Solved

Exchange Out of Office URL and DNS

Posted on 2013-12-23
5
630 Views
Last Modified: 2014-01-10
Hello Experts - I'm working on a way to have my ActiveSync users be able to seamlessly  transition from outside the office on 3G to inside the office on an internal private wireless network.  The problem is name resolution.  Outside the office they are using this address:

https://exchange.company.org/owa

Internally they are using this address:

https://internalservername.comain.local.owa

I had setup a DNS entry last week which allowed the first address to resolve to the internal address and that works except doing so breaks the users ability to set out of office messages.  When using the internal wireless network the users would get an error saying the server can't be reached.  I investigated and found that Outlook uses a URL to set the OOF messages which can be seen by holding control, clicking the Outlook 2010 icon, then selecting Test E-mail AutoConfiguration.

Is there a way out of this conundrum?  I have two exchange servers setup in a DAG, I was thinking of changing the OOF URL to point to the second server who's name should resolve properly both internally and externally as its offsite but I wasn't positive this will work.  I'd appreciate any advice!
0
Comment
Question by:First Last
  • 3
  • 2
5 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39736076
The OOTO URL comes from the availability service, which is found with Autodiscover.
Internally Autodiscover is found by the clients using the result of this:

get-clientaccessserver | select identity, autodiscoverserviceinternalURI

You need to change the host name to match the SSL certificate.

The best practise is to now use the same host name internally and externally.

http://semb.ee/hostnames

Simon.
0
 
LVL 1

Author Comment

by:First Last
ID: 39736199
Hi Simon, thanks for helping me out.  I've read your (excellent) guide and setup DNS so that the external name now resolve internally to the exchange server.  My SSL certificate already had both internal and external names so it does match.  The problem is now that I've changed DNS the out of office feature does not work on our AnyConnect VPN, we're getting the "server currently unavailable" message.  When on the VPN the client is connected via TCP.  When I run the AutoConfiguration test it shows my RPC OOF URL as:

https://exchange.domain.local/EWS/Exchange.asmx

Browsing to that page manually fails.  I'm also unable to browse to the HTTPS URL here:

https://exchange.domain.org/EWS/Exchange.asmx

So clearly I still have something set wrong.  What do I need to change in order to have both the external name resolve internally and also allow OOF to work?  Thanks again for your help!
0
 
LVL 1

Author Comment

by:First Last
ID: 39736249
I want to say I need to change the AWS link to point externally except that over the VPN the full external URL still does not load when I point a browser to it.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39736258
It doesn't mean you have something wrong in Exchange.

It could mean that the DNS is incorrect, the VPN could be handing out the wrong DNS servers. It could also be that the VPN isn't allowing HTTPS traffic through.

Have you changed the web services virtual directory to the correct name?

You need to check name resolution when on the VPN to see if the correct information is being returned.

Simon.
0
 
LVL 1

Author Comment

by:First Last
ID: 39736281
I've checked DNS on the VPN, it is handing out the right DNS servers and I can correctly resolve both servername.domain.local and exchange.domain.org.  I haven't updated the virtual directory because I'm not able to load either the external or internal URL on the VPN but I can try that now since DNS is working normally inside the LAN.

I'll focus on the firewall next.  I noticed I can't access the OWA site on the VPN either so it may very well be an issue there.
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now