Link to home
Create AccountLog in
Avatar of nigelbeatson
nigelbeatsonFlag for United Kingdom of Great Britain and Northern Ireland

asked on

changing the name of our exchange site. - exchange 2010

We have a new exchange server which we have added a private SSL certificate ie

This is installed correctly. But since we added this we have been getting an error on starting Outlook 2010.

"The name on the security certificate is invalid or does not match the site."

I read an article on this which said we should run some shell commands to rename it correctly.

We completed :-

Set-ClientAccessServer -Identity FSAMS2 -AutodiscoverServiceInternalUri

And we confirmed that this change had been implemented.

However, on trying the second step ie :-

Set-WebServicesVirtualDirectory -Identity "FSAMS2\EWS (Default Web Site)" –InternalUrl

We get an error :-

The host specified for the "internal URL" parameter cannot be resolved. are you sure you want to continue?

Can anyone help?

I have also noticed that since we made the change, the reported error no longer appears, but we do get a sync error when sending / receiving within outlook 2007. ie

Microsoft Offline Address Book
Not downloading offline address book files. A server (URL) could not be located.

Any help would be much appreciated.
Avatar of nigelbeatson
Flag of United Kingdom of Great Britain and Northern Ireland image


I have noticed that when we resolve it is pointing to our external public IP.

Is this why internal workers using outlook 2007 cannot find the server URL?

Do we need to add an new "a host record" on our DNS, if so what format should it be?

Many thanks
I have also noticed that when we run :-

Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname

We get :-

SERVER                            External Host Name                                             Internal Hostname  

Is this because we cant get the shell command detailed above to complete?
Avatar of Gareth Gudger
Try this:

Set-WebServicesVirtualDirectory -Identity “FSAMS2\EWS (Default Web Site)” -InternalUrl -BasicAuthentication:$true
Hi, IMO you should look to use 2 different certificates: one for internal access and one for external.

How did you publish Exchange servers to the internet? Are u using a reverse proxy solution (like TMG or HAProxy or something else) as per best practices or simply port-forwarding the ports to your Client Access?

If you are using the reverse proxy, you can use the public certificate on that and let the self-signed on the Exchange internally. If the reverse proxy checks for the validity of the SSL cert, then you have to trust it manually once on that machine and everything should be OK.

Let me know if it's applicable to your situation.

Otherwise, if you can reissue the certificate, requesting one with your internal URLs in Subject Alternate Names, then restore the internalurl values for all the services (keep in mind there are plenty of places to modify***)

Other informations Here:

*** where to modify:
Set-OwaVirtualDirectory -Identity "<SERVERNAME>\OWA (Default Web Site)" -InternalURL https://<internalURL>/OWA -ExternalURL https://<internalURL>/OWA
Set-EcpVirtualDirectory -Identity "<SERVERNAME>\ECP (Default Web Site)" -InternalURL https://<internalURL>/ECP  -ExternalURL https://<internalURL>/ECP
Set-ActivesyncVirtualDirectory -Identity "<SERVERNAME>\Microsoft-Server-ActiveSync (Default Web Site)" -InternalURL https://<internalURL>/Microsoft-Server-Activesync  -ExternalURL https://<internalURL>/Microsoft-Server-Activesync
Set-OABVirtualDirectory -Identity "<SERVERNAME>\oab (Default Web Site)" -InternalUrl https://<internalURL>/oab -ExternalURL https://<internalURL>/oab
Set-WebServicesVirtualDirectory -Identity "<SERVERNAME>\EWS (Default Web Site)" -InternalUrl https://<internalURL>/ews/exchange.asmx -ExternalURL https://<internalURL>/ews/exchange.asmx
Set-ClientAccessServer –Identity <SERVERNAME> -AutoDiscoverServiceInternalUri: https://<internalURL>/Autodiscover/Autodiscover.xml

Open in new window

Microsoft Offline Address Book
 Not downloading offline address book files. A server (URL) could not be located.

You need to change all other URLs as well. Including the OAB URL.

See here for steps and screenshots. Scroll to Step 5.
Avatar of ienaxxx
Flag of Italy image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Thanks for that.

I have followed the instructions in step 5, and they completed OK.

Unfortunately, when I get to run the first of the commands ie

Set-WebServicesVirtualDirectory -Identity "FSAMS2\EWS (Default Web Site)" –InternalUrl

 We get an error :-

 The host specified for the "internal URL" parameter cannot be resolved. are you sure you want to continue?

I would point out that I think I accepted the default settings of when installing exchange, and we need to have this set to

I don't know if this is relevant, but I seem to be stuck when trying to set the WebServicesVirtualDirectory?

Any suggestions?

Many thanks.
I have added a new zone called
and added an A Host entry for FSAMS2 (our mail server name) and pointed it at our local IP address of our 2010 mail server.

Is that right?

FYI We have an external DNS configured for which is pointed at our public IP address. The router then forwards it to the local IP address of our exchange server, using port forwarding. All works well but we do need to move this so that it delivers mail straight to our new exchange server. Currently it comes in to exchange 2003.

Many thanks
"Try this:

 Set-WebServicesVirtualDirectory -Identity “FSAMS2\EWS (Default Web Site)” -InternalUrl -BasicAuthentication:$true "

When I run this we get an error :-

We get an error :-

 The host specified for the "internal URL" parameter cannot be resolved. are you sure you want to continue?

This seems to be overlapping a parallel incident, so apologies for that, it is becoming clear that these are related.

Many thanks.
The info obtained from the shell details :-

Identity    : FSAMS2\EWS (Default Web Site)
InternalUrl : https://fsams2.fsa1.local/EWS/Exchange.asmx
ExternalUrl :

I have just removed the zone and replaced it with, but it does not seem to have made any difference. Still cant run the shell command??

When we run :-

Get-WebServicesVirtualDirectory | fl identity,internalurl,ExternalURL

we get :-

Identity    : FSAMS2\EWS (Default Web Site)
InternalUrl : https://fsams2.fsa1.local/EWS/Exchange.asmx
ExternalUrl :

Does this help.

Many thanks.
Hi Gareth

Since I followed the instructions in part 5, to the point where the shell command is required (which failed), we can no longer gain access using owa.

Is this what you would expect?

I know im only partially way through your guide, si it would not surprise me, but if you could continued with any assistance, I would be extremely grateful.

Many thanks.
Ok I have managed to get all of the commands to run now, and been through step 5. We only have one public IP address??

Still got the sync error on outlook and cannot access OWA now, we get this page cannot be displayed.

Is it time to call Microsoft?? :(

Many thanks.
As far as i can understand, the last time you issued the command, the problem stating that cannot resolve hostname is because you misconfigured DNS: you configured a zone for a subdomain:, instead of configuring a zone for with dns forwarders as I told you.

if you want your internals to resolve owamail you should configure a dns zone for and then insert there owamail as an A record.

What happens?
a. Your internal clients will go to your DNS servers asking for
b. your DNS server will respond internal IP immediately.
c. your clients will then go to that IP.

When your internal clients will ask for another hostname, will ask your DNS and then they will be redirected to your forwarders (your external DNS), so they'll be able to resolve external hostnames too..

Hope this will clarify.
Many thanks.

Great help everyone.

I added the new zone and that helped.

I also found that public folders had not replicated properly, so forcing that through removed the sync error.