Internal and External Virtual Directory for 2 EX2016 servers

Quick scenario breakdown

4 2010 exchange servers

Primary 2010 - A - Outlook Anywhere enabled

Offsite 2010 (B and C) - with internal replays to the primary A - outlook anywhere not enabled

DR exchange for failover -D - outlook anywhere not enabled

2 new Exchange 2016

Primary 1 exchange 2016 - outlook anywhere enabled

DR exchange 2016 for failover 2 - outlook anywhere enabled - different autodiscover name

We installed our new exchange with no problems and just moved the DNS OWA record from Primary A (ex2010) to Primary 1 (ex2016).  The next day, I get reports that exchange B and C (both 2010 with internal relays to Primary A) are not able to connect to exchange outside of our network. Quick work around for this was moving them to the new exchange 2016.

I go to install the DR exchange 2016 (2) and I get a .local cert error from hell. This thing was killing me for 2 weeks. Finally figured out that I need a cname to point from to Then I changed all the internal URL's from .local to .com. This fixed the issue.

I still get users externally trying to connect to the, but the fix for this is just adding the external URL to all the virtual directory.

So what is the point of this long explanation. My question:

If I have Primary exchange A and Primary exchange 1 (2010 and 2016) pointing to the same (cname is to Can I point to the in the virtual directory? Or do i have to make a new cname with a different path? If I do change it to the, do i have to reboot the server or just the iis?

Can I make EX2010 B and C external URL point to and leave outlook anywhere disabled?

Also, is there a way to turn off MAPI by server?  
I read this blog article, but didnt understand much of it:

Thanks for the help in advance.
Kenny PlacidoSr System AdministratorAsked:
Who is Participating?
Kenny PlacidoConnect With a Mentor Sr System AdministratorAuthor Commented:
Setting all ex2016 to the same owa address worked. Also, enabling outlook anywhere on the old legacy B and C worked.
Mapi over http is new protocol started wiith exchange 2013 SP1 which eliminates RPC-HTTPS and exchange 2010 don't support it.
Exchange 2016 try to use mapi over http if client supports and if client did not supports (there are some patch work is required for outlook 2013, 2016 outlook natively supports it), it will fall back to RPC-HTTPS
long story short - no need to disable mapi-http protocol should point to exchange 2016 boxes only and not 2010 boxes

how your DAG is configured?
do you have extended it to DR, in that case DR virtual directory URLs also should point to and in turn it should point to primary site 2016 servers only

final thing:
if outlook anywhere is not enabled on exchange 2010 CAS server (B and C) and if user mailbox remain in that location, how user will connect to that mailbox with outlook anywhere from external network?
basically you will need to enable Outlook Anywhere on your legacy Client Access servers and enable NTLM in addition to basic authentication for the IIS Authentication Method.
Kenny PlacidoSr System AdministratorAuthor Commented:
There are 2 DAGs setup. One for the old 2010 machines and 1 for the new 2016. They are separate. Could I still set the new DR 2016 exchange VD URLs to

The users are unable to connect externally if they are B and C (CAS Server). I was thinking about enabling outlook anywhere on those servers. Do I point it to the same I would have to do the same for the exchange 2010 VD URLs, correct?
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

MaheshConnect With a Mentor ArchitectCommented:
VD URLs should point to (primary site 2016 servers only)
In case of DR activation, URL will point to dr exchange server and that should be manual task
Kenny PlacidoSr System AdministratorAuthor Commented:
For DR exchange server, I have it pointing to itself and set the internal VDs to do the same. So far, nothing has gone wrong with that.

As for site b and c (correct me if im wrong), I should enabled outlook anywhere and point the external url to with NTLM. THe external URL for the VD will be and the internal urls will or True?
if you accepted solution in my comments only, then why you want to close question this way, you can directly select my comment as answer....
Kenny PlacidoSr System AdministratorAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.