Exchange Server 2016 Lab

[shimabuku]

I need help guys. Stood up an Exchange Server 2016 in my lab and everything works as it should except for autodiscover internally. When I launch Outlook internally the security alert popup that states "The name on the security certificate is invalid or does not match the name of the site." Which is a correct error because when I view the ceritifcate it is for mail.example.com. It is trying to autodiscover the FQDN of the actual exchange server which is ex01.example.com. I tried the below guide and setting the internal uri but that didn't help. Any help would be greatly appreciated. Thanks!

Certificate Warning in Outlook After Installing Exchange 2016

Edit: Externally, everything works fine.

 

[azev]

Did you test from your client to ensure that the changes you made to autodiscover internal uri actually work ??
You can hold control and right click on the outlook icon taskbar and click on test email auto configuration.
Anyway you are in the correct direction and just make sure the changes to the internal uri actually take place.

 

[j_h_o]

Set the internal and external hostnames.

Open PowerShell:
Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname
Get-ClientAccessServer | Select Name,AutoDiscoverServiceInternalURI

and use Set-OutlookAnywhere -ExternalHostname and -InternalHostname and
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://whatever...

 

[vrod]

Internally, make a DNS record for the Exchange server to point to the same name as users see it outside...

External DNS: mail.test.com -> 1.2.3.4
Internal DNS: mail.test.com -> 192.168.1.2

Do the same for autodiscover as well.

I used this script (from a german site) to streamline the URL change for all the URLs and services... You can adjust it to your real exchange name and you should be good.

Spoiler: Exchange url script

#Hostname für Exchange Webservices, OWA, Outlook Anywhere, Active Sync:
$OutlookHostname = "mail.test.com"
#Hostname für Autodiscover:
$AutodiscoverHostname = "autodiscover.test.com"

#OWA
$owa = "https://" + "$OutlookHostname" + "/owa"
write-host "OWA URL:" $owa
Get-OwaVirtualDirectory -Server $env:computername | Set-OwaVirtualDirectory -internalurl $owa -externalurl $owa -wa 0

#ECP
$ecp = "https://" + "$OutlookHostname" + "/ecp"
write-host "ECP URL:" $ecp
Get-EcpVirtualDirectory -server $env:computername| Set-EcpVirtualDirectory -internalurl $ecp -externalurl $ecp

#EWS
$ews = "https://" + "$OutlookHostname" + "/EWS/Exchange.asmx"
write-host "EWS URL:" $ews
Get-WebServicesVirtualDirectory -server $env:computername | Set-WebServicesVirtualDirectory -internalurl $ews -externalurl $ews -confirm:$false -force

#ActiveSync
$eas = "https://" + "$OutlookHostname" + "/Microsoft-Server-ActiveSync"
write-host "ActiveSync URL:" $eas
Get-ActiveSyncVirtualDirectory -Server $env:computername | Set-ActiveSyncVirtualDirectory -internalurl $eas -externalurl $eas

#OfflineAdressbuch
$oab = "https://" + "$OutlookHostname" + "/OAB"
write-host "OAB URL:" $oab
Get-OabVirtualDirectory -Server $env:computername | Set-OabVirtualDirectory -internalurl $oab -externalurl $oab

#MAPIoverHTTP
$mapi = "https://" + "$OutlookHostname" + "/mapi"
write-host "MAPI URL:" $mapi
Get-MapiVirtualDirectory -Server $env:computername| Set-MapiVirtualDirectory -externalurl $mapi -internalurl $mapi

#Outlook Anywhere (RPCoverhTTP)
write-host "OA Hostname:" $OutlookHostname
Get-OutlookAnywhere -Server $env:computername| Set-OutlookAnywhere -externalhostname $OutlookHostname -internalhostname $OutlookHostname -ExternalClientsRequireSsl:$true -InternalClientsRequireSsl:$true -ExternalClientAuthenticationMethod 'Negotiate' -wa 0

#Autodiscover SCP
$autodiscover = "https://" + "$AutodiscoverHostname" + "/Autodiscover/Autodiscover.xml"
write-host "Autodiscover URL:" $autodiscover
Get-ClientAccessService $env:computername | Set-ClientAccessService -AutoDiscoverServiceInternalUri $autodiscover