Exchange - alter internal domain

Per November 2015, certificates for internal domain names will no longer be trusted. If you are currently using an SSL certificate to protect internal domain names in your Exchange-implementation, such as for example the internal FQDN of the Client Access Server (for example: servername.domainname.local), you will have to convert the internal domain names to external domain names before the first of November 2015.

In Active Directory it is possible to migrate an internal Active Directory domain name to a registered external domain name. In doing so, the internal FQDN of your Exchange servers is changed, so they are redirected to a valid sub-domain of your registered external domain. For example: change servername.domainname.local to servername.domainname.dk. By doing so, it becomes possible to protect these domain names using a multi domain or wildcard certificate.

Redirecting to an External Domain

To update your Exchange server (version 2007 or higher), please execute the commands below in the Exchange Management Shell. When doing so, please replace the Server running the Client Access Role with your external domain name. The commands will update the URL's for:

  • the Autodiscover service
  • Exchange Web Services (EWS)
  • OWA Web-based Offline Address book

Prior to executing the commands, please make sure that a DNS record exists which contains the IP-address of the Exchange Client Access (CAS)-server.
Note: Each of the commands below should be executed on a separate line within the Exchange Management Console (EMC):

 Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomainname.nl/autodiscover/autodiscover.xml
Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomainname.nl/ews/exchange.asmx
Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomainname.nl/oab

Additional some of the following commands can be of use tooː

Set-ActiveSyncVirtualDirectory –Identity "HostName\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl https://mail.yourdomainname.nl/Microsoft-Server-ActiveSync
Set-EcpVirtualDirectory -Identity " HostName\ecp (Default Web Site)" -InternalUrl https://mail.yourdomainname.nl/ecp
Set-OWAVirtualDirectory -Identity " HostName\owa (Default Web Site)" -InternalUrl https://mail.yourdomainname.nl/owa

Note: The following command is only valid for an Exchange 2007 set-up. Exchange 2010 and greater don't have this command anymore. This command has been replaced by the WebServices URL.

Set-UMVirtualDirectory -Identity "HostName\unifiedmessaging (Default Web Site)" -InternalUrl https://mail.yourdomainname.nl/unifiedmessaging/service.asmx

Recycle the IIS Application Pools

In order to make the commands above effective, you have to recycle the Application Pools in IIS.

  1. Open the IIS Manager by clicking on Start, Run. Enter inetmgr and press Enter.
  2. Expand the server and Application Pools, right-click MSExchangeAutodiscoverAppPool and select Recycle.

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up