nigelbeatson
asked on
changing the name of our exchange site. - exchange 2010
We have a new exchange server which we have added a private SSL certificate ie owamail.domainname.co.uk
This is installed correctly. But since we added this we have been getting an error on starting Outlook 2010.
"The name on the security certificate is invalid or does not match the site."
I read an article on this which said we should run some shell commands to rename it correctly.
We completed :-
Set-ClientAccessServer -Identity FSAMS2 -AutodiscoverServiceIntern alUri https://owamail.domainname.co.uk.co.uk/autodiscover/autodiscover.xml
And we confirmed that this change had been implemented.
However, on trying the second step ie :-
Set-WebServicesVirtualDire ctory -Identity "FSAMS2\EWS (Default Web Site)" –InternalUrl https://owamail.domainname.co.uk/EWS/Exchange.asmx
We get an error :-
The host specified for the "internal URL" parameter cannot be resolved. are you sure you want to continue?
Can anyone help?
I have also noticed that since we made the change, the reported error no longer appears, but we do get a sync error when sending / receiving within outlook 2007. ie
Microsoft Offline Address Book
Not downloading offline address book files. A server (URL) could not be located.
OX8004010F
Any help would be much appreciated.
This is installed correctly. But since we added this we have been getting an error on starting Outlook 2010.
"The name on the security certificate is invalid or does not match the site."
I read an article on this which said we should run some shell commands to rename it correctly.
We completed :-
Set-ClientAccessServer -Identity FSAMS2 -AutodiscoverServiceIntern
And we confirmed that this change had been implemented.
However, on trying the second step ie :-
Set-WebServicesVirtualDire
We get an error :-
The host specified for the "internal URL" parameter cannot be resolved. are you sure you want to continue?
Can anyone help?
I have also noticed that since we made the change, the reported error no longer appears, but we do get a sync error when sending / receiving within outlook 2007. ie
Microsoft Offline Address Book
Not downloading offline address book files. A server (URL) could not be located.
OX8004010F
Any help would be much appreciated.
ASKER
I have also noticed that when we run :-
Get-OutlookAnywhere | Select Server,ExternalHostname,In ternalhost name
We get :-
SERVER External Host Name Internal Hostname
FSAMS2 mail.domainname.co.uk
Is this because we cant get the shell command detailed above to complete?
Get-OutlookAnywhere | Select Server,ExternalHostname,In
We get :-
SERVER External Host Name Internal Hostname
FSAMS2 mail.domainname.co.uk
Is this because we cant get the shell command detailed above to complete?
Try this:
Set-WebServicesVirtualDire ctory -Identity “FSAMS2\EWS (Default Web Site)” -InternalUrl https://owamail.domainname.co.uk/EWS/Exchange.asmx -BasicAuthentication:$true
Set-WebServicesVirtualDire
Hi, IMO you should look to use 2 different certificates: one for internal access and one for external.
How did you publish Exchange servers to the internet? Are u using a reverse proxy solution (like TMG or HAProxy or something else) as per best practices or simply port-forwarding the ports to your Client Access?
If you are using the reverse proxy, you can use the public certificate on that and let the self-signed on the Exchange internally. If the reverse proxy checks for the validity of the SSL cert, then you have to trust it manually once on that machine and everything should be OK.
Let me know if it's applicable to your situation.
Otherwise, if you can reissue the certificate, requesting one with your internal URLs in Subject Alternate Names, then restore the internalurl values for all the services (keep in mind there are plenty of places to modify***)
Other informations Here:
*** where to modify:
How did you publish Exchange servers to the internet? Are u using a reverse proxy solution (like TMG or HAProxy or something else) as per best practices or simply port-forwarding the ports to your Client Access?
If you are using the reverse proxy, you can use the public certificate on that and let the self-signed on the Exchange internally. If the reverse proxy checks for the validity of the SSL cert, then you have to trust it manually once on that machine and everything should be OK.
Let me know if it's applicable to your situation.
