Solved

Outlook Anywhere using internal URL

Posted on 2015-02-19
14
201 Views
Last Modified: 2015-02-20
When users take their corporate domain laptops home and launch Outlook they get a certificate error.  The error references the internal name of the Exchange server not the external URL.  Also, in Outlook 2013 Account Settings, there is an "Access this account on the web." link that is also pointing to the internal name of the exchange server.  If this is clicked while off the corporate network, of course it cannot access OWA.
Capture6.JPG
0
Comment
Question by:Chris Parks
  • 5
  • 5
  • 2
  • +1
14 Comments
 

Expert Comment

by:CTselikis
ID: 40620088
What edition is your exchange server? Depending on the setup you may need to update or install an ssl certificate on your exchange server for external users.
0
 

Author Comment

by:Chris Parks
ID: 40620098
Sorry, more info.  Exchange 2013.  I do currently have a wildcard cert on the server that is imported and works fine for OWA.  It's doesn't seem to be an SSL issue, it's more of an Outlook Anywhere issue.  Why is Outlook anywhere using my internal URL instead of external URL?
0
 

Expert Comment

by:CTselikis
ID: 40620126
Under ECP > Servers > select your exchange server then click on the pencil and find outlook anywhere. What does it show listed for your config?
0
 
LVL 15

Expert Comment

by:weinberk
ID: 40620246
What are the results of this command in powershell?

Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname,
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40620973
The best practise here is to use the external name everywhere.
So setup a split DNS system so the external name resolves internally, then change all of the host names to the external URL. That way everything appears the same to the end users, they can use the same URLs and you don't get odd certificate prompts.
http://semb.ee/hostnames2013

Simon.
0
 

Author Comment

by:Chris Parks
ID: 40621134
As far as I can tell I am using external name for Outlook Anywhere, see attachment.

I have seen references to Split DNS in my research, can you elaborate what that means/entails?
I do have my local DNS resolving the external name (mail) to the internal IP of server.

Result of Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname:
[PS] C:\Windows\system32>Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname

Server                                  ExternalHostname                        InternalHostname
------                                  ----------------                        ----------------
LLF-MAIL                                mail.lifeline-foods.com                 mail.lifeline-foods.com
Capture8.JPG
0
 
LVL 15

Expert Comment

by:weinberk
ID: 40621379
What does
Get-OwaVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
show?

I believe that your screenshot that shows Outlook saying to goto your internal URL for OWA is caused by an incorrect External URL being set for OWA.

I looked your cert via OWA and it looks fine.  The autodiscover dns entry looks good too. Of course, we can't test autodiscover without credentials, but you can:
https://testconnectivity.microsoft.com/
do the outlook connectivity test and post (Redacted maybe) complete results.
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 15

Expert Comment

by:weinberk
ID: 40621380
Or message me a test account that I can check out...
0
 

Author Comment

by:Chris Parks
ID: 40621392
Looks like you are correct on OWA, here is output:
[PS] C:\Windows\system32>Get-OwaVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Server      : LLF-MAIL
ExternalUrl :
InternalUrl : https://llf-mail.lifeline-foods.com/owa
0
 
LVL 15

Assisted Solution

by:weinberk
weinberk earned 500 total points
ID: 40621443
let's start by fixing that

Set-OwaVirtualDirectory -Identity "YOURservername\owa (default web site)" -ExternalUrl https://mail.lifeline-foods.com/owa -InternalUrl https://mail.lifeline-foods.com/owa

You'll need an iisreset.

Check these too just to be safe.
Get-OabVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Get-WebServicesVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Get-ActiveSyncVirtualDirectory | select server,externalurl,internalurl | fl
Get-ClientAccessServer | Select Name,AutoDiscoverServiceInternalURI
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40621508
A split DNS basically means the external host name resolves internally to an internal IP address. You make a few changes to your internal DNS, modify Exchange with the correct URLs and you are good to go. The link in my first post explains what needs to be done.

Simon.
0
 

Author Comment

by:Chris Parks
ID: 40621532
OK, made change to OWA virtual directory, also warned me to change ECP also, which I did.  
Had to run a repair on Outlook to get "Access this account on the web." link to change, but it did.

Tried Outlook off network and still getting cert error because it's trying to connect to LLF-Mail

Output of above commands:
[PS] C:\Windows\system32>Get-OabVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Creating a new session for implicit remoting of "Get-OabVirtualDirectory" command...


Server      : LLF-MAIL
ExternalUrl : https://mail.lifeline-foods.com/OAB
InternalUrl : https://llf-mail.lifeline-foods.com/OAB



[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | Select Server,ExternalURL,InternalURL | fl


Server      : LLF-MAIL
ExternalUrl : https://mail.lifeline-foods.com/EWS/Exchange.asmx
InternalUrl : https://llf-mail.lifeline-foods.com/EWS/Exchange.asmx



[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory | select server,externalurl,internalurl | fl


Server      : LLF-MAIL
ExternalUrl : https://mail.lifeline-foods.com/Microsoft-Server-ActiveSync
InternalUrl : https://llf-mail.lifeline-foods.com/Microsoft-Server-ActiveSync



[PS] C:\Windows\system32>Get-ClientAccessServer | Select Name,AutoDiscoverServiceInternalURI

Name                                                        AutoDiscoverServiceInternalUri
----                                                        ------------------------------
LLF-MAIL                                                    https://autodiscover.lifeline-foods.com/AutoDiscover/Aut...
0
 
LVL 15

Accepted Solution

by:
weinberk earned 500 total points
ID: 40621543
I would change the internal urls just for consistency (except for autodiscover), though they should work with your wildcard cert.

Try that, IIS reset, then test over at the MS testing website and report back?
0
 

Author Comment

by:Chris Parks
ID: 40622066
I think that has corrected it.  Changed internal URLs, iisreset.  Connected to external network, launched Outlook and got SSL error.  Closed Outlook, repopened and didn't get error.  Closed Outlook, connected back to corp network, launched Outlook as normal, closed outlook.  Connected back to external network, launched Outlook and no error.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now