Web Server, Outlook Web Access, and SSL

Posted on 2013-10-27
Last Modified: 2013-10-28

This is my first time doing this so I want to make sure I do things right. Even though this is a site created for testing, it needs to be setup correctly and I want it to be setup like the industry standard.

I registered a domain and it has a static IP address. I setup three servers running Windows Server 2012. One is AD. The second one hosts IIS and a default web page. The third server is running Exchange 2013.

My firewall is setup to forward port 80 to the web server, and port 25 is forwarded to the Exchange 2013 server. Also, port 443 is forwarded to the Exchange Server.

I setup Exchange 2013 and it is working. I can send messages to the outside world. I can also receive messages from the Internet.

For now, I have to enter when I want to get to my default web page. I have to enter when I want to get to Outlook Web Access.

When I go to OWA, I am warned about my certificate.

My eventual goal for this test domain is that I want to be able to eventually connect to my Exchange 2013 server with Outlook 2013 using RPC over HTTPS, and I want this domain to be configured like and behave like what people usually do when they setup an IIS server for their web page and a separate server for their Exchange Server.

What is the next thing I need to do so that I can finalize this domain so that I can reach my goal of setting up Outlook with RPC over HTTPS? Is the next step an SSL certificate? Please advise.

Question by:jhieb

Accepted Solution

Satish Auti earned 167 total points
Comment Utility
Yes if you dont have any certificate then create it. or go for third party .
LVL 11

Assisted Solution

by:Sanjay Santoki
Sanjay Santoki earned 167 total points
Comment Utility

First of all you have to configure dummy autodiscover virtual directory on your web server which redirect to your exchange server when someone try with HTTP to HTTPS://owaURL. This will take care of autodiscovery.

As far as certificate warning is concerned; make sure that all the FQDNs used by Exchange service is added a subject alternative names. Also, You have to add local CA root certificate in trusted root certificate store on client computer in case you are using self-signed certificate.

Sanjay Santoki

Author Comment

Comment Utility
I am getting a bit confused by all the choices within the technical links. Even ExchangeGURU's links have different examples for the same thing. It is too bad there is not a step by step list of instructions on how to do everything I need to do.

Right now, I am struggling with getting the URL's situated. I am not that great with DNS so that doesn't help. I am setup like this:

My firewall is setup to forward port 80 to the web server, and port 25 is forwarded to the Exchange 2013 server. Also, port 443 is forwarded to the Exchange Server.

At my ISP, I have a three A records and they all point to the same IP address:


My Exchange server name is: ECTSRV01

Are there any other A records that I need to setup for Outlook Anywhere and/or for OWA?

Once the DNS settings are correct, is the next step to setup a certificate or the Configure URLS section of the technical notes? I think it is the configure URLS section. So, what should my URLs be for: ??

Servers/Outlook Anywhere

1. Specify the external host name such as that users will use to connect to your organization? =

2. Specify the internal host name such as that users will use to connect to your organization: =

3. Specify the authentication method for external clients to use when connecting to your organization: =

Servers/Virtual Directories
Should I change anything here?

LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 166 total points
Comment Utility
Is your external DNS able to support SRV records?
If so, then configure an Autodiscover SRV record thus:

Then get a free single name SSL certificate from

Do ensure that doesn't resolve anywhere.


Author Closing Comment

Comment Utility
Thanks for the help.

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now