[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Web Server, Outlook Web Access, and SSL

Posted on 2013-10-27
Medium Priority
Last Modified: 2013-10-28

This is my first time doing this so I want to make sure I do things right. Even though this is a site created for testing, it needs to be setup correctly and I want it to be setup like the industry standard.

I registered a domain and it has a static IP address. I setup three servers running Windows Server 2012. One is AD. The second one hosts IIS and a default web page. The third server is running Exchange 2013.

My firewall is setup to forward port 80 to the web server, and port 25 is forwarded to the Exchange 2013 server. Also, port 443 is forwarded to the Exchange Server.

I setup Exchange 2013 and it is working. I can send messages to the outside world. I can also receive messages from the Internet.

For now, I have to enter http://www.hiddencompanyname.com when I want to get to my default web page. I have to enter https://hiddencompany.com/owa when I want to get to Outlook Web Access.

When I go to OWA, I am warned about my certificate.

My eventual goal for this test domain is that I want to be able to eventually connect to my Exchange 2013 server with Outlook 2013 using RPC over HTTPS, and I want this domain to be configured like and behave like what people usually do when they setup an IIS server for their web page and a separate server for their Exchange Server.

What is the next thing I need to do so that I can finalize this domain so that I can reach my goal of setting up Outlook with RPC over HTTPS? Is the next step an SSL certificate? Please advise.

Question by:jhieb
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 11

Accepted Solution

Satish Auti earned 668 total points
ID: 39604827
Yes if you dont have any certificate then create it. or go for third party .
LVL 11

Assisted Solution

by:Sanjay Santoki
Sanjay Santoki earned 668 total points
ID: 39605848

First of all you have to configure dummy autodiscover virtual directory on your web server which redirect to your exchange server when someone try with HTTP to HTTPS://owaURL. This will take care of autodiscovery.

As far as certificate warning is concerned; make sure that all the FQDNs used by Exchange service is added a subject alternative names. Also, You have to add local CA root certificate in trusted root certificate store on client computer in case you are using self-signed certificate.

Sanjay Santoki

Author Comment

ID: 39606028
I am getting a bit confused by all the choices within the technical links. Even ExchangeGURU's links have different examples for the same thing. It is too bad there is not a step by step list of instructions on how to do everything I need to do.

Right now, I am struggling with getting the URL's situated. I am not that great with DNS so that doesn't help. I am setup like this:

My firewall is setup to forward port 80 to the web server, and port 25 is forwarded to the Exchange 2013 server. Also, port 443 is forwarded to the Exchange Server.

At my ISP, I have a three A records and they all point to the same IP address:


My Exchange server name is: ECTSRV01

Are there any other A records that I need to setup for Outlook Anywhere and/or for OWA?

Once the DNS settings are correct, is the next step to setup a certificate or the Configure URLS section of the technical notes? I think it is the configure URLS section. So, what should my URLs be for: ??

Servers/Outlook Anywhere

1. Specify the external host name such as conosto.com that users will use to connect to your organization? =

2. Specify the internal host name such as contoso.com that users will use to connect to your organization: =

3. Specify the authentication method for external clients to use when connecting to your organization: =

Servers/Virtual Directories
Should I change anything here?

LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 664 total points
ID: 39606087
Is your external DNS able to support SRV records?
If so, then configure an Autodiscover SRV record thus:

Then get a free single name SSL certificate from StartSSL.com

Do ensure that Autodiscover.example.com doesn't resolve anywhere.


Author Closing Comment

ID: 39607296
Thanks for the help.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
how to add IIS SMTP to handle application/Scanner relays into office 365.

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question