Want to configure outlook anywhere with external host ( dyndns) to access the emails remotely.

I am up with a task of setting up Exchange 2013 and configuring Outlook anywhere to access the emails remotely with external host name from dyndns. I have installed the Exchange 2013 and flow of email is fine for the test user. I am facing issue with outlook anywhere for my remote user. I need assistance to resolve this issue.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What is the issue?
Have you set it up and it does not work or do you need to know how to set it up?

One other point, if you have an Exchange server then you must own a domain name and presumably a static IP on your mail server, why do you need to use DYDNS?

Andy MIT Systems ManagerCommented:
Outlook anywhere and newer versions of Outlook typically require an SSL certificate in order to work correctly. As you are using dyndns this is probably not going to be an option unless dyndns can provide you with one to install onto your server and even then Exchange may not like having a dynamic IP address.

As it stands to my knowledge you either will need a static external IP with a proper domain host record and SSL certificate for your Exchange server or alternatively the remote user will need to VPN onto the network and then connect via Outlook.
zeeadminAuthor Commented:
I have set it up, but was not successful in configuring the outlook anywhere on my user's computer.
We have many remote users who has to connect to our exchange from remote site. We want to achieve it without the VPN.  This is what the outlook anywhere has to play a role.

While configuring the outlook, i get the certificate errors.

Going through the forums, i found that external SSL Certificate  is a must for outlook anywhere to work with external host names.  I wanted to use the external host name from dyndns for outlook anywhere eg: mail.dyndns.org  Going further i found that SSL Certificate will not support dyndns host name and so to have a own registered domain name.

Well, is it possible to have a own registered Domain and buy a Dyn's Standard DNS service to take care of the resolution for our domain, where the client updater will be installed in our network to update the IP to the Dyn's server, by doing so, i will not be needing the Public Static IP. will the SSL Certificate work with this?

Has anyone successfully configured the Outlook anywhere similar to my scenario?

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!


You must have the following to make this work. No work arounds

Static IP
SSL certificate for YOUR domain name, say webmail.yourdomain.co.uk
Get your DNS holder or use your CPanel to create a DNS entry to your static IP address for webmail.yourdomain.co.uk.

Load the SSL Certificate to IIS on your exchange server and configure it to be the HTTPS Certificate.

Sounds like you know how to do set up the Outlook side.

Works like a dream.

Simon Butler (Sembee)ConsultantCommented:
Have to disagree with the above.
It can be done with a dynamic IP address, and with a standard Dynamic DNS name.

The way to do it is configure the Dynamic DNS service as normal, with the updating tool etc.
Then configure a host name in your OWN domain to CNAME to the dynamic DNS service.
So mail.example.com maps to CNAME host.dyn.com
Get the SSL certificate for your own host name.

Also works for Autodiscover and inbound email as well.


I see where you are coming from but all this needs is a static IP address, if you own an Exchange 2013 server you should have one anyway. Seem a lot of hard work just for the sake of asking for a Static IP address. Every thing else is the same.

Simon Butler (Sembee)ConsultantCommented:
Static IPs are not always available. Until a few years ago I had no option but to have a dynamic address - the only fibre ISP simply didn't offer the option.

Therefore this:

"You must have the following to make this work. No work arounds
 Static IP"

Isn't correct.

zeeadminAuthor Commented:
Thanks everybody here for the suggestions.

As per the idea mentioned above, I registered a own domain name in godaddy and created a CNAME eg: Mail and pointed to the address of the dyn.com server address as provided by them. Before that, i have also purchased the Standard DYN DNS service to resolve my domain name. A client updater App is installed on the Exchange server which will keep updating the Dyn Server. So no public IP  & no dyndns host name used.

I also purchased a trial SSL Certificate to test for my domain name, the external hostname used for the outlook anywhere.

My outlook anywhere was configured on the outlook perfectly and also it is working fine .

Simon Butler, your direction was right. Now tested from the remote site, working well, need to take to the local site where exchange server is available  and test.

Will update soon.


I do not accept this, he will end up with a Dynamic IP address that's on a Blacklist and will therefore not be able to send Mail. As I said if you own an Exchange Server you need a Static IP address, Best Practise, why take a chance. We get our Static IP free from our ISP, it does annoy me some providers charge for it as you have to have a least one. We have a busy network and have 14 all FOC.

Simon Butler (Sembee)ConsultantCommented:
Problems with email delivery on a dynamic IP address are well documented and easily avoided using a smart host. A dynamic address is not the barrier it seems to many.
Not all providers charge for static address, some simply do not make them available at all, so you have no choice.
You need to work with what you have.

zeeadminAuthor Commented:

My outlook anywhere works perfectly without any issue from the remote site. But it throws the Security Alert as attached here when the user brings his Laptop and uses the outlook in the network where the exchange is physically located.

Please guide me resolve this issue.

zeeadminAuthor Commented:
I spoke to the SSL Certificate provider to seek some help as my SSL Certificate is from them. He is asking me to purchase the UCC SSL Certificate for my Exchange. But i found this certificate is too costly. Is it necessary to go for this certificate?

Simon Butler (Sembee)ConsultantCommented:
Depends on the issuer.
You can get UC type certificates from various sources for $80/year.

If your external DNS provider supports SRV records then you can use those for Autodiscover, but a UC type is the most reliable - particularly if you are going to use ActiveSync.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.