We help IT Professionals succeed at work.

changing the name of our exchange site. - exchange 2010

nigelbeatson
nigelbeatson asked
on
879 Views
Last Modified: 2014-05-21
We have a new exchange server which we have added a private SSL certificate ie owamail.domainname.co.uk

This is installed correctly. But since we added this we have been getting an error on starting Outlook 2010.

"The name on the security certificate is invalid or does not match the site."

I read an article on this which said we should run some shell commands to rename it correctly.

We completed :-

Set-ClientAccessServer -Identity FSAMS2 -AutodiscoverServiceInternalUri https://owamail.domainname.co.uk.co.uk/autodiscover/autodiscover.xml

And we confirmed that this change had been implemented.

However, on trying the second step ie :-

Set-WebServicesVirtualDirectory -Identity "FSAMS2\EWS (Default Web Site)" –InternalUrl https://owamail.domainname.co.uk/EWS/Exchange.asmx

We get an error :-

The host specified for the "internal URL" parameter cannot be resolved. are you sure you want to continue?

Can anyone help?

I have also noticed that since we made the change, the reported error no longer appears, but we do get a sync error when sending / receiving within outlook 2007. ie

Microsoft Offline Address Book
Not downloading offline address book files. A server (URL) could not be located.
OX8004010F

Any help would be much appreciated.
Comment
Watch Question

Author

Commented:
I have noticed that when we resolve owamail.domainname.co.uk it is pointing to our external public IP.

Is this why internal workers using outlook 2007 cannot find the server URL?

Do we need to add an new "a host record" on our DNS, if so what format should it be?

Many thanks

Author

Commented:
I have also noticed that when we run :-

Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname

We get :-

SERVER                            External Host Name                                             Internal Hostname  
FSAMS2                           mail.domainname.co.uk

Is this because we cant get the shell command detailed above to complete?
Gareth GudgerSolution Architect
CERTIFIED EXPERT
Most Valuable Expert 2014
Top Expert 2014

Commented:
Try this:

Set-WebServicesVirtualDirectory -Identity “FSAMS2\EWS (Default Web Site)” -InternalUrl https://owamail.domainname.co.uk/EWS/Exchange.asmx -BasicAuthentication:$true

Commented:
Hi, IMO you should look to use 2 different certificates: one for internal access and one for external.

How did you publish Exchange servers to the internet? Are u using a reverse proxy solution (like TMG or HAProxy or something else) as per best practices or simply port-forwarding the ports to your Client Access?

If you are using the reverse proxy, you can use the public certificate on that and let the self-signed on the Exchange internally. If the reverse proxy checks for the validity of the SSL cert, then you have to trust it manually once on that machine and everything should be OK.

Let me know if it's applicable to your situation.

Otherwise, if you can reissue the certificate, requesting one with your internal URLs in Subject Alternate Names, then restore the internalurl values for all the services (keep in mind there are plenty of places to modify***)


Other informations Here:


*** where to modify:
Set-OwaVirtualDirectory -Identity "<SERVERNAME>\OWA (Default Web Site)" -InternalURL https://<internalURL>/OWA -ExternalURL https://<internalURL>/OWA
Set-EcpVirtualDirectory -Identity "<SERVERNAME>\ECP (Default Web Site)" -InternalURL https://<internalURL>/ECP  -ExternalURL https://<internalURL>/ECP
Set-ActivesyncVirtualDirectory -Identity "<SERVERNAME>\Microsoft-Server-ActiveSync (Default Web Site)" -InternalURL https://<internalURL>/Microsoft-Server-Activesync  -ExternalURL https://<internalURL>/Microsoft-Server-Activesync
Set-OABVirtualDirectory -Identity "<SERVERNAME>\oab (Default Web Site)" -InternalUrl https://<internalURL>/oab -ExternalURL https://<internalURL>/oab
Set-WebServicesVirtualDirectory -Identity "<SERVERNAME>\EWS (Default Web Site)" -InternalUrl https://<internalURL>/ews/exchange.asmx -ExternalURL https://<internalURL>/ews/exchange.asmx
Set-ClientAccessServer –Identity <SERVERNAME> -AutoDiscoverServiceInternalUri: https://<internalURL>/Autodiscover/Autodiscover.xml

Open in new window

Gareth GudgerSolution Architect
CERTIFIED EXPERT
Most Valuable Expert 2014
Top Expert 2014

Commented:
Microsoft Offline Address Book
 Not downloading offline address book files. A server (URL) could not be located.
 OX8004010F

You need to change all other URLs as well. Including the OAB URL.

