Webcc
asked on
Outlook Anywhere for internal users
It appears that Outlook Anywhere is an all or nothing proposition. Internal clients are connecting to automatically to OA and cannot be turned off just internally. Want them to have access externally. Internally we are getting Cert errors because we only have a cert for mail.domain.com. Is the best solution to purchase another cert for "servername.domain.local" and adding autodiscover to it as well? Let me know if there are any other workarounds.
Tks.
Tks.
Can you not just disable RPC over HTTP? This will stop the cert windows displaying, and still give external access to OWA.
Tools>Account Settings>Change>More Settings>Connection>Untick Outlook anywhere
Or enter the exchange proxy settings!
Luke
Tools>Account Settings>Change>More Settings>Connection>Untick
Or enter the exchange proxy settings!
Luke
ASKER
Albert, so after running the powershell cmd the entry in DNS would be:
mail.domain.com A 10.0.0.240
mail CNAME cfc01.domain.local (our exchange server)
Luke, don't want to disable OA because some users in the field want to use it.
What do you mean enter the exchange proxy settings?
mail.domain.com A 10.0.0.240
mail CNAME cfc01.domain.local (our exchange server)
Luke, don't want to disable OA because some users in the field want to use it.
What do you mean enter the exchange proxy settings?
You can't purchase servername.domain.local.
You need to buy a SAN certificate with webmail.domain.com and autodiscover.domain.com.
Also you need to setup split DNS
You need to buy a SAN certificate with webmail.domain.com and autodiscover.domain.com.
Also you need to setup split DNS
ASKER
How do I setup split DNS?
Below link would guide you how to setup the split DNS.Also in the exchange webapp configuration you need to point both the internal and external URl's to webmail.domain.com
http://exchange.sembee.info/network/split-dns.asp
http://exchange.sembee.info/network/split-dns.asp
Not crate a zone mail.domain.com instead of domain.com
Then create a host a without name.
In a 10.0.0.240
If you do that the rest of domain.com will not have to be recreated www.domain.com etc
Then create a host a without name.
In a 10.0.0.240
If you do that the rest of domain.com will not have to be recreated www.domain.com etc
yoy have to put the public name , the case is that you say with the same name the internal connection and the external conection , so the certificate is the same and you use a special internal dns to force all internal users to access to the internal ip , my external server is remote.mydomain.com here is the example that how i do
Dibujo.jpg
Dibujo.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Exchange 2010.
If I deselect RPC over HTTPS in Outlook it just enables it again. Shouldn't internal users be just connecting through unencapsulated RPC?
Setup Split DNS and changed all internal WEB services to external address per "http://semb.ee/hostnames" document.
Have an SSL Cert for "mail.domain.com", do I need another at least for "autodiscover.domain.com"?
Thks
If I deselect RPC over HTTPS in Outlook it just enables it again. Shouldn't internal users be just connecting through unencapsulated RPC?
Setup Split DNS and changed all internal WEB services to external address per "http://semb.ee/hostnames" document.
Have an SSL Cert for "mail.domain.com", do I need another at least for "autodiscover.domain.com"?
Thks
Outlook Anywhere enabled in Outlook doesn't mean they are using it. If you have Outlook Anywhere enabled then all clients will have that configuration pushed out to them.
Hold down CTRL while you right click on the Outlook icon in the system tray. Choose Connection Status. If it says HTTP, then Outlook Anywhere is being used.
Also you cannot have two SSL certificates on the same web site. If you don't have a UCC type certificate then you either need to change the certificate or implement SRV records for Autodiscover.
Simon.
Hold down CTRL while you right click on the Outlook icon in the system tray. Choose Connection Status. If it says HTTP, then Outlook Anywhere is being used.
Also you cannot have two SSL certificates on the same web site. If you don't have a UCC type certificate then you either need to change the certificate or implement SRV records for Autodiscover.
Simon.
ASKER
Yes that's what I found out about Outlook Anywhere.
So, I cannot add another certificate just for Autodiscover? How do you implement SRV records for Autodiscover.
So, I cannot add another certificate just for Autodiscover? How do you implement SRV records for Autodiscover.
SRV records for Autodiscover: http://semb.ee/srv
Although if your external DNS provider doesn't support them you will have to change the SSL certificate.
Simon.
Although if your external DNS provider doesn't support them you will have to change the SSL certificate.
Simon.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Fiesta purchase a certificate that have two ñames original and .local
The other way is to change internal server access with
Get-MailboxDatabase | Set-MailboxDatabase -RPCClientAccessServer “fqdn.Publicname.com"
That menas that the server internally will try to access outlook internally with the fandango.publicname.com
Then you add a dns entre on dns domain controllers that points to the internal ip
The result is that outlook tríes to access the fqdn And resolved the internal ip ,then conects and the certificate matches the name is using, so no moré warnings appear