none
SSL - Outlook Anywhere

    Question

  • I can't make Outlook connect externally to the Exchange 2010 server using SSL. Please help me understand what settings should be set for SSL to work.
    Tuesday, May 29, 2018 4:33 PM

Answers

  • Hi,

    If we want to configure SSL, we need to consider the namespace of your Exchange server, for example: connection endpoint for HTTPS, email address.

    For Exchange clients from internet will use HTTP or HTTPS to connect to Exchange server, thus we need configure the external connection setting on all VDs and Outlook Anywhere:
    Get-OutlookAnywhere | Select Server,InternalHostName,ExternalHostName
    Get-MAPIVirtualDirectory | Select Server,InternalURL,ExternalURL 
    Get-OABVirtualDirectory | Select Server,InternalURL,ExternalURL
    Get-WebServicesVirtualDirectory | Select Server,InternalURL,ExternalURL
    Get-ClientAccessServer | Select Name,AutoDiscoverServiceInternalUri
    Get-OWAVirtualDirectory | Select Server,InternalURL,ExternalURL
    Get-ECPVirtualDirectory | Select Server,InternalURL,ExternalURL
    Get-ActiveSyncVirtualDirectory | Select Server,InternalURL,ExternalURL
    Also, we need to consider the suffix of email address, because the autodiscover service will use its predefined process (base on your email address) to connect your Exchange server.

    After all, we need to create a service request with all proper host names of VDs, Outlook Anywhere and autodiscover.yourdomain.com as SAN in certificate. Then, submit it on 3rd trust CA (it's recommend for external access, however it's not free), download certificate and import it into your Exchange server. At last, enable proper service for it.

    More information about it, refer to: Digital certificates and SSL

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, May 30, 2018 8:25 AM
    Moderator

All replies

  • Valid certificate installed with the correct names issued by a public PKI

    Certificate names will be autodiscover.yourdomain.com & mail.youdomain.com 

    These ten need to resolve in public DNS to a firewall with port 443 forwarded to the CAS server with this certificate installed and the internal/external URL's configured correctly.

    use exchange remote connectivity analyser for help

    https://testconnectivity.microsoft.com/


    **Please don't forget to mark as helpful or answer**

    Tuesday, May 29, 2018 7:14 PM
  • Hi,

    If we want to configure SSL, we need to consider the namespace of your Exchange server, for example: connection endpoint for HTTPS, email address.

    For Exchange clients from internet will use HTTP or HTTPS to connect to Exchange server, thus we need configure the external connection setting on all VDs and Outlook Anywhere:
    Get-OutlookAnywhere | Select Server,InternalHostName,ExternalHostName
    Get-MAPIVirtualDirectory | Select Server,InternalURL,ExternalURL 
    Get-OABVirtualDirectory | Select Server,InternalURL,ExternalURL
    Get-WebServicesVirtualDirectory | Select Server,InternalURL,ExternalURL
    Get-ClientAccessServer | Select Name,AutoDiscoverServiceInternalUri
    Get-OWAVirtualDirectory | Select Server,InternalURL,ExternalURL
    Get-ECPVirtualDirectory | Select Server,InternalURL,ExternalURL
    Get-ActiveSyncVirtualDirectory | Select Server,InternalURL,ExternalURL
    Also, we need to consider the suffix of email address, because the autodiscover service will use its predefined process (base on your email address) to connect your Exchange server.

    After all, we need to create a service request with all proper host names of VDs, Outlook Anywhere and autodiscover.yourdomain.com as SAN in certificate. Then, submit it on 3rd trust CA (it's recommend for external access, however it's not free), download certificate and import it into your Exchange server. At last, enable proper service for it.

    More information about it, refer to: Digital certificates and SSL

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, May 30, 2018 8:25 AM
    Moderator
  • Hi,

    Any further help we can do for you?
    If it's solved, would you please post the solution here to share it with us? Thanks.
    Also, please free to mark the useful reply as answer. Thanks for your cooperation.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, June 06, 2018 2:38 AM
    Moderator