Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Exchange server 2013 - SSL certificate and rec connector questions

Posted on 2013-05-23
Medium Priority
Last Modified: 2013-06-05
Set up a new exchange 2013 server to replace a 2003 SBS / exchange server We have a small number of users so it is on one box.

Two issues:

Used the default self-sign cert and got local outlooks connect and web OWA, etc working (after installing the cert on th workstations(,

Purchaed new standard SSL cert (as I did for the old box) pointomg to . Works from outside the bulding, but busted in house outlook since local machine is known as EXCHANGE or EXCHANGE.localdomain - Name mismatch errors. Installing rhe ccert doesn't help. I even tried pointing the local outlooks at e.domain,com and that doesn't get far (fails check name). The RDP over HTTTs did me in :-(

What is he best way to fix this?

Second problem:

I need to allow SMTP mail in from a handful of IPs with auth NOT required (Postini), all others must authenticte to send. This was simple in ech 2003, but not as clear in 2013 with several defalt connectors.

Question by:dlwynne
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 2000 total points
ID: 39192550
You need to configure the server to use the same host names internally and externally.
That will require a split DNS system ( and then adjusting Exchange.

I don't have an Exchange 2013 version yet, but the 2010 article at is the same information, it is just in slightly different places in the GUI.


Author Comment

ID: 39192871
Thanks for the reply.

I had tried adding e.domain,com  and the local IP to my hosts file (which accomplishes the ssme thing) and that worked for browsing to OWA (no cert errors) but not for outlook. But now I think that it will work once I chnge intetnal URLs to be the external name, Now Get-ClientAccessServer returns EXCHANGE - the local name,

I did try to use e.domain,com - the public URL and the actual public server locally, but that didn;t work either - and I thought it should. Isn't that hoe outlook anywhere works? You ppoint at e.domain,com  from anyhere and sync up? Maybe I don't have anywhere configured?
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39194346
Outlook Anywhere is the only way that you can connect to Exchange 2013. You need to check the configuration of Outlook Anywhere for the internal and external URLs.
If your SSL certificate doesn't have the internal name on it, then setup a split DNS system so the external name resolves and change the URL.

If you run just get-clientaccessserver then it will return the server's real name. You have to adjust a property of that for Autodiscover to work correctly.


Author Comment

ID: 39202115
Any help for the receive connectors? It looks like it defaukts to 4 connectors on a single box install.

I need to allow SMTP on ports 25 and 587, SSL SMTP on port 465, POP3, and IMAp4.

Authentication is required for all connections except SMTP traffic from a list or range of addresses.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39209095
I haven't got my Exchange 2013 test server running at the moment.
I would suggest a new question, which will bring it to the attention of others.

Usually to restrict the traffic you would either create a new Receive Connector with the list of IP address/ranges, or adjust the Default Receive Connector (which listens on port 25). Enabling Anonymous will turn of authentication being required.

All other connectors will require authentication by default.


Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question