Configure Internal and External URL in Exchange

After installing Exchange Server and configuring internal DNS, what’s next? The next step is to configure Internal and External URL in Exchange Server. Configuring the URLs can be done with Exchange Admin Center (EAC) or with PowerShell. Well, almost all parts can be configured with EAC, because one part (AutoDiscover) needs to be configured with PowerShell. In this article, you will learn how to configure URLs in Exchange Server.

Information Internal and External URL in Exchange

Important: Read the article Exchange namespace design and planning before you go further.

We have an internal domain named exoip.local and external domain exoip.com. In our example, we will configure the namespace mail.exoip.com. This way, we can buy a third-party certificate for Exchange Server. We will configure the internal and external URLs with the same name. Almost all the URLs will have mail.exoip.com in the configuration. That’s because the AutoDiscover URL will be different.

ServiceInternal and External URL
AutoDiscoverhttps://autodiscover.exoip.com/Autodiscover/Autodiscover.xml
Exchange Control Panelhttps://mail.exoip.com/ecp
Exchange Web Serviceshttps://mail.exoip.com/EWS/Exchange.asmx
MAPI over HTTPhttps://mail.exoip.com/mapi
Exchange ActiveSynchttps://mail.exoip.com/Microsoft-Server-ActiveSync
Offline Address Bookhttps://mail.exoip.com/OAB
Outlook Web Accesshttps://mail.exoip.com/owa
PowerShellhttps://mail.exoip.com/powershell
Outlook Anywheremail.exoip.com

Do you like to know how the current Exchange URLs are configured? Read the article Find Exchange Server URLs with PowerShell.

An architecture view of the Exchange namespace is shown below in the topology.

Exchange Server Internal and External URL architecture

Configure internal and External URL in Exchange with PowerShell

Sign in to Exchange Server. Run Exchange Management Shell as administrator. Set the virtual directory for every component and verify it after. If you like to set the URLs on all the Exchange Servers, remove -Server EX01-2016 from each command.

In our example, we like to configure URLs on this particular Exchange Server, this is why we will use the -Server parameter.

Configure URL for Autodiscover.

[PS] C:\>Get-ClientAccessServer -Identity EX01-2016 | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.exoip.com/Autodiscover/Autodiscover.xml

[PS] C:\>Get-ClientAccessService -Identity EX01-2016 | Format-List Identity, AutoDiscoverServiceInternalUri

Identity                       : EX01-2016
AutoDiscoverServiceInternalUri : https://autodiscover.exoip.com/Autodiscover/Autodiscover.xml

Configure URL for Exchange Control Panel (ECP).

[PS] C:\>Get-EcpVirtualDirectory -Server EX01-2016 | Set-EcpVirtualDirectory -ExternalUrl https://mail.exoip.com/ecp -InternalUrl https://mail.exoip.com/ecp

[PS] C:\>Get-EcpVirtualDirectory -Server EX01-2016 | Format-List InternalUrl, ExternalUrl

InternalUrl : https://mail.exoip.com/ecp
ExternalUrl : https://mail.exoip.com/ecp

Configure URL for Exchange Web Services (EWS).

[PS] C:\>Get-WebServicesVirtualDirectory -Server EX01-2016 | Set-WebServicesVirtualDirectory -ExternalUrl https://mail.exoip.com/EWS/Exchange.asmx -InternalUrl https://mail.exoip.com/EWS/Exchange.asmx

[PS] C:\>Get-WebServicesVirtualDirectory -Server EX01-2016 | Format-List InternalUrl, ExternalUrl

InternalUrl : https://mail.exoip.com/EWS/Exchange.asmx
ExternalUrl : https://mail.exoip.com/EWS/Exchange.asmx

Configure URL for MAPI.

[PS] C:\>Get-MapiVirtualDirectory -Server EX01-2016 | Set-MapiVirtualDirectory -ExternalUrl https://mail.exoip.com/mapi -InternalUrl https://mail.exoip.com/mapi

[PS] C:\>Get-MapiVirtualDirectory -Server EX01-2016 | Format-List InternalUrl, ExternalUrl

InternalUrl : https://mail.exoip.com/mapi
ExternalUrl : https://mail.exoip.com/mapi

Configure URL for ActiveSync.

[PS] C:\>Get-ActiveSyncVirtualDirectory -Server EX01-2016 | Set-ActiveSyncVirtualDirectory -ExternalUrl https://mail.exoip.com/Microsoft-Server-ActiveSync -InternalUrl https://mail.exoip.com/Microsoft-Server-ActiveSync

[PS] C:\>Get-ActiveSyncVirtualDirectory -Server EX01-2016 | Format-List InternalUrl, ExternalUrl


InternalUrl : https://mail.exoip.com/Microsoft-Server-ActiveSync
ExternalUrl : https://mail.exoip.com/Microsoft-Server-ActiveSync

Configure URL for Offline Address Book (OAB).

