Exchange Out of Office URL and DNS

Hello Experts - I'm working on a way to have my ActiveSync users be able to seamlessly  transition from outside the office on 3G to inside the office on an internal private wireless network.  The problem is name resolution.  Outside the office they are using this address:

Internally they are using this address:


I had setup a DNS entry last week which allowed the first address to resolve to the internal address and that works except doing so breaks the users ability to set out of office messages.  When using the internal wireless network the users would get an error saying the server can't be reached.  I investigated and found that Outlook uses a URL to set the OOF messages which can be seen by holding control, clicking the Outlook 2010 icon, then selecting Test E-mail AutoConfiguration.

Is there a way out of this conundrum?  I have two exchange servers setup in a DAG, I was thinking of changing the OOF URL to point to the second server who's name should resolve properly both internally and externally as its offsite but I wasn't positive this will work.  I'd appreciate any advice!
First LastAsked:
Who is Participating?
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
The OOTO URL comes from the availability service, which is found with Autodiscover.
Internally Autodiscover is found by the clients using the result of this:

get-clientaccessserver | select identity, autodiscoverserviceinternalURI

You need to change the host name to match the SSL certificate.

The best practise is to now use the same host name internally and externally.

First LastAuthor Commented:
Hi Simon, thanks for helping me out.  I've read your (excellent) guide and setup DNS so that the external name now resolve internally to the exchange server.  My SSL certificate already had both internal and external names so it does match.  The problem is now that I've changed DNS the out of office feature does not work on our AnyConnect VPN, we're getting the "server currently unavailable" message.  When on the VPN the client is connected via TCP.  When I run the AutoConfiguration test it shows my RPC OOF URL as:


Browsing to that page manually fails.  I'm also unable to browse to the HTTPS URL here:

So clearly I still have something set wrong.  What do I need to change in order to have both the external name resolve internally and also allow OOF to work?  Thanks again for your help!
First LastAuthor Commented:
I want to say I need to change the AWS link to point externally except that over the VPN the full external URL still does not load when I point a browser to it.
Simon Butler (Sembee)ConsultantCommented:
It doesn't mean you have something wrong in Exchange.

It could mean that the DNS is incorrect, the VPN could be handing out the wrong DNS servers. It could also be that the VPN isn't allowing HTTPS traffic through.

Have you changed the web services virtual directory to the correct name?

You need to check name resolution when on the VPN to see if the correct information is being returned.

First LastAuthor Commented:
I've checked DNS on the VPN, it is handing out the right DNS servers and I can correctly resolve both servername.domain.local and  I haven't updated the virtual directory because I'm not able to load either the external or internal URL on the VPN but I can try that now since DNS is working normally inside the LAN.

I'll focus on the firewall next.  I noticed I can't access the OWA site on the VPN either so it may very well be an issue there.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.