Microsoft Exchange team releases Exchange Server Security Updates (SUs) for Exchange Server 2013/2016/2019 when vulnerabilities…
Configure Internal and External URL in Exchange
After installing Exchange Server and configuring internal DNS, what’s next? The next step is to configure Internal and External URL in Exchange Server. Configuring the URLs can be done with Exchange Admin Center (EAC) or with PowerShell. Well, almost all parts can be configured with EAC, because one part (AutoDiscover) needs to be configured with PowerShell. In this article, you will learn how to configure URLs in Exchange Server.
Information Internal and External URL in Exchange
Important: Read the article Exchange namespace design and planning before you go further.
We have an internal domain named exoip.local and external domain exoip.com. In our example, we will configure the namespace mail.exoip.com. This way, we can buy a third-party certificate for Exchange Server. We will configure the internal and external URLs with the same name. Almost all the URLs will have mail.exoip.com in the configuration. That’s because the AutoDiscover URL will be different.
Service | Internal and External URL |
---|---|
AutoDiscover | https://autodiscover.exoip.com/Autodiscover/Autodiscover.xml |
Exchange Control Panel | https://mail.exoip.com/ecp |
Exchange Web Services | https://mail.exoip.com/EWS/Exchange.asmx |
MAPI over HTTP | https://mail.exoip.com/mapi |
Exchange ActiveSync | https://mail.exoip.com/Microsoft-Server-ActiveSync |
Offline Address Book | https://mail.exoip.com/OAB |
Outlook Web Access | https://mail.exoip.com/owa |
PowerShell | https://mail.exoip.com/powershell |
Outlook Anywhere | mail.exoip.com |
Do you like to know how the current Exchange URLs are configured? Read the article Find Exchange Server URLs with PowerShell.
An architecture view of the Exchange namespace is shown below in the topology.
Configure internal and External URL in Exchange with PowerShell
Sign in to Exchange Server. Run Exchange Management Shell as administrator. Set the virtual directory for every component and verify it after. If you like to set the URLs on all the Exchange Servers, remove -Server EX01-2016 from each command.
In our example, we like to configure URLs on this particular Exchange Server, this is why we will use the -Server parameter.
Configure URL for Autodiscover.
[PS] C:\>Get-ClientAccessServer -Identity EX01-2016 | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.exoip.com/Autodiscover/Autodiscover.xml
[PS] C:\>Get-ClientAccessService -Identity EX01-2016 | Format-List Identity, AutoDiscoverServiceInternalUri
Identity : EX01-2016
AutoDiscoverServiceInternalUri : https://autodiscover.exoip.com/Autodiscover/Autodiscover.xml
Configure URL for Exchange Control Panel (ECP).
[PS] C:\>Get-EcpVirtualDirectory -Server EX01-2016 | Set-EcpVirtualDirectory -ExternalUrl https://mail.exoip.com/ecp -InternalUrl https://mail.exoip.com/ecp
[PS] C:\>Get-EcpVirtualDirectory -Server EX01-2016 | Format-List InternalUrl, ExternalUrl
InternalUrl : https://mail.exoip.com/ecp
ExternalUrl : https://mail.exoip.com/ecp
Configure URL for Exchange Web Services (EWS).
[PS] C:\>Get-WebServicesVirtualDirectory -Server EX01-2016 | Set-WebServicesVirtualDirectory -ExternalUrl https://mail.exoip.com/EWS/Exchange.asmx -InternalUrl https://mail.exoip.com/EWS/Exchange.asmx
[PS] C:\>Get-WebServicesVirtualDirectory -Server EX01-2016 | Format-List InternalUrl, ExternalUrl
InternalUrl : https://mail.exoip.com/EWS/Exchange.asmx
ExternalUrl : https://mail.exoip.com/EWS/Exchange.asmx
Configure URL for MAPI.
[PS] C:\>Get-MapiVirtualDirectory -Server EX01-2016 | Set-MapiVirtualDirectory -ExternalUrl https://mail.exoip.com/mapi -InternalUrl https://mail.exoip.com/mapi
[PS] C:\>Get-MapiVirtualDirectory -Server EX01-2016 | Format-List InternalUrl, ExternalUrl
InternalUrl : https://mail.exoip.com/mapi
ExternalUrl : https://mail.exoip.com/mapi
Configure URL for ActiveSync.
