https://blog.digicert.com/replace-internal-names-certificates-part-2/#internal_name_tool
Alternatively, here's the offline version of the page
-
Run these commands:
Get-ClientAccessServer -Identity HostName | fl AutodiscoverServiceInternalUri
Get-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" | fl InternalUrl
Get-OabVirtualDirectory -Identity "HostName\oab (Default Web Site)" | fl InternalUrl
Depending on your environment, you may need to run some additional commands:
Get-ActiveSyncVirtualDirectory -Identity "HostName\Microsoft-Server-ActiveSync (Default Web Site)" | fl InternalUrl
Get-OwaVirtualDirectory -Identity "HostName\owa (Default Web Site)" | fl InternalUrl
Get-EcpVirtualDirectory -Identity "HostName\ecp (Default Web Site)" | fl InternalUrl
The output from these commands that you want to record may look something like this:
AutoDiscoverServiceInternalUri : https://internalname/Autodiscover/Autodiscover.xml
InternalUrl : https://internalname/EWS/Exchange.asmx
InternalUrl : https://internalname/OAB
InternalUrl : https://internalname/Microsoft-Server-ActiveSync
InternalUrl : https://internalname/owa
InternalUrl : https://internalname/ecp
Note: If any command returns blank or with a publicly registered hostname, you probably don’t need to reconfigure that setting (i.e. run the “set” command for that setting).OutlookAnywhere Setting
In many Exchange environments, the OutlookAnywhere InternalHostname setting on your Exchange server is not configured. So if you didn’t configure it, don’t worry about updating this setting.For those of you who did configure it or for those of you who don’t know if the setting was configured, you can run a command to check and/or record the setting (in case a roll back is needed).- Run the following command:
Get-OutlookAnywhere -Identity "HostName\Rpc (Default Web Site)" | fl InternalHostname, InternalClientsRequireSsl
- The output from this command that you want to record may look something like this:
InternalHostname : InternalHostname
InternalClientsRequireSsl : True - If the
InternalHostname
is blank, if theInternalHostname
is a publicly registered domain name, or ifInternalClientsRequiredSsl
isFalse
, you probably don’t need to reconfigure this setting (run the “set” command for that setting).
- Reconfigure Your Exchange Server SettingsAfter verifying and recording your Exchange settings, run the following commands, as needed, to reconfigure your settings:Note: If any of the “get” commands returned blank or with a publicly registered hostname, you probably don’t need to run the “set” command for that setting.
Run these commands:
- ClientAccessServer
Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://mail.yourdomain.com/autodiscover/autodiscover.xml
- WebServicesVirtualDirectory
Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://mail.yourdomain.com/ews/exchange.asmx
- OABVirtualDirectory
Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://mail.yourdomain.com/oab
Depending on your environment, you may need to run some additional commands:
- ActiveSyncVirtualDirectory
Set-ActiveSyncVirtualDirectory -Identity "HostName\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl "https://mail.yourdomain.com/Microsoft-Server-ActiveSync"
- OWAVirtualDirectory
Set-OWAVirtualDirectory -Identity "HostName\owa (Default Web Site)" -InternalUrl "https://mail.yourdomain.com/owa"
- ECPVirtualDirectory
Set-ECPVirtualDirectory -Identity "HostName\ecp (Default Web Site)" -InternalUrl "https://mail.yourdomain.com/ecp"
- OutlookAnywhere
Set-OutlookAnywhere -Identity "HostName\Rpc (Default Web Site)" –InternalHostname mail.yourdomain.com -InternalClientsRequireSsl $true
*Note: Depending on their configuration, you may not need to update this setting.
- ClientAccessServer
- Recycle IIS Application PoolsFinally, to force these commands to take effect, you must make IIS push your changes by recycling the application pools.
- You are Done!Your clients will connect to the Autodiscover service, learn the new settings, and connect to the Exchange server using the external name.No more certificate name mismatch error!
How to Roll Back to Your Previous Settings
If necessary, after you reconfigure your Exchange server settings, you can roll back to your previous settings.
- On your Exchange Client Access Server (CAS), open Exchange Management Shell (EMS) and run it as administrator.
- Roll Back Your Exchange Server SettingsAfter verifying and recording your Exchange settings, run the following commands, as needed, to roll back your settings. Refer to the details you recorded when running the “get” commands.
Run these commands:
- ClientAccessServer
Set-ClientAccessServer -Identity HostName -AutodiscoverServiceInternalUri https://internalname/autodiscover/autodiscover.xml
- WebServicesVirtualDirectory
Set-WebServicesVirtualDirectory -Identity "HostName\EWS (Default Web Site)" -InternalUrl https://internalname/ews/exchange.asmx
- OABVirtualDirectory
Set-OABVirtualDirectory -Identity "HostName\oab (Default Web Site)" -InternalUrl https://internalname/oab
Depending on your environment, you may need to run some additional commands:
- ActiveSyncVirtualDirectory
Set-ActiveSyncVirtualDirectory -Identity "HostName\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl "https://internalname/Microsoft-Server-ActiveSync"
- OWAVirtualDirectory
Set-OWAVirtualDirectory -Identity "HostName\owa (Default Web Site)" -InternalUrl "https://internalname/owa"
- ECPVirtualDirectory
Set-ECPVirtualDirectory -Identity "HostName\ecp (Default Web Site)" -InternalUrl "https://internalname/ecp"
- OutlookAnywhere
Set-OutlookAnywhere -Identity "Hostname\Rpc (Default Web Site)" -InternalHostname internalname -InternalClientsRequireSsl $true
*Note: Depending on their configuration, you may not need to roll back this setting.
- ClientAccessServer
- Recycle IIS Application PoolsFinally, to force these commands to take effect, you must make IIS push your changes by recycling the application pools.
- You are done. Your settings should be rolled back.
No comments:
Post a Comment