Sign in
 
HomeOnline20132010Other VersionsLibraryForumsGalleryEHLO Blog
TechCenter >
Should ALL of these internalUrls point to the casarray dns name?

Answered Should ALL of these internalUrls point to the casarray dns name?

  • Sunday, February 19, 2012 12:10 PM
     
     
    Sign In to Vote
    0
    Mail.domain.com is the CasArray name in DNS.
    I have changed the owa and ecp internal,external urls to be https://mail.domain.com/owa and https://mail.domain.com/ecp respectively.
    My question is, when I run the following cmdlets, the internalurl returned, by default, points to the individual Cas server and not mail.domain.com.
    Should I change ALL of them to point to https://mail.domain.com ???


    get-webservicesvirtualdirectory
    get-oabvirtualdirectory
    get-activesyncvirtualdirectory
    get-ClientAccessServer |fl autodiscoverserviceinternaluri

    Anand_N

     

All Replies

  • Sunday, February 19, 2012 2:49 PM
    Moderator
     
     Answered
    Sign In to Vote
    1

    I would set all to the NLB name except the activesync URL. Really no point in changing the internalURL for that. The externalURL however for activesync should be set to the FQDN that external mobile clients connect to ( and setting the externalURL for activesync is the value they will get from activesync autodiscovery)

    The externalURLs for OAB and web services should be set to the external FQDN as well.

    • Marked As Answer by Anand_N Friday, February 24, 2012 4:48 PM
    •  
     
  • Sunday, February 19, 2012 4:39 PM
     
     
    Sign In to Vote
    0
    Is it true to say that the InternalUrl is only used by clients that are able to query active directory?

    Anand_N

     
  • Sunday, February 19, 2012 4:45 PM
    Moderator
     
     Proposed Answer
    Sign In to Vote
    1
    Is it true to say that the InternalUrl is only used by clients that are able to query active directory?

    Anand_N

    Yes, The InternalURLs are really for domain-joined processes and Lookups by clients and servers

    However, you can leave the externalURLs blank and external clients can connect just fine if DNS is setup correctly.  Redirection wont work however without ExternalURLs defined and autodiscovery may be incorrect for external clients without the externalURLs defined as well.

     
  • Sunday, February 19, 2012 6:45 PM
     
     
    Sign In to Vote
    1
    Note however that your actually RPC Array FQDN should not be the same as the external URL clients use.

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

     
  • Sunday, February 19, 2012 8:04 PM
    Moderator
     
     
    Sign In to Vote
    0
    Note however that your actually RPC Array FQDN should not be the same as the external URL clients use.

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com


    Yep. Good thing to always remember!
     
  • Sunday, February 19, 2012 9:11 PM
     
     
    Sign In to Vote
    0
    why shouldnt the casarray name be the same as the external url ?

    Anand_N


    • Edited by Anand_N Sunday, February 19, 2012 9:11 PM
    •  
     
  • Sunday, February 19, 2012 10:01 PM
    Moderator
     
     
    Sign In to Vote
    1
    why shouldnt the casarray name be the same as the external url ?

    Anand_N



    The CAS Array FQDN should not be resolvable from outside the Exchange org for external clients because if it is, Outlook  clients will attempt to resolve it as a mapi connection first and it will take longer for them connect before they failover to Outlook Anywhere mode.
     
  • Monday, February 20, 2012 4:18 AM
     
     Proposed Answer
    Sign In to Vote
    0
    get-activesyncvirtualdirectory

    Don't worry about this one, it isn't used anywhere in the product. Ignore anything that tells you they are, because they aren't. :)

    Microsoft Premier Field Engineer, Exchange
    MCSA 2000/2003
    MCTS: Win Server 2008 AD, Configuration MCTS: Win Server 2008 Network Infrastructure, Configuration
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server

    NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

     
  • Monday, February 20, 2012 1:05 PM
     
     
    Sign In to Vote
    0

    get-oabvirtualdirectory

    returns that the internalurl by default is http://casname.domain.com/oab    (port 80)

    Should I go ahead and change this to https://casarray.domain.com/oab ?

    Anand_N

     
  • Monday, February 20, 2012 1:13 PM
    Moderator
     
     
    Sign In to Vote
    0

    get-oabvirtualdirectory

    returns that the internalurl by default is http://casname.domain.com/oab    (port 80)

    Should I go ahead and change this to https://casarray.domain.com/oab ?

    Anand_N

    I would  and set RequireSSL to $true

    For the externalURL it should be the externally resolvable FQDN.

     
  • Monday, February 20, 2012 1:57 PM
     
     
    Sign In to Vote
    0
    So should i say that it is best practice for internalurls to not be externally resolvable fqns?

    Anand_N

     
  • Monday, February 20, 2012 2:40 PM
     
     
    Sign In to Vote
    0
    So should i say that it is best practice for internalurls to not be externally resolvable fqns?

    Anand_N

    No, that rule only applies to the CAS Array Object FQDN since it is used for MAPI/RPC connections.

    Switching OAB distribution to HTTPS is a recommended practice.

    Microsoft Premier Field Engineer, Exchange
    MCSA 2000/2003
    MCTS: Win Server 2008 AD, Configuration MCTS: Win Server 2008 Network Infrastructure, Configuration
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server

    NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

     
  • Monday, February 20, 2012 7:47 PM
    Moderator
     
     
    Sign In to Vote
    0

    What Brian said!