Get-ClientAccessServer | Set-ClientAccessServer –AutoDiscoverServiceInternalUri https://autodiscover.company.com/autodiscover/autodiscover.xml
Get-OabVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-WebServicesVirtualDirectory | fl server, Name,ExternalURL, InternalURL, *auth*
Get-EcpVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-ActiveSyncVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-OutlookAnywhere | fl server, Name, *hostname*, *auth*
Get-OwaVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Get-ClientAccessService | fl Name,OutlookAnywhereEnabled, AutodiscoverServiceInternalUri
Get-ExchangeCertificate | fl FriendlyName, Subject, CertificateDomains, Thumbprint, Services, Issuer, *not*
Get-MapiVirtualDirectory | fl server, Name,ExternalURL,InternalURL, *auth*
Get-OrganizationConfig | fl *mapi*
Get-ExchangeServer | fl *version*
>Get-OabVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Server : MAIL1
Name : OAB (Default Web Site)
ExternalUrl : https://mail.domain.com/OAB
InternalUrl : https://mail.domian.com/OAB
BasicAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : True
InternalAuthenticationMethods : {WindowsIntegrated, OAuth}
ExternalAuthenticationMethods : {WindowsIntegrated, OAuth}
>Get-WebServicesVirtualDirectory | fl server, Name,ExternalURL, InternalURL, *auth*
Server : MAIL1
Name : EWS (Default Web Site)
ExternalUrl : https://mail.domain.com/ews/exchange.asmx
InternalUrl : https://mail.domain.com/ews/exchange.asmx
CertificateAuthentication :
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated, WSSecurity, OAuth}
LiveIdNegotiateAuthentication :
WSSecurityAuthentication : True
LiveIdBasicAuthentication : False
BasicAuthentication : False
DigestAuthentication : False
WindowsAuthentication : True
OAuthAuthentication : True
AdfsAuthentication : False
>Get-EcpVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Server : MAIL1
Name : ecp (Default Web Site)
ExternalUrl : https://owa.domain.com/ecp
InternalUrl : https://owa.domain.com/ecp
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
>Get-ActiveSyncVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Server : MAIL1
Name : Microsoft-Server-ActiveSync (Default Web Site)
ExternalUrl : https://mail.domain.com/Microsoft-Server-ActiveSync
InternalUrl : https://mail.domain.com/Microsoft-Server-ActiveSync
MobileClientCertificateAuthorityURL :
BasicAuthEnabled : True
WindowsAuthEnabled : False
ClientCertAuth : Ignore
InternalAuthenticationMethods : {}
ExternalAuthenticationMethods : {}
>Get-OutlookAnywhere | fl server, Name, *hostname*, *auth*
Server : MAIL1
Name : Rpc (Default Web Site)
ExternalHostname :
InternalHostname : mail1.domain.com
ExternalClientAuthenticationMethod : Negotiate
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
>Get-OwaVirtualDirectory | fl server, Name, ExternalURL, InternalURL, *auth*
Server : MAIL1
Name : owa (Default Web Site)
ExternalUrl : https://mail.domain.com/owa
InternalUrl : https://mail.domain.com/owa
ClientAuthCleanupLevel : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication : True
WindowsAuthentication : False
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
>Get-ClientAccessService | fl Name,OutlookAnywhereEnabled, AutodiscoverServiceInternalUri
Get-ClientAccessService : The term 'Get-ClientAccessService' is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is
correct and try again.
At line:1 char:1
+ Get-ClientAccessService | fl Name,OutlookAnywhereEnabled, AutodiscoverServiceInt ...
