logo logo

Exchange mismatch internal server / Outlook popup / SSL certificate contains internal names

For those who don’t know, we can no longer use internal domain names like server.domain.local as of 2015. The people who manage SSLs decided that is no longer accepted.

This poses a problem for many of our SSLs where we use that to avoid internal resolution issues as now any Outlook connecting to server.domain.local will pop up a message error constantly.

These are the steps I’ve done to fix it in the past combined with a related issue today.

  1. Check the internal DNS on the server and make sure the correct address is there. I will use remote.domain.com.
  2. Open the EMC and navigate to Server Configuration, Client Access. On the tabs at the bottom, go to the properties of OWA, ECP, Exchange Activesync, Offline Address book, POP3, and IMAP4. Change the internal and external address to
    1. OWA: https://remote.domain.com/owa
    2. ECP: https://remote.domain.com/ecp
    3. Activesync: https://remote.domain.com/Microsoft-Server-ActiveSync
    4. OAB: http://remote.domain.com/OAB
    5. POP3 and IMAP4 did not have to be updated but the Authentication tab X 509 cert name was remote.domain.com
  3. Open Exchange Shell as admin and run the following commands. Replace “CAS1″ with the name of the server in question (such as server) and any URLs with the correction like remote.domain.com.Get-ClientAccessServer - Identity server | fl
    Look at the AutodiscvoerServiceInternalUri and if it is looking internally update it with the following
    Set-ClientAccessServer -Identity CAS1 -AutodiscoverServiceInternalUri https://remote.domain.com/autodiscover/autodiscover.xml
    Get-WebServicesVirtualDirectory | fl
    Look at the internal URL setting and update if wrong:
    Set-WebServicesVirtualDirectory -Identity "CAS1\EWS (Default Web Site)" -InternalUrl https://webmail.mycompany.com/ews/exchange.asmx
    Get-OABVirtualDirectory | fl
    Check internal URL and correct if wrong:
    Set-OABVirtualDirectory -Identity "CAS1\oab (Default Web Site)" -InternalUrl https://webmail.mycompany.com/oab
    This last one isn't normally used and is for Unified Messaging. I did not want to leave it out.
    Set-UMVirtualDirectory -Identity "CAS1\unifiedmessaging (Default Web Site)" -InternalUrl https://webmail.mycompany.com/unifiedmessaging/service.asmx
  4. When done, close the user’s Outlook.
  5. Run iisreset from cmd as admin on the server.
  6. Test Outlook by leaving it open for a few minutes. At this point my issue was resolved.
  7. You may also need to restart all exchange services or reboot the server. I did not have to.Keep in mind I already had a Trusted SSL installed with the matching URL of remote.domain.com installed on IIS. Most of our servers are set up this way.