Exchange 2010 Local Host Certification

You need to
- Configure your local DNS to resolve to the Exchange server's internal IP (e.g. mail.domain.com -> 10.0.0.15)
- configure the internal URLs to match the External URLs on the CAS role (e.g. the internal URL for OWA would be https://mail.domain.com/owa)

Here's a script that will take care of the Exchange configuration. Run it from EMS. Just enter the external URL and it will configure all the internal URLs (e.g. enter https://mail.domain.com)

$urlpath = Read-Host "Type internal Client Access FQDN starting with http:// or https://" 

Get-ClientAccessServer –Identity * | Set-ClientAccessServer –AutodiscoverServiceInternalUri "$urlpath/autodiscover/autodiscover.xml"
Set-webservicesvirtualdirectory –Identity * –internalurl "$urlpath/ews/exchange.asmx"
Set-oabvirtualdirectory –Identity * –internalurl "$urlpath/oab"
Set-owavirtualdirectory –Identity * –internalurl "$urlpath/owa"
Set-ecpvirtualdirectory –Identity * –internalurl "$urlpath/ecp"
Set-ActiveSyncVirtualDirectory -Identity * -InternalUrl "$urlpath/Microsoft-Server-ActiveSync"

Select allOpen in new window

Thanks for the feedback
I did try this, but then Outlook crashed because all were set up to go to the local domain name server.  

exchange.local.pri

I tried to reset my Outlook and it kept trying to pull the Local even though I had removed Autodiscover.local.pri from DNS...

Was there maybe something I was missing there?  Or will I still need to hit every PC?
Thank you

Certification Authorities stared warning people about this 4 years ago, so you had lots of warning. Exchange is quite happy to use a different address than your lan i.e. mydomain.guru (public) and corp.mydomain.local (internal)

I did try this, but then Outlook crashed because all were set up to go to the local domain name server.

The first and crucial step is to create the public DNS name in your internal DNS server and point it to your Exchange server. Then you can change the URLs.

I tried to reset my Outlook and it kept trying to pull the Local even though I had removed Autodiscover.local.pri from DNS...

This is because Outlook is pulling the info from AD. You only need the autodiscover record for non-domain joined devices or where the domain is not reachable. The Set-ClientAccessServer –AutodiscoverServiceInternalUri is what configures Active Directory's autodiscover settings that Outlook gets.

did you restart your CAS  did you add a proper autodiscover in your dns? if managed externally it may take time to propagate check your TTL settings..

I have the DNS set up and will be making the name change on the Exchange server tomorrow.  Thanks for all the assistance...

I created the DNS Forward Lookup, for my external.com.  I then added A records for EXCHANGE and AutoDiscover to point to my internal IP Address.  Added a CNAME in my Internl.local zone to point to AutoDiscover.external.com and added A Record in .external.com for AutoDiscover.  

When I ping EXCHANGE.external.com, it resolves to my internal IP address.  
When I ping AutoDiscover, it resolves to AutoDiscover.external.com and back to my internal IP address for Mail Server

Made the above changes on the exchange server, but Outlook PCs is still pointing to exchange.internal.local and I am still getting the Cert error.  Never knocked Outlook offline like it did the last time I tried to change the Identities on the Exchange server.

I have booted both the Exchange Server and DNS Server since making the changes.  I have also reconfigured Outlook on my machine, but it still resolves back to Exchange.internal.local

Totally stumped...What could I have missed??