none
Should ALL of these internalUrls point to the casarray dns name?

    Question

  • Mail.domain.com is the CasArray name in DNS.
    I have changed the owa and ecp internal,external urls to be https://mail.domain.com/owa and https://mail.domain.com/ecp respectively.
    My question is, when I run the following cmdlets, the internalurl returned, by default, points to the individual Cas server and not mail.domain.com.
    Should I change ALL of them to point to https://mail.domain.com ???


    get-webservicesvirtualdirectory
    get-oabvirtualdirectory
    get-activesyncvirtualdirectory
    get-ClientAccessServer |fl autodiscoverserviceinternaluri

    Anand_N

    Sunday, February 19, 2012 12:10 PM

Answers

  • I would set all to the NLB name except the activesync URL. Really no point in changing the internalURL for that. The externalURL however for activesync should be set to the FQDN that external mobile clients connect to ( and setting the externalURL for activesync is the value they will get from activesync autodiscovery)

    The externalURLs for OAB and web services should be set to the external FQDN as well.

    • Marked as answer by Anand_N Friday, February 24, 2012 4:48 PM
    Sunday, February 19, 2012 2:49 PM

All replies

  • I would set all to the NLB name except the activesync URL. Really no point in changing the internalURL for that. The externalURL however for activesync should be set to the FQDN that external mobile clients connect to ( and setting the externalURL for activesync is the value they will get from activesync autodiscovery)

    The externalURLs for OAB and web services should be set to the external FQDN as well.

    • Marked as answer by Anand_N Friday, February 24, 2012 4:48 PM
    Sunday, February 19, 2012 2:49 PM
  • Is it true to say that the InternalUrl is only used by clients that are able to query active directory?

    Anand_N

    Sunday, February 19, 2012 4:39 PM
  • Is it true to say that the InternalUrl is only used by clients that are able to query active directory?

    Anand_N

    Yes, The InternalURLs are really for domain-joined processes and Lookups by clients and servers

    However, you can leave the externalURLs blank and external clients can connect just fine if DNS is setup correctly.  Redirection wont work however without ExternalURLs defined and autodiscovery may be incorrect for external clients without the externalURLs defined as well.

    Sunday, February 19, 2012 4:45 PM
  • Note however that your actually RPC Array FQDN should not be the same as the external URL clients use.

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com

    Sunday, February 19, 2012 6:45 PM
  • Note however that your actually RPC Array FQDN should not be the same as the external URL clients use.

    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com


    Yep. Good thing to always remember!
    Sunday, February 19, 2012 8:04 PM
  • why shouldnt the casarray name be the same as the external url ?

    Anand_N


    • Edited by Anand_N Sunday, February 19, 2012 9:11 PM
    Sunday, February 19, 2012 9:11 PM
  • why shouldnt the casarray name be the same as the external url ?

    Anand_N



    The CAS Array FQDN should not be resolvable from outside the Exchange org for external clients because if it is, Outlook  clients will attempt to resolve it as a mapi connection first and it will take longer for them connect before they failover to Outlook Anywhere mode.
    Sunday, February 19, 2012 10:01 PM
  • get-activesyncvirtualdirectory

    Don't worry about this one, it isn't used anywhere in the product. Ignore anything that tells you they are, because they aren't. :)

    Microsoft Premier Field Engineer, Exchange
    MCSA 2000/2003
    MCTS: Win Server 2008 AD, Configuration MCTS: Win Server 2008 Network Infrastructure, Configuration
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server

    NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, February 20, 2012 4:18 AM
  • get-oabvirtualdirectory

    returns that the internalurl by default is http://casname.domain.com/oab    (port 80)

    Should I go ahead and change this to https://casarray.domain.com/oab ?


    Anand_N

    Monday, February 20, 2012 1:05 PM
  • get-oabvirtualdirectory

    returns that the internalurl by default is http://casname.domain.com/oab    (port 80)

    Should I go ahead and change this to https://casarray.domain.com/oab ?


    Anand_N

    I would  and set RequireSSL to $true

    For the externalURL it should be the externally resolvable FQDN.

    Monday, February 20, 2012 1:13 PM
  • So should i say that it is best practice for internalurls to not be externally resolvable fqns?

    Anand_N

    Monday, February 20, 2012 1:57 PM
  • So should i say that it is best practice for internalurls to not be externally resolvable fqns?

    Anand_N

    No, that rule only applies to the CAS Array Object FQDN since it is used for MAPI/RPC connections.

    Switching OAB distribution to HTTPS is a recommended practice.


    Microsoft Premier Field Engineer, Exchange
    MCSA 2000/2003
    MCTS: Win Server 2008 AD, Configuration MCTS: Win Server 2008 Network Infrastructure, Configuration
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server

    NOTICE: My posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, February 20, 2012 2:40 PM
  • What Brian said!

    Monday, February 20, 2012 7:47 PM