Outlook Anywhere using internal URL

When users take their corporate domain laptops home and launch Outlook they get a certificate error.  The error references the internal name of the Exchange server not the external URL.  Also, in Outlook 2013 Account Settings, there is an "Access this account on the web." link that is also pointing to the internal name of the exchange server.  If this is clicked while off the corporate network, of course it cannot access OWA.
Capture6.JPG
Chris ParksIT ManagerAsked:
Who is Participating?
 
Berkson WeinConnect With a Mentor Tech FreelancerCommented:
I would change the internal urls just for consistency (except for autodiscover), though they should work with your wildcard cert.

Try that, IIS reset, then test over at the MS testing website and report back?
0
 
CTselikisCommented:
What edition is your exchange server? Depending on the setup you may need to update or install an ssl certificate on your exchange server for external users.
0
 
Chris ParksIT ManagerAuthor Commented:
Sorry, more info.  Exchange 2013.  I do currently have a wildcard cert on the server that is imported and works fine for OWA.  It's doesn't seem to be an SSL issue, it's more of an Outlook Anywhere issue.  Why is Outlook anywhere using my internal URL instead of external URL?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
CTselikisCommented:
Under ECP > Servers > select your exchange server then click on the pencil and find outlook anywhere. What does it show listed for your config?
0
 
Berkson WeinTech FreelancerCommented:
What are the results of this command in powershell?

Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname,
0
 
Simon Butler (Sembee)ConsultantCommented:
The best practise here is to use the external name everywhere.
So setup a split DNS system so the external name resolves internally, then change all of the host names to the external URL. That way everything appears the same to the end users, they can use the same URLs and you don't get odd certificate prompts.
http://semb.ee/hostnames2013

Simon.
0
 
Chris ParksIT ManagerAuthor Commented:
As far as I can tell I am using external name for Outlook Anywhere, see attachment.

I have seen references to Split DNS in my research, can you elaborate what that means/entails?
I do have my local DNS resolving the external name (mail) to the internal IP of server.

Result of Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname:
[PS] C:\Windows\system32>Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname

Server                                  ExternalHostname                        InternalHostname
------                                  ----------------                        ----------------
LLF-MAIL                                mail.lifeline-foods.com                 mail.lifeline-foods.com
Capture8.JPG
0
 
Berkson WeinTech FreelancerCommented:
What does
Get-OwaVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
show?

I believe that your screenshot that shows Outlook saying to goto your internal URL for OWA is caused by an incorrect External URL being set for OWA.

I looked your cert via OWA and it looks fine.  The autodiscover dns entry looks good too. Of course, we can't test autodiscover without credentials, but you can:
https://testconnectivity.microsoft.com/
do the outlook connectivity test and post (Redacted maybe) complete results.
0
 
Berkson WeinTech FreelancerCommented:
Or message me a test account that I can check out...
0
 
Chris ParksIT ManagerAuthor Commented:
Looks like you are correct on OWA, here is output:
[PS] C:\Windows\system32>Get-OwaVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Server      : LLF-MAIL
ExternalUrl :
InternalUrl : https://llf-mail.lifeline-foods.com/owa
0
 
Berkson WeinConnect With a Mentor Tech FreelancerCommented:
let's start by fixing that

Set-OwaVirtualDirectory -Identity "YOURservername\owa (default web site)" -ExternalUrl https://mail.lifeline-foods.com/owa -InternalUrl https://mail.lifeline-foods.com/owa

You'll need an iisreset.

Check these too just to be safe.
Get-OabVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Get-WebServicesVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Get-ActiveSyncVirtualDirectory | select server,externalurl,internalurl | fl
Get-ClientAccessServer | Select Name,AutoDiscoverServiceInternalURI
0
 
Simon Butler (Sembee)ConsultantCommented:
A split DNS basically means the external host name resolves internally to an internal IP address. You make a few changes to your internal DNS, modify Exchange with the correct URLs and you are good to go. The link in my first post explains what needs to be done.

Simon.
0
 
Chris ParksIT ManagerAuthor Commented:
OK, made change to OWA virtual directory, also warned me to change ECP also, which I did.  
Had to run a repair on Outlook to get "Access this account on the web." link to change, but it did.

Tried Outlook off network and still getting cert error because it's trying to connect to LLF-Mail

Output of above commands:
[PS] C:\Windows\system32>Get-OabVirtualDirectory | Select Server,ExternalURL,InternalURL | fl
Creating a new session for implicit remoting of "Get-OabVirtualDirectory" command...


Server      : LLF-MAIL
ExternalUrl : https://mail.lifeline-foods.com/OAB
InternalUrl : https://llf-mail.lifeline-foods.com/OAB



[PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | Select Server,ExternalURL,InternalURL | fl


Server      : LLF-MAIL
ExternalUrl : https://mail.lifeline-foods.com/EWS/Exchange.asmx
InternalUrl : https://llf-mail.lifeline-foods.com/EWS/Exchange.asmx



[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory | select server,externalurl,internalurl | fl


Server      : LLF-MAIL
ExternalUrl : https://mail.lifeline-foods.com/Microsoft-Server-ActiveSync
InternalUrl : https://llf-mail.lifeline-foods.com/Microsoft-Server-ActiveSync



[PS] C:\Windows\system32>Get-ClientAccessServer | Select Name,AutoDiscoverServiceInternalURI

Name                                                        AutoDiscoverServiceInternalUri
----                                                        ------------------------------
LLF-MAIL                                                    https://autodiscover.lifeline-foods.com/AutoDiscover/Aut...
0
 
Chris ParksIT ManagerAuthor Commented:
I think that has corrected it.  Changed internal URLs, iisreset.  Connected to external network, launched Outlook and got SSL error.  Closed Outlook, repopened and didn't get error.  Closed Outlook, connected back to corp network, launched Outlook as normal, closed outlook.  Connected back to external network, launched Outlook and no error.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.