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-ClientAccessService:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
>Get-ExchangeCertificate | fl FriendlyName, Subject, CertificateDomains, Thumbprint, Services, Issuer, *not*
FriendlyName : MDC2
Subject : CN=mail.domain.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
CertificateDomains : {mail.domain.com, AutoDiscover.domain.com, domain.com}
Thumbprint : 9D2A738EFC47E0E46F0097E5D513EF6F0CAAAF80
Services : IMAP, POP, IIS, SMTP
Issuer : CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, S=Greater
Manchester, C=GB
NotAfter : 11/20/2020 6:59:59 PM
NotBefore : 11/30/2017 7:00:00 PM
FriendlyName : Microsoft Exchange Server Auth Certificate
Subject : CN=Microsoft Exchange Server Auth Certificate
CertificateDomains : {}
Thumbprint : 2348C3313A4C3DECE012F37F44F6CE60C164CCCC
Services : SMTP
Issuer : CN=Microsoft Exchange Server Auth Certificate
NotAfter : 9/18/2022 7:32:00 PM
NotBefore : 10/14/2017 7:32:00 PM
FriendlyName : Microsoft Exchange
Subject : CN=MAIL1
CertificateDomains : {MAIL1, MAIL1.internal.local}
Thumbprint : 9E099202960CE740910675C2454F1DB59D1AAFB9
Services : IIS, SMTP
Issuer : CN=MAIL1
NotAfter : 10/14/2022 7:30:32 PM
NotBefore : 10/14/2017 7:30:32 PM
FriendlyName : WMSVC
Subject : CN=WMSvc-MAIL1
CertificateDomains : {WMSvc-MAIL1}
Thumbprint : 26526325AEDBF42A77A8B926A924B92B8267D7D3
Services : None
Issuer : CN=WMSvc-MAIL1
NotAfter : 10/12/2027 6:15:08 PM
NotBefore : 10/14/2017 6:15:08 PM
>Get-MapiVirtualDirectory | fl server, Name,ExternalURL,InternalURL, *auth*
Server : MAIL1
Name : mapi (Default Web Site)
ExternalUrl :
InternalUrl : https://mail1.internal.local/mapi
IISAuthenticationMethods : {Ntlm, OAuth, Negotiate}
InternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}
ExternalAuthenticationMethods : {Ntlm, OAuth, Negotiate}
>Get-OrganizationConfig | fl *mapi*
MapiHttpEnabled : False
>Get-ExchangeServer | fl *version*
AdminDisplayVersion : Version 15.0 (Build 1347.2)
ExchangeVersion : 0.1 (8.0.535.0)
>Set-OutlookAnywhere -Identity "Rpc (Default Web Site)" -ExternalHostname mail.domain.com -InternalHostname mail.domain.com -ExternalClientAuthenticationMethod Negotiate -InternalClientAuthenticationMe
thod NTLM -IISAuthenticationMethods Basic,NTLM,Negotiate
To configure the Outlook Anywhere feature with an ExternalHostname you must also specify the ExternalClientsRequireSsl parameter to indicate whether SSL is required.
+ CategoryInfo : InvalidArgument: (MAIL1\Rpc (Default Web Site):ADObjectId) [Set-OutlookAnywhere], ArgumentException
+ FullyQualifiedErrorId : [Server=MAIL1,RequestId=73e6501c-d315-40e3-a353-b38069cded69,TimeStamp=12/2/2017 8:23:21 AM] [FailureCategory=Cmdlet-ArgumentException] 9C5AAB75,Microsoft.Exchange.Management.SystemConfigurationTasks.SetRpcHttp
+ PSComputerName : mail1.internal.local
Set-OutlookAnywhere -Identity "Rpc (Default Web Site)" -ExternalHostname mail.domain.com -InternalHostname mail.domain.com -ExternalClientAuthenticationMethod NTLM -InternalClientAuthenticationMe
thod NTLM -IISAuthenticationMethods Basic,NTLM,Negotiate
as well run this:Set-MapiVirtualDirectory -Identity "mapi (Default Web Site)" -InternalUrl https://mail.domain.com/mapi -IISAuthenticationMethods Ntlm,Negotiate,OAuth
To configure the Outlook Anywhere feature with an ExternalHostname you must also specify the ExternalClientsRequireSsl parameter to indicate whether SSL is required.
+ CategoryInfo : InvalidArgument: (MAIL1\Rpc (Default Web Site):ADObjectId) [Set-OutlookAnywhere], ArgumentException
+ FullyQualifiedErrorId : [Server=MAIL1,RequestId=e3a92d75-0847-4ede-b60d-fa06daa4c92e,TimeStamp=12/5/2017 11:01:09 PM] [FailureCategory=Cmdlet-ArgumentException] 9E71919F,Microsoft.Exchange.Management.SystemConfigurationTasks.SetRpcHttp
+ PSComputerName : mail1.cpm.local
Set-OutlookAnywhere -Identity "Rpc (Default Web Site)" -ExternalHostname mail.domain.com -InternalHostname mail.domain.com -ExternalClientAuthenticationMethod NTLM -ExternalClientsRequireSsl $true -InternalClientAuthenticationMethod NTLM -IISAuthenticationMethods Basic,NTLM,Negotiate
Run this script with the option "( -get)" to get all the internal and externals URLs that uses your environment
https://gallery.technet.microsoft.com/office/Script-to-configure-the-5a58558b
if you see that internal AND external address needs set up or have something like "mail.domain.local" that won't match your "mail.domain.com" so the certificate will bring errors.
Just reset using the same script with the option (-set -urlpath "https://mail.yourdomain.com") and it will update all the internal registry. Also, make sure that internally and externally the "mail.yourdomain.com" is accessible. Let me know if it worked for your or if you have anything else going on
jose