Announcement

Collapse
No announcement yet.

Certificates and virtual servers in Exchange 2010

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Certificates and virtual servers in Exchange 2010

    Hello,

    I am reading that you can use SAN certificates to map all the services you are woing to publish, so, these certificates:

    -mail.domain.com , for OWA.
    -outlookanywhere.domain.com, for Outook Anywhere.
    -Activesync.domain.com , for Exchange ActiveSync.
    -autodiscover.domain.com , for the Autodiscover service.

    But I don't understand something:

    The virtual directories (ActiveSync, Outlook Anywhere, OWA...) are all inside the default site in IIS, therefore, I thought that the external connected client would go for:

    -https://mail.domain.com/owa
    -https://mail.domain.com/Outlook-Anywhere.
    -https://mail.domain.com/Microsoft-ActiveSync.

    and not:

    -https://mail.domain.com/owa
    -https://outlookanywhere.domain.com
    -https://Microsoft-ActiveSync.domain.com


    I am a bit mixed up here.
    -
    Madrid (Spain).

  • #2
    Re: Certificates and virtual servers in Exchange 2010

    What you have said is perfectly correct.
    The separate host names is just DNS, which can be handled by IIS quite happily.
    You configure Exchange with the relevant host names and then Autodiscover will hand out the correct name to the client.

    However there is nothing you can do to stop a user from accessing OWA etc with the "wrong" name. On most Exchange 2007 and higher implementations you can access OWA with https://autodiscover.example.com/owa and get logged in. Exchange will "correct" the URL, but it will work.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Certificates and virtual servers in Exchange 2010

      Thanks Sembee.

      So, the client (in the WAN) types "https://anywhere.domain.com" in his outlook settings outside the office, and he will be accessing to: "https://mail.domain.com/rpc" ?. I think that "rpc" is the virtual directory for Outlook anywhere.

      Sorry if it is too basic a question.

      Thanks again!
      -
      Madrid (Spain).

      Comment


      • #4
        Re: Certificates and virtual servers in Exchange 2010

        Clients shouldn't be entering anything manually.
        For all functionality within Exchange 2010, Autodiscover should be allowed to configure the clients.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Certificates and virtual servers in Exchange 2010

          Thanks Sembee.

          I am a newcomer to Exchange, sorry.

          So...

          If I , from the WAN, type into my outlook settings (to connect with outlook anyhwere) : "https://mail.mydomain.com" and below that: "msstd:mail.domain.com" , would that work ?

          I mean:

          1.The certificate in TMG Firewall is "mail.domain.com"
          2.There is a public dns record "mail.domain.com" pointing to my public ip.
          3.The certificate in the RPC IIS virtual server is also "mail.domain.com"

          Would this work?.
          -
          Madrid (Spain).

          Comment


          • #6
            Re: Certificates and virtual servers in Exchange 2010

            That is exactly what I do with older clients
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Certificates and virtual servers in Exchange 2010

              Thanks a lot.

              Sorry guys, I am still all mixed up.

              Trying to make sense of all the IIS and Certificates thing.

              I am used to working with Certificates, but from the WAN, I am confused as to how Clients call ActiveSync, Outlook Anywhere, and Autodiscoery.

              I am reading a good deal about it, there are many links out there.
              Last edited by loureed4; 9th April 2015, 09:26.
              -
              Madrid (Spain).

              Comment


              • #8
                Re: Certificates and virtual servers in Exchange 2010

                If the clients are Outlook 2003 then you need to manually configure things.
                If they are Outlook 2007 or higher then you need to use Autodiscover.
                Autodiscover is NOT an optional function.

                Autodiscover works by the client doing some queries against information it knows - the end user email address.

                So if the user is [email protected]

                then Autodiscover will try a number of predefined URLs in the domain example.com. The most commonly used one is Autodiscover.example.com which you should have pointing to your Exchange server AND be listed as one of the additional URLs within the trusted SSL certificate.

                That will apply to Outlook.

                For ActiveSync, while in theory it should use the same process, in practise it rarely does. That is because of the way the mobile phone vendors have implemented their ActiveSync client. That will mean entering manual information, usually the server address (mail.example.com), the domain name and username.

                Simon.
                --
                Simon Butler
                Exchange MVP

                Blog: http://blog.sembee.co.uk/
                More Exchange Content: http://exchange.sembee.info/
                Exchange Resources List: http://exbpa.com/
                In the UK? Hire me: http://www.sembee.co.uk/

                Sembee is a registered trademark, used here with permission.

                Comment


                • #9
                  Re: Certificates and virtual servers in Exchange 2010

                  Wow!, thanks a lot Sembee, that was very informative.

                  MANY THANKS!
                  -
                  Madrid (Spain).

                  Comment

                  Working...
                  X