands are tied. have you tired using the "external ip" instead?
0
 
ryan80Author Commented:
I tried changing the setting on the server for the autodiscover uri and leaving it pointed at the TMG server broke Outlook.
0
 
Prashant ShrivastavaConsultantCommented:
This is normal behaviour. you need to think how this looping issues can be isolated then. gist is if certificate name will match with dns name it will work. Sorry I may not be any better help than this.
0
 
ryan80Author Commented:
That is what I was thinking that internal Outlook would not pass through the TMG server. I would need to use Outlook Anywhere if i were to want to pass it through. I guess that I just need to configure the redirects on the Exchange server and point the services internally.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.