Otherwise, if you can reissue the certificate, requesting one with your internal URLs in Subject Alternate Names, then restore the internalurl values for all the services (keep in mind there are plenty of places to modify***)
Other informations Here:
*** where to modify:
Set-OwaVirtualDirectory -Identity "<SERVERNAME>\OWA (Default Web Site)" -InternalURL https://<internalURL>/OWA -ExternalURL https://<internalURL>/OWA
Set-EcpVirtualDirectory -Identity "<SERVERNAME>\ECP (Default Web Site)" -InternalURL https://<internalURL>/ECP -ExternalURL https://<internalURL>/ECP
Set-ActivesyncVirtualDirectory -Identity "<SERVERNAME>\Microsoft-Server-ActiveSync (Default Web Site)" -InternalURL https://<internalURL>/Microsoft-Server-Activesync -ExternalURL https://<internalURL>/Microsoft-Server-Activesync
Set-OABVirtualDirectory -Identity "<SERVERNAME>\oab (Default Web Site)" -InternalUrl https://<internalURL>/oab -ExternalURL https://<internalURL>/oab
Set-WebServicesVirtualDirectory -Identity "<SERVERNAME>\EWS (Default Web Site)" -InternalUrl https://<internalURL>/ews/exchange.asmx -ExternalURL https://<internalURL>/ews/exchange.asmx
Set-ClientAccessServer –Identity <SERVERNAME> -AutoDiscoverServiceInternalUri: https://<internalURL>/Autodiscover/Autodiscover.xml
Microsoft Offline Address Book
Not downloading offline address book files. A server (URL) could not be located.
OX8004010F
You need to change all other URLs as well. Including the OAB URL.
See here for steps and screenshots. Scroll to Step 5.
http://supertekboy.com/2014/04/07/migrating-exchange-2003-2010-part-iii/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for that.
I have followed the instructions in step 5, and they completed OK.
Unfortunately, when I get to run the first of the commands ie
Set-WebServicesVirtualDire ctory -Identity "FSAMS2\EWS (Default Web Site)" –InternalUrl https://owamail.domainname.co.uk/EWS/Exchange.asmx
We get an error :-
The host specified for the "internal URL" parameter cannot be resolved. are you sure you want to continue?
I would point out that I think I accepted the default settings of mail.domainname.co.uk when installing exchange, and we need to have this set to owaimail.domainname.co.uk
I don't know if this is relevant, but I seem to be stuck when trying to set the WebServicesVirtualDirector y?
Any suggestions?
Many thanks.
I have followed the instructions in step 5, and they completed OK.
Unfortunately, when I get to run the first of the commands ie
Set-WebServicesVirtualDire
We get an error :-
The host specified for the "internal URL" parameter cannot be resolved. are you sure you want to continue?
I would point out that I think I accepted the default settings of mail.domainname.co.uk when installing exchange, and we need to have this set to owaimail.domainname.co.uk
I don't know if this is relevant, but I seem to be stuck when trying to set the WebServicesVirtualDirector
Any suggestions?
Many thanks.
ASKER
I have added a new zone called owamail.domainname.co.uk
and added an A Host entry for FSAMS2 (our mail server name) and pointed it at our local IP address of our 2010 mail server.
Is that right?
Thanks.
and added an A Host entry for FSAMS2 (our mail server name) and pointed it at our local IP address of our 2010 mail server.
Is that right?
Thanks.
ASKER
FYI We have an external DNS configured for owamail.domainname.co.uk which is pointed at our public IP address. The router then forwards it to the local IP address of our exchange server, using port forwarding. All works well but we do need to move this so that it delivers mail straight to our new exchange server. Currently it comes in to exchange 2003.
Many thanks
Many thanks
ASKER
"Try this:
Set-WebServicesVirtualDire ctory -Identity “FSAMS2\EWS (Default Web Site)” -InternalUrl https://owamail.domainname.co.uk/EWS/Exchange.asmx -BasicAuthentication:$true "
When I run this we get an error :-
We get an error :-
The host specified for the "internal URL" parameter cannot be resolved. are you sure you want to continue?
This seems to be overlapping a parallel incident, so apologies for that, it is becoming clear that these are related.
Many thanks.
Set-WebServicesVirtualDire
When I run this we get an error :-
We get an error :-
The host specified for the "internal URL" parameter cannot be resolved. are you sure you want to continue?