See here for steps and screenshots. Scroll to Step 5.
http://supertekboy.com/2014/04/07/migrating-exchange-2003-2010-part-iii/
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for that.

I have followed the instructions in step 5, and they completed OK.

Unfortunately, when I get to run the first of the commands ie

Set-WebServicesVirtualDirectory -Identity "FSAMS2\EWS (Default Web Site)" –InternalUrl https://owamail.domainname.co.uk/EWS/Exchange.asmx

 We get an error :-

 The host specified for the "internal URL" parameter cannot be resolved. are you sure you want to continue?

I would point out that I think I accepted the default settings of mail.domainname.co.uk when installing exchange, and we need to have this set to owaimail.domainname.co.uk

I don't know if this is relevant, but I seem to be stuck when trying to set the WebServicesVirtualDirectory?

Any suggestions?

Many thanks.

Author

Commented:
I have added a new zone called owamail.domainname.co.uk
and added an A Host entry for FSAMS2 (our mail server name) and pointed it at our local IP address of our 2010 mail server.

Is that right?

Thanks.

Author

Commented:
FYI We have an external DNS configured for owamail.domainname.co.uk which is pointed at our public IP address. The router then forwards it to the local IP address of our exchange server, using port forwarding. All works well but we do need to move this so that it delivers mail straight to our new exchange server. Currently it comes in to exchange 2003.

Many thanks

Author

Commented:
"Try this:

 Set-WebServicesVirtualDirectory -Identity “FSAMS2\EWS (Default Web Site)” -InternalUrl https://owamail.domainname.co.uk/EWS/Exchange.asmx -BasicAuthentication:$true "

When I run this we get an error :-

We get an error :-

 The host specified for the "internal URL" parameter cannot be resolved. are you sure you want to continue?

This seems to be overlapping a parallel incident, so apologies for that, it is becoming clear that these are related.

Many thanks.

Author

Commented:
The info obtained from the shell details :-



Identity    : FSAMS2\EWS (Default Web Site)
InternalUrl : https://fsams2.fsa1.local/EWS/Exchange.asmx
ExternalUrl : https://owamail.domainname.co.uk/ews/exchange.asmx


Thanks

Author

Commented:
I have just removed the zone owamail.domainname.co.uk and replaced it with domainname.co.uk, but it does not seem to have made any difference. Still cant run the shell command??

When we run :-

Get-WebServicesVirtualDirectory | fl identity,internalurl,ExternalURL

we get :-

Identity    : FSAMS2\EWS (Default Web Site)
InternalUrl : https://fsams2.fsa1.local/EWS/Exchange.asmx
ExternalUrl : https://owamail.domainname.co.uk/ews/exchange.asmx

Does this help.

Many thanks.

Author

Commented:
Hi Gareth

Since I followed the instructions in part 5, to the point where the shell command is required (which failed), we can no longer gain access using owa.

Is this what you would expect?

I know im only partially way through your guide, si it would not surprise me, but if you could continued with any assistance, I would be extremely grateful.

Many thanks.

Author

Commented:
Ok I have managed to get all of the commands to run now, and been through step 5. We only have one public IP address??

Still got the sync error on outlook and cannot access OWA now, we get this page cannot be displayed.

Is it time to call Microsoft?? :(

Many thanks.

Commented:
As far as i can understand, the last time you issued the command, the problem stating that cannot resolve hostname is because you misconfigured DNS: you configured a zone for a subdomain: owamail.domainname.co.uk, instead of configuring a zone for domainname.co.uk with dns forwarders as I told you.

if you want your internals to resolve owamail you should configure a dns zone for domainname.co.uk and then insert there owamail as an A record.

What happens?
a. Your internal clients will go to your DNS servers asking for owamail.domainname.co.uk
b. your DNS server will respond internal IP immediately.
c. your clients will then go to that IP.


When your internal clients will ask for another hostname, will ask your DNS and then they will be redirected to your forwarders (your external DNS), so they'll be able to resolve external hostnames too..


Hope this will clarify.

Author

Commented:
Many thanks.

Great help everyone.

I added the new zone and that helped.

I also found that public folders had not replicated properly, so forcing that through removed the sync error.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.