Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Outlook Anywhere using internal URL

Posted on 2015-02-19
14
Medium Priority
?
511 Views
Last Modified: 2015-02-20
When users take their corporate domain laptops home and launch Outlook they get a certificate error.  The error references the internal name of the Exchange server not the external URL.  Also, in Outlook 2013 Account Settings, there is an "Access this account on the web." link that is also pointing to the internal name of the exchange server.  If this is clicked while off the corporate network, of course it cannot access OWA.
Capture6.JPG
0
Comment
Question by:Chris Parks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 2
  • +1
14 Comments
 

Expert Comment

by:CTselikis
ID: 40620088
What edition is your exchange server? Depending on the setup you may need to update or install an ssl certificate on your exchange server for external users.
0
 

Author Comment

by:Chris Parks
ID: 40620098
Sorry, more info.  Exchange 2013.  I do currently have a wildcard cert on the server that is imported and works fine for OWA.  It's doesn't seem to be an SSL issue, it's more of an Outlook Anywhere issue.  Why is Outlook anywhere using my internal URL instead of external URL?
0
 

Expert Comment

by:CTselikis
ID: 40620126
Under ECP > Servers > select your exchange server then click on the pencil and find outlook anywhere. What does it show listed for your config?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:Berkson Wein
ID: 40620246
What are the results of this command in powershell?

Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname,
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40620973
The best practise here is to use the external name everywhere.
So setup a split DNS system so the external name resolves internally, then change all of the host names to the external URL. That way everything appears the same to the end users, they can use the same URLs and you don't get odd certificate prompts.
http://semb.ee/hostnames2013

Simon.
0
 

Author Comment

by:Chris Parks
ID: 40621134
As far as I can tell I am using external name for Outlook Anywhere, see attachment.

I have seen references to Split DNS in my research, can you elaborate what that means/entails?
I do have my local DNS resolving the external name (mail) to the internal IP of server.

Result of Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname:
[PS] C:\Windows\system32>Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname

Server                                  ExternalHostname                        InternalHostname
------                                  ----------------                        ----------------
LLF-MAIL                                mail.lifeline-foods.com                 mail.lifeline-foods.com
Capture8.JPG
0
 
LVL 15

Expert Comment

by:Berkson Wein
ID: 40621379
What does
Get-OwaVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
show?

I believe that your screenshot that shows Outlook saying to goto your internal URL for OWA is caused by an incorrect External URL being set for OWA.

I looked your cert via OWA and it looks fine.  The autodiscover dns entry looks good too. Of course, we can't test autodiscover without credentials, but you can:
https://testconnectivity.microsoft.com/
do the outlook connectivity test and post (Redacted maybe) complete results.
0
 
LVL 15

Expert Comment

by:Berkson Wein
ID: 40621380
Or message me a test account that I can check out...
0
 

Author Comment

by:Chris Parks
ID: 40621392
Looks like you are correct on OWA, here is output:
[PS] C:\Windows\system32>Get-OwaVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Server      : LLF-MAIL
ExternalUrl :
InternalUrl : https://llf-mail.lifeline-foods.com/owa
0
 
LVL 15

Assisted Solution

by:Berkson Wein
Berkson Wein earned 2000 total points
ID: 40621443
let's start by fixing that

Set-OwaVirtualDirectory -Identity "YOURservername\owa (default web site)" -ExternalUrl https://mail.lifeline-foods.com/owa -InternalUrl https://mail.lifeline-foods.com/owa

You'll need an iisreset.

Check these too just to be safe.
Get-OabVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Get-WebServicesVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Get-ActiveSyncVirtualDirectory | select server,externalurl,internalurl | fl
Get-ClientAccessServer | Select Name,AutoDiscoverServiceInternalURI
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40621508
A split DNS basically means the external host name resolves internally to an internal IP address. You make a few changes to your internal DNS, modify Exchange with the correct URLs and you are good to go. The link in my first post explains what needs to be done.

Simon.
0
 

Author Comment

by:Chris Parks
ID: 40621532
OK, made change to OWA virtual directory, also warned me to change ECP also, which I did.  
Had to run a repair on Outlook to get "Access this account on the web." link to change, but it did.

Tried Outlook off network and still getting cert error because it's trying to connect to LLF-Mail

Output of above commands:
[PS] C:\Windows\system32>Get-OabVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Creating a new session for implicit remoting of "Get-OabVirtualDirectory" command...


Server      : LLF-MAIL
ExternalUrl : https://mail.lifeline-foods.com/OAB
InternalUrl : https://llf-mail.lifeline-foods.com/OAB



[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | Select Server,ExternalURL,InternalURL | fl


Server      : LLF-MAIL
ExternalUrl : https://mail.lifeline-foods.com/EWS/Exchange.asmx
InternalUrl : https://llf-mail.lifeline-foods.com/EWS/Exchange.asmx



[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory | select server,externalurl,internalurl | fl


Server      : LLF-MAIL
ExternalUrl : https://mail.lifeline-foods.com/Microsoft-Server-ActiveSync
InternalUrl : https://llf-mail.lifeline-foods.com/Microsoft-Server-ActiveSync



[PS] C:\Windows\system32>Get-ClientAccessServer | Select Name,AutoDiscoverServiceInternalURI

Name                                                        AutoDiscoverServiceInternalUri
----                                                        ------------------------------
LLF-MAIL                                                    https://autodiscover.lifeline-foods.com/AutoDiscover/Aut...
0
 
LVL 15

Accepted Solution

by:
Berkson Wein earned 2000 total points
ID: 40621543
I would change the internal urls just for consistency (except for autodiscover), though they should work with your wildcard cert.

Try that, IIS reset, then test over at the MS testing website and report back?
0
 

Author Comment

by:Chris Parks
ID: 40622066
I think that has corrected it.  Changed internal URLs, iisreset.  Connected to external network, launched Outlook and got SSL error.  Closed Outlook, repopened and didn't get error.  Closed Outlook, connected back to corp network, launched Outlook as normal, closed outlook.  Connected back to external network, launched Outlook and no error.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question