[PS] C:\>Get-OabVirtualDirectory -Server EX01-2016 | Set-OabVirtualDirectory -ExternalUrl https://mail.exoip.com/OAB -InternalUrl https://mail.exoip.com/OAB

[PS] C:\>Get-OabVirtualDirectory -Server EX01-2016 | Format-List InternalUrl, ExternalUrl

InternalUrl : https://mail.exoip.com/OAB
ExternalUrl : https://mail.exoip.com/OAB

Configure URL for Outlook Web Access (OWA).

[PS] C:\>Get-OwaVirtualDirectory -Server EX01-2016 | Set-OwaVirtualDirectory -ExternalUrl https://mail.exoip.com/owa -InternalUrl https://mail.exoip.com/owa
WARNING: You've changed the InternalURL or ExternalURL for the OWA virtual directory. Please make the same change for the ECP virtual directory in the same website.

[PS] C:\>Get-OwaVirtualDirectory -Server EX01-2016 | Format-List InternalUrl, ExternalUrl

InternalUrl : https://mail.exoip.com/owa
ExternalUrl : https://mail.exoip.com/owa

Configure URL for PowerShell.

[PS] C:\>Get-PowerShellVirtualDirectory -Server EX01-2016 | Set-PowerShellVirtualDirectory -ExternalUrl https://mail.exoip.com/powershell -InternalUrl https://mail.exoip.com/powershell

[PS] C:\>Get-PowerShellVirtualDirectory -Server EX01-2016 | Format-List InternalUrl, ExternalUrl

InternalUrl : https://mail.exoip.com/powershell
ExternalUrl : https://mail.exoip.com/powershell

Configure URL for Outlook Anywhere.

[PS] C:\>Get-OutlookAnywhere -Server EX01-2016 | Set-OutlookAnywhere -ExternalHostname mail.exoip.com -InternalHostname mail.exoip.com -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true -DefaultAuthenticationMethod NTLM

[PS] C:\>Get-OutlookAnywhere -Server EX01-2016 | Format-List ExternalHostname, InternalHostname

ExternalHostname : mail.exoip.com
InternalHostname : mail.exoip.com

Configuring Internal and External URL in Exchange Server completed successfully.

Configure Exchange Server URLs with PowerShell script

A faster way to set all the internal and external URLs is with the Set-ExchangeURLs.ps1 PowerShell script. Save the script on the Exchange Server C:\scripts folder. If you don’t have a scripts folder, create one.

Ensure that the file is unblocked to prevent any errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.

Another option is to copy and paste the below code into Notepad. Give it the name Set-ExchangeURLs.ps1 and place it in the C:\scripts folder.

Change line 1, 2, 3.

$subdomain = "mail" #enter subdomain
$domain = "exoip.com" #enter domain
$servername = "EX01-2016" #enter server name

Get-ClientAccessServer -Identity $servername | Set-ClientAccessServer -AutoDiscoverServiceInternalUri "https://autodiscover.$domain/Autodiscover/Autodiscover.xml"
Get-EcpVirtualDirectory -Server $servername | Set-EcpVirtualDirectory -ExternalUrl "https://$subdomain.$domain/ecp" -InternalUrl "https://$subdomain.$domain/ecp"
Get-WebServicesVirtualDirectory -Server $servername | Set-WebServicesVirtualDirectory -ExternalUrl "https://$subdomain.$domain/EWS/Exchange.asmx" -InternalUrl "https://$subdomain.$domain/EWS/Exchange.asmx"
Get-MapiVirtualDirectory -Server $servername | Set-MapiVirtualDirectory -ExternalUrl "https://$subdomain.$domain/mapi" -InternalUrl "https://$subdomain.$domain/mapi"
Get-ActiveSyncVirtualDirectory -Server $servername | Set-ActiveSyncVirtualDirectory -ExternalUrl "https://$subdomain.$domain/Microsoft-Server-ActiveSync" -InternalUrl "https://$subdomain.$domain/Microsoft-Server-ActiveSync"
Get-OabVirtualDirectory -Server $servername | Set-OabVirtualDirectory -ExternalUrl "https://$subdomain.$domain/OAB" -InternalUrl "https://$subdomain.$domain/OAB"
Get-OwaVirtualDirectory -Server $servername | Set-OwaVirtualDirectory -ExternalUrl "https://$subdomain.$domain/owa" -InternalUrl "https://$subdomain.$domain/owa"
Get-PowerShellVirtualDirectory -Server $servername | Set-PowerShellVirtualDirectory -ExternalUrl "https://$subdomain.$domain/powershell" -InternalUrl "https://$subdomain.$domain/powershell"
Get-OutlookAnywhere -Server $servername | Set-OutlookAnywhere -ExternalHostname "$subdomain.$domain" -InternalHostname "$subdomain.$domain" -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true -DefaultAuthenticationMethod NTLM

Run Exchange Management Shell as administrator. Next, change the path to the scripts folder and run the PowerShell script to configure the internal and external Exchange URLs.

