none
Exchange 2013: breaks internal outlook anywhere when installing third party SSL

    Question

  • Dear Forum,

    My company recently purchased an SSL from a third party to properly configure outlook anywhere.

    The request and registration went fine. However when assigning the proper services to the ssl certificate. this seems to break the internal ourlook-to-server connection from working.

    I tested outlook anywhere and it worked fine.

    Some additional info.

    In the server setting of the Exchange 2013 I have the internal address (e.g)A: Server-Exchange.mydomain.com

    External address(e.g)B: Exchange.contoso.com

    When i looked into the a user setting I see that the outlook is configured to use outlook anywhere inside. 

    My questions are: Is there a reason for using outlook anywhere inside( is this how exchange 2013 normally is configured)

    Why does the enabling of the ssl change the internal setting for the outlook client from A to B?

    Monday, August 26, 2013 12:49 PM

Answers

  • Hi,

    Agree with the above suggestion, Outlook Anywhere replaces all the connectivity in Exchange 2013.

    When  Exchange server is installed, a self-signed certificate is created automatically. So after you install a CA certificate, there may be some confusion.  And you can setup web services' URLs to solve the problem.

    For more information about changing the URLs, you can refer to the below link:
    http://support.microsoft.com/kb/940726
    (note: the article also applies to Exchange 2013.)

    Moreover, after we change the internal setting for the outlook client from A to B, we can create a certificate only including Exchange.contoso.com and Autodiscover.contoso.com.

    If you have any question, please feel free to let me know.

    Thanks,
    Angela Shi


    Tuesday, August 27, 2013 1:00 PM

All replies

  • With EX2013, there is no internal MAPI RPC connectivity anymore.  All Outlook clients, internal or external, will use RPC over HTTPS.

    Does the SSL cert contain the SANs for both server-exchange.mydomain.com and exchange.contoso.com?  If not, you can setup the internal name to match your external name assuming DNS is configured correctly for this.

    Monday, August 26, 2013 2:52 PM
  • Hi,

    Agree with the above suggestion, Outlook Anywhere replaces all the connectivity in Exchange 2013.

    When  Exchange server is installed, a self-signed certificate is created automatically. So after you install a CA certificate, there may be some confusion.  And you can setup web services' URLs to solve the problem.

    For more information about changing the URLs, you can refer to the below link:
    http://support.microsoft.com/kb/940726
    (note: the article also applies to Exchange 2013.)

    Moreover, after we change the internal setting for the outlook client from A to B, we can create a certificate only including Exchange.contoso.com and Autodiscover.contoso.com.

    If you have any question, please feel free to let me know.

    Thanks,
    Angela Shi


    Tuesday, August 27, 2013 1:00 PM
  • Hi PS CL,

    No the SANs is not cofigured to with both internal and external. I will try to set both internal and external address to the same address.

    I will report back.

    Wednesday, August 28, 2013 8:22 PM
  • I will try the above solutions tomorrow and reply back.

    Thanks you for your quick reply

    Wednesday, August 28, 2013 8:23 PM