Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 605
  • Last Modified:

Outlook Anywhere using internal URL

When users take their corporate domain laptops home and launch Outlook they get a certificate error.  The error references the internal name of the Exchange server not the external URL.  Also, in Outlook 2013 Account Settings, there is an "Access this account on the web." link that is also pointing to the internal name of the exchange server.  If this is clicked while off the corporate network, of course it cannot access OWA.
Capture6.JPG
0
Chris Parks
Asked:
Chris Parks
  • 5
  • 5
  • 2
  • +1
2 Solutions
 
CTselikisCommented:
What edition is your exchange server? Depending on the setup you may need to update or install an ssl certificate on your exchange server for external users.
0
 
Chris ParksAuthor Commented:
Sorry, more info.  Exchange 2013.  I do currently have a wildcard cert on the server that is imported and works fine for OWA.  It's doesn't seem to be an SSL issue, it's more of an Outlook Anywhere issue.  Why is Outlook anywhere using my internal URL instead of external URL?
0
 
CTselikisCommented:
Under ECP > Servers > select your exchange server then click on the pencil and find outlook anywhere. What does it show listed for your config?
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
Berkson WeinTech FreelancerCommented:
What are the results of this command in powershell?

Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname,
0
 
Simon Butler (Sembee)ConsultantCommented:
The best practise here is to use the external name everywhere.
So setup a split DNS system so the external name resolves internally, then change all of the host names to the external URL. That way everything appears the same to the end users, they can use the same URLs and you don't get odd certificate prompts.
http://semb.ee/hostnames2013

Simon.
0
 
Chris ParksAuthor Commented:
As far as I can tell I am using external name for Outlook Anywhere, see attachment.

I have seen references to Split DNS in my research, can you elaborate what that means/entails?
I do have my local DNS resolving the external name (mail) to the internal IP of server.

Result of Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname:
[PS] C:\Windows\system32>Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname

Server                                  ExternalHostname                        InternalHostname
------                                  ----------------                        ----------------
LLF-MAIL                                mail.lifeline-foods.com                 mail.lifeline-foods.com
Capture8.JPG
0
 
Berkson WeinTech FreelancerCommented:
What does
Get-OwaVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
show?

I believe that your screenshot that shows Outlook saying to goto your internal URL for OWA is caused by an incorrect External URL being set for OWA.

I looked your cert via OWA and it looks fine.  The autodiscover dns entry looks good too. Of course, we can't test autodiscover without credentials, but you can:
https://testconnectivity.microsoft.com/
do the outlook connectivity test and post (Redacted maybe) complete results.
0
 
Berkson WeinTech FreelancerCommented:
Or message me a test account that I can check out...
0
 
Chris ParksAuthor Commented:
Looks like you are correct on OWA, here is output:
[PS] C:\Windows\system32>Get-OwaVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Server      : LLF-MAIL
ExternalUrl :
InternalUrl : https://llf-mail.lifeline-foods.com/owa
0
 
Berkson WeinTech FreelancerCommented:
let's start by fixing that

Set-OwaVirtualDirectory -Identity "YOURservername\owa (default web site)" -ExternalUrl https://mail.lifeline-foods.com/owa -InternalUrl https://mail.lifeline-foods.com/owa

You'll need an iisreset.

Check these too just to be safe.
Get-OabVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Get-WebServicesVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Get-ActiveSyncVirtualDirectory | select server,externalurl,internalurl | fl
Get-ClientAccessServer | Select Name,AutoDiscoverServiceInternalURI
0
 
Simon Butler (Sembee)ConsultantCommented:
A split DNS basically means the external host name resolves internally to an internal IP address. You make a few changes to your internal DNS, modify Exchange with the correct URLs and you are good to go. The link in my first post explains what needs to be done.

Simon.
0
 
Chris ParksAuthor Commented:
OK, made change to OWA virtual directory, also warned me to change ECP also, which I did.  
Had to run a repair on Outlook to get "Access this account on the web." link to change, but it did.

Tried Outlook off network and still getting cert error because it's trying to connect to LLF-Mail

Output of above commands:
[PS] C:\Windows\system32>Get-OabVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Creating a new session for implicit remoting of "Get-OabVirtualDirectory" command...


Server      : LLF-MAIL
ExternalUrl : https://mail.lifeline-foods.com/OAB
InternalUrl : https://llf-mail.lifeline-foods.com/OAB



[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | Select Server,ExternalURL,InternalURL | fl


Server      : LLF-MAIL
ExternalUrl : https://mail.lifeline-foods.com/EWS/Exchange.asmx
InternalUrl : https://llf-mail.lifeline-foods.com/EWS/Exchange.asmx



[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory | select server,externalurl,internalurl | fl


Server      : LLF-MAIL
ExternalUrl : https://mail.lifeline-foods.com/Microsoft-Server-ActiveSync
InternalUrl : https://llf-mail.lifeline-foods.com/Microsoft-Server-ActiveSync



[PS] C:\Windows\system32>Get-ClientAccessServer | Select Name,AutoDiscoverServiceInternalURI

Name                                                        AutoDiscoverServiceInternalUri
----                                                        ------------------------------
LLF-MAIL                                                    https://autodiscover.lifeline-foods.com/AutoDiscover/Aut...
0
 
Berkson WeinTech FreelancerCommented:
I would change the internal urls just for consistency (except for autodiscover), though they should work with your wildcard cert.

Try that, IIS reset, then test over at the MS testing website and report back?
0
 
Chris ParksAuthor Commented:
I think that has corrected it.  Changed internal URLs, iisreset.  Connected to external network, launched Outlook and got SSL error.  Closed Outlook, repopened and didn't get error.  Closed Outlook, connected back to corp network, launched Outlook as normal, closed outlook.  Connected back to external network, launched Outlook and no error.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 5
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now