PS C:\> cd c:\scripts
PS C:\scripts> .\Set-ExchangeURLs.ps1

That’s it!

Conclusion

You learned how to configure Internal and External URL in Exchange Server. Go through the services in the list and set the URL for each service. A faster way is to run the Set-ExchangeURLs.ps1 PowerShell script. Always verify that the URL is set correctly.

Did you enjoy this article? You may also like Recreate virtual directories in Exchange Server. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

TwitterLinkedIn

What Others Are Reading

This Post Has 20 Comments

  1. Slightly off topic – Can we have two CAS roles in a single AD site both configured with different URLs, lets say mail.contoso.com and webmail.contoso.com. The idea is to use one of them dedicated to setup EX hybrid use.

    Thanks,
    Az

    Reply

      1. Will it be an issue if the use case is mail.exoip.com is not published and only hybrid.exoip.com is published to internet/EXO.

        Reply

  2. Hello, thanks for the article, it is very helpful!

    I have a question regarding Internal and External URL and 3rd party wildcard cert. I have a issue with Security Alert every time I open Outlook.
    I get” The name on the security certificate is invalid or does not match the name of the site.”
    How I understand it’s all about those Internal and External URL, for example:
    Internal URL:
    https://exchange.corp.contoso.com/EWS/Exchange.asmx

    External URL:
    https://mail.contoso.com/EWS/Exchange.asmx
    I understand that wildcard covers only for *.contoso.com, not for *.corp.contoso.com.
    My question is, can I safely change this, for example in a way that I change Internal URL to exchange.contoso.com, which will lead to internal dns name change to exchange.contoso.com, or this will break the server itself, as this is how it’s configured during install ?

    Reply

      1. I did, and it was a success.
        Yet, I still have some Microsoft Outlook popup, with autodiscover asking to allow the website to configure server settings, which points to old internal configuration.
        It states that this specific account was redirected to this website for settings.
        Is this thing related?

        Reply

  3. Ali, your blogs are pretty good. I’ve been able to find many solutions from your blogs. Really appreciate that you are sharing. I have a question and I was hoping you could put me in the right direction. Exch2010 and Deployed Exch2016, following your instructions from your blog. However, when I create new test mailboxes, the profile gets created in Outlook Desktop client App, however they get disconnected and they would not reconnect to the Exch2016 Server. Any advise is greatly appreciated! Thank you in advance!

    Reply

  4. hello

    i have question about the powershell part, on some recommandation, they dont set the powershell to the common name, but all other you mention.

    is something to check with the powershell url?
    or there are some cases you dont set them equal to LB url ?

    thanks

    Reply

  5. Hello Ali, thanks for the detailed article.
    I was searching through Autodiscover powershell commands, found out there are switches for externalUri as well.
    AutoDiscoverServiceExternalUri

    The result for “Get-ClientAccessService -Identity EX01-2016 | Format-List Identity, AutoDiscoverServiceExternalUri” would show as empty.
    Any thoughts on this?
    Thanks in advance

    Reply

    1. There is no AutoDiscoverServiceExternalUri property in Exchange Server 2016/2019.

      Only the below properties are shown when you run the cmdlet “Get-ClientAccessService | fl”:

      – AutoDiscoverServiceCN
      – AutoDiscoverServiceClassName
      – AutoDiscoverServiceInternalUri
      – AutoDiscoverServiceGuid

      Reply

  6. Thanks Ali, great article.

    You seem to ignore the “Exchange Back End” site. It usually binds to 81 and 444, where 444 binds to a certificate. It needs a valid certificate. You skipped it on purpose?

    Reply

  8. Hi, thanks for the info. i have a question… what if i delete the exthernal URL from Virtual Directory in ECP?? I need to restrict OWA access Only Outside my Organizacion.

    Reply

  10. Hello,

    Thanks for your great article it’s very helpfulness for me.

    I have question ; could we use different urls for owa as such owa.mail.exoip.com/owa
    And to create A-record for this new FQDN

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *