Exchange 2010 Fixing Internal Hostname SSL Errors

By | November 17, 2014
1 Comment

How to fix the Exchange 2010 Internal Hostname certificate Error

I am going to bet you have seen an error similar to this.

Exchange2010

Let’s assume your Exchange server is known as “cpexchange2010.domain.local” internally but the external name is “mail.domain.com”.

Solution

  1. You need to add the (“domain.com”) to your internal IP and setup a record to point “mail.domain.com” to the same IP as “cpexchange2010.domain.local”. If you use a CNAME for the DNS setting you will not have to update 2 records. It will only require one.
  2. In this example I will use the Exchange Management Shell on the Exchange 2010 server.
  3. To check the setting that an in-place not run the following commands. This will also give you a text backup for the settings. 
    > Get-WebServicesVirtualDirectory | Select InternalUrl,BasicAuthenticationExternalUrl,Identity | Format-List

InternalUrl                     : https://cpexchange2010.domain.local/EWS/Exchange.asmx
BasicAuthentication             : False
ExternalUrl                     : https://mail.domain.com/ews/exchange.asmx
Identity                        : EXCH-1EWS (Default Web Site)

> Get-OabVirtualDirectory | Select InternalURL,ExternalURL,Identity | FL

InternalUrl                     : http://cpexchange2010.domain.local/OAB
ExternalUrl                     : https://mail.domain.com/OAB
Identity                        : EXCH-1OAB (Default Web Site)

> Get-ActiveSyncVirtualDirectory | Select InternalUrl,ExternalUrl,Identity | fl

InternalUrl                                : https://cpexchange2010.domain.local/Microsoft-Server-ActiveSync
ExternalUrl                                : https://mail.domain.com/Microsoft-Server-ActiveSync
Identity                                   : EXCH-1Microsoft-Server-ActiveSync (Default Web Site)
  4. Once you have checked the settings you can move on tothe the commands below. 
     
> Set-WebServicesVirtualDirectory -Identity "EXCH-1EWS (Default Web Site)" -InternalURL https://mail.domain.com/EWS/Exchange.asmx -BasicAuthentication:$true
> Set-OabVirtualDirectory -Identity "EXCH-1OAB (Default Web Site)" -InternalUrl https://mail.domain.com/OAB
> set-ActiveSyncVirtualDirectory -Identity "EXCH-1Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl "https://mail.domain.com/Microsoft-Server-ActiveSync"

    You are setting the internal URLs to be the same as the external URLs.

  5. Make sure that OutlookAnyhwereis configured correctly: 
    > Enable-OutlookAnywhere -Server EXCH-1 -ExternalHostname mail.domain.com -ClientAuthenticationMethod Basic -SSLOffloading:$false

 

Everything should now be setup and running without that annoying pop-up box.

Thanks for reading.

One thought on “Exchange 2010 Fixing Internal Hostname SSL Errors

  1. Pingback: Recap of #vDM30in30 – Great Work Folks! @ Virtual Design Master

Comments are closed.