Menu  Search

Michael Firsov
Windows Audit

Advertisements

Deploying Exchange 2013 SP1 step by step – Part3

In Part2 we requested and installed the wildcard certificate on the first server – exch1.testcompany.com. In Part3 we’ll
pace through the setting up a new Autodiscover site and configuring various virtual directories.

Let’s open IIS and create a new site the Autodiscover service will use.
Notice that Autodiscover.TestCompany.com must use the same wildcard certificate – TestCompany-WildCard. We also
need to add the new A-record to DNS.

Next, enable Directory Browsing and set authentication methods:

Then create the autodiscover virtual directory in EMS

New-AutodiscoverVirtualDirectory -WebSiteName “Autodiscover.TestCompany.com” -WindowsAuthentication $true

and configure Client Access Server:

Set-ClientAccessServer -Identity Exch1 -AutoDiscoverServiceInternalUri  

https://Autodiscover.TestCompany/Autodiscover/Autodiscover.xml

Use Get-AutodiscoverVirtualDirectory and to Get-ClientAccessServer | FL AutoDiscoverServiceInternalUri check the

settings:

The easiest way to configure external hostnames is to use the wizard:

As I decided to use the same external and internal hostnames for Exchange services I must either manually enter
‘mail.testcompany.com’ instead of “exch1.testcompany.com” in EAC or type the corresponding commands in EMS for
each virtual directory, for example:

Get-OwaVirtualDirectory -Server Exch1 | Set-OwaVirtualDirectory -InternalURL https://mail.testcompany.com/owa -

ExternalURL https://mail.testcompany.com/owa
After configuring virtual directories let’s set up Outlook Anywhere (servers – Exch1/Properties) and reset IIS.
Now we can test connection to Exchange server using Outlook 2013 SP1 internally and externally.

1) I run Outlook 2013SP1 on a client computer in the TestCompany.com domain.

If we right-click the Outlook system tray icon while holding Ctrl key we can check the connection by clicking “Connection
status”.
2) Before I run Outlook in other domain to simulate external connection I need to install my internal CA’s (from the
TestCompany.com domain) root certificate to the client computer in that domain, otherwise Outlook will complain on
untrusted certificate.
After installing this certificate to the “Trusted Root Certification Authorities” certificate store I can run Outlook to test
connection externally.
Look! We’ve got a certificate error in spite of installing root CA’s certificate – why? As we can see this certificate arrived
from DC.TestCompany.com, NOT from the Autodiscover.TestCompany.com – this is because Outlook first tries to
connect to https:/domain.com and only after that to https://autodiscover.domain.com. Upon completion of the first
connection attempt to a https://domain.com Outlook realises it is NOT an autodiscover site (as we used
autodiscover.testcompany.com when setting up autodiscover) and makes another connection to
autodiscover.testcompany.com, – we’ll check it a bit later.
Again, hold CTRL and right-click Outlook system tray icon, but this time let’s click “Test E-Mail Autoconfiguration”, enter
e-mail address, password and run the test.

The Log tab will show what sites and with what results Autodiscover service were using while connecting to
TestCompany.com domain.
Summary

In Part3 of the series of articles on deploying Exchange 2013SP1 we configured Exchange-specific virtual directories,
set up and tested autodiscover service. In Part4 we’ll continue to fine-tune the server by configuring the most important
settings.

Advertisements

Share this:

 Twitter  Facebook

Like