This seems to be overlapping a parallel incident, so apologies for that, it is becoming clear that these are related.
Many thanks.
ASKER
The info obtained from the shell details :-
Identity : FSAMS2\EWS (Default Web Site)
InternalUrl : https://fsams2.fsa1.local/EWS/Exchange.asmx
ExternalUrl : https://owamail.domainname.co.uk/ews/exchange.asmx
Thanks
Identity : FSAMS2\EWS (Default Web Site)
InternalUrl : https://fsams2.fsa1.local/EWS/Exchange.asmx
ExternalUrl : https://owamail.domainname.co.uk/ews/exchange.asmx
Thanks
ASKER
I have just removed the zone owamail.domainname.co.uk and replaced it with domainname.co.uk, but it does not seem to have made any difference. Still cant run the shell command??
When we run :-
Get-WebServicesVirtualDire ctory | fl identity,internalurl,Exter nalURL
we get :-
Identity : FSAMS2\EWS (Default Web Site)
InternalUrl : https://fsams2.fsa1.local/EWS/Exchange.asmx
ExternalUrl : https://owamail.domainname.co.uk/ews/exchange.asmx
Does this help.
Many thanks.
When we run :-
Get-WebServicesVirtualDire
we get :-
Identity : FSAMS2\EWS (Default Web Site)
InternalUrl : https://fsams2.fsa1.local/EWS/Exchange.asmx
ExternalUrl : https://owamail.domainname.co.uk/ews/exchange.asmx
Does this help.
Many thanks.
ASKER
Hi Gareth
Since I followed the instructions in part 5, to the point where the shell command is required (which failed), we can no longer gain access using owa.
Is this what you would expect?
I know im only partially way through your guide, si it would not surprise me, but if you could continued with any assistance, I would be extremely grateful.
Many thanks.
Since I followed the instructions in part 5, to the point where the shell command is required (which failed), we can no longer gain access using owa.
Is this what you would expect?
I know im only partially way through your guide, si it would not surprise me, but if you could continued with any assistance, I would be extremely grateful.
Many thanks.
ASKER
Ok I have managed to get all of the commands to run now, and been through step 5. We only have one public IP address??
Still got the sync error on outlook and cannot access OWA now, we get this page cannot be displayed.
Is it time to call Microsoft?? :(
Many thanks.
Still got the sync error on outlook and cannot access OWA now, we get this page cannot be displayed.
Is it time to call Microsoft?? :(
Many thanks.
As far as i can understand, the last time you issued the command, the problem stating that cannot resolve hostname is because you misconfigured DNS: you configured a zone for a subdomain: owamail.domainname.co.uk, instead of configuring a zone for domainname.co.uk with dns forwarders as I told you.
if you want your internals to resolve owamail you should configure a dns zone for domainname.co.uk and then insert there owamail as an A record.
What happens?
a. Your internal clients will go to your DNS servers asking for owamail.domainname.co.uk
b. your DNS server will respond internal IP immediately.
c. your clients will then go to that IP.
When your internal clients will ask for another hostname, will ask your DNS and then they will be redirected to your forwarders (your external DNS), so they'll be able to resolve external hostnames too..
Hope this will clarify.
if you want your internals to resolve owamail you should configure a dns zone for domainname.co.uk and then insert there owamail as an A record.
What happens?
a. Your internal clients will go to your DNS servers asking for owamail.domainname.co.uk
b. your DNS server will respond internal IP immediately.
c. your clients will then go to that IP.
When your internal clients will ask for another hostname, will ask your DNS and then they will be redirected to your forwarders (your external DNS), so they'll be able to resolve external hostnames too..
Hope this will clarify.
ASKER
Many thanks.
Great help everyone.
I added the new zone and that helped.
I also found that public folders had not replicated properly, so forcing that through removed the sync error.
Great help everyone.
I added the new zone and that helped.
I also found that public folders had not replicated properly, so forcing that through removed the sync error.
ASKER
Is this why internal workers using outlook 2007 cannot find the server URL?
Do we need to add an new "a host record" on our DNS, if so what format should it be?
Many thanks