Reconfiguring Microsoft Exchange Server to Use a Fully Qualified Domain Name and adding a host record in the DNS to map the FQDN

I recently had to update my SSL certificate through but after doing so my user are getting a security alert.  I know this is for my .local SSL certificate.  I'm being told I need to reconfigure my Exchange Server 2010 to use a FQDN but the step they sent me are a little confusing plus I need to add a host A record in the DNS to map the FQDN.  My wemail is working with the new SSL because it already has a FQDN.

Do I need to create a new Forward Lookup Zone as a .org and then add the Host (A) record of the exchange servers IP address to that zone?
Will this mess with the DNS on my .local?

Instruction to resolve the FQDN issue, change the URLs for the appropriate Exchange 2007 or 2010 components. To do this, follow these steps:
Note This resolution has to be applied by an administrator. If you are not the administrator, contact your administrator.
1.      Start the Exchange Management Shell.

2.      Change the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To change this URL, type the following command, and then press Enter:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUrl
3.      Change the InternalUrl attribute of the EWS. To do this, type the following command, and then press Enter:
Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl

4.      Change the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press Enter:
Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl

5.      Change the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press Enter:
Set-UMVirtualDirectory -Identity "CAS_Server_Name\unifiedmessaging (Default Web Site)" -InternalUrl

Note This command is required only in an  Exchange 2007 environment. This command no longer exists in an Exchange 2010 environment. Instead, the WebServices URL is used for this purpose. Therefore, if you are using Exchange 2010, you can skip this step, as the WebServices URL should have been changed in step 3.

6.      Open IIS Manager. For more information about how to do this, see How to: Open IIS Manager.

7.      Expand the local computer, and then expand Application Pools.

8.      Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

Important These steps assume that a host record exists in the DNS to map the FQDN that you specify to the IP address of the CAS server. For example, consider the following scenario:
The original internal URLs for the Exchange components point to the internal FQDN of the server. For example, one of these URLs points to the following:
The FQDN that is specified on the certificate points to the externally accessed host name of the server. For example, the certificate specifies an FQDN, such as ""  In this scenario, you must add a host record for the mail host name that is mapped to the internally accessed IP address of the CAS server to let internal clients access the server.

I want to make this is correct and that it will not down my users.   Or could I just remove the local certificate from the exchange server, will this resolve the security alert?  What would be the best course of action for me to take?
Rob TimmermansIT SpecialistAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
You not only have to configure your virtual directories you also need to setup Split DNS on your internal DNS/DC servers. I have a complete HowTo on my site with all of the steps. See the link below...

You also need to make sure that you Enable the certificate on ALL of your CAS servers as well. Look at the Exchange HowTo as i have also illustrated how to do this.

Rob TimmermansIT SpecialistAuthor Commented:

Your instructions are for Exchange 2013 are they the same for Exchange 2010?  How will this effect my current domain in a .local?

Will SzymkowskiSenior Solution ArchitectCommented:
The Split DNS section of the link is not Exchange specific. From the bottom half where i outline the Virtual Directory Modifications the only section that would not apply to Exchange 2010 is the set-MapiVirtualDirectory (which it the last step). All other virtual directories are configured the same.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.