[PS] C:\>Get-ActiveSyncVirtualDirectory -Server EX01-2016 | Set-ActiveSyncVirtualDirectory -ExternalUrl https://mail.exoip.com/Microsoft-Server-ActiveSync -InternalUrl https://mail.exoip.com/Microsoft-Server-ActiveSync
[PS] C:\>Get-ActiveSyncVirtualDirectory -Server EX01-2016 | Format-List InternalUrl, ExternalUrl
InternalUrl : https://mail.exoip.com/Microsoft-Server-ActiveSync
ExternalUrl : https://mail.exoip.com/Microsoft-Server-ActiveSync
Configure URL for Offline Address Book (OAB).
[PS] C:\>Get-OabVirtualDirectory -Server EX01-2016 | Set-OabVirtualDirectory -ExternalUrl https://mail.exoip.com/OAB -InternalUrl https://mail.exoip.com/OAB
[PS] C:\>Get-OabVirtualDirectory -Server EX01-2016 | Format-List InternalUrl, ExternalUrl
InternalUrl : https://mail.exoip.com/OAB
ExternalUrl : https://mail.exoip.com/OAB
Configure URL for Outlook Web Access (OWA).
[PS] C:\>Get-OwaVirtualDirectory -Server EX01-2016 | Set-OwaVirtualDirectory -ExternalUrl https://mail.exoip.com/owa -InternalUrl https://mail.exoip.com/owa
WARNING: You've changed the InternalURL or ExternalURL for the OWA virtual directory. Please make the same change for the ECP virtual directory in the same website.
[PS] C:\>Get-OwaVirtualDirectory -Server EX01-2016 | Format-List InternalUrl, ExternalUrl
InternalUrl : https://mail.exoip.com/owa
ExternalUrl : https://mail.exoip.com/owa
Configure URL for PowerShell.
[PS] C:\>Get-PowerShellVirtualDirectory -Server EX01-2016 | Set-PowerShellVirtualDirectory -ExternalUrl https://mail.exoip.com/powershell -InternalUrl https://mail.exoip.com/powershell
[PS] C:\>Get-PowerShellVirtualDirectory -Server EX01-2016 | Format-List InternalUrl, ExternalUrl
InternalUrl : https://mail.exoip.com/powershell
ExternalUrl : https://mail.exoip.com/powershell
Configure URL for Outlook Anywhere.
[PS] C:\>Get-OutlookAnywhere -Server EX01-2016 | Set-OutlookAnywhere -ExternalHostname mail.exoip.com -InternalHostname mail.exoip.com -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true -DefaultAuthenticationMethod NTLM
[PS] C:\>Get-OutlookAnywhere -Server EX01-2016 | Format-List ExternalHostname, InternalHostname
ExternalHostname : mail.exoip.com
InternalHostname : mail.exoip.com
Configuring Internal and External URL in Exchange Server completed successfully.
Configure Exchange Server URLs with PowerShell script
A faster way to set all the internal and external URLs is with the Set-ExchangeURLs.ps1 PowerShell script. Save the script on the Exchange Server C:\scripts folder. If you don’t have a scripts folder, create one.
Ensure that the file is unblocked to prevent any errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.
Another option is to copy and paste the below code into Notepad. Give it the name Set-ExchangeURLs.ps1 and place it in the C:\scripts folder.
Change line 1, 2, 3.
$subdomain = "mail" #enter subdomain
$domain = "exoip.com" #enter domain
$servername = "EX01-2016" #enter server name
Get-ClientAccessServer -Identity $servername | Set-ClientAccessServer -AutoDiscoverServiceInternalUri "https://autodiscover.$domain/Autodiscover/Autodiscover.xml"
Get-EcpVirtualDirectory -Server $servername | Set-EcpVirtualDirectory -ExternalUrl "https://$subdomain.$domain/ecp" -InternalUrl "https://$subdomain.$domain/ecp"
Get-WebServicesVirtualDirectory -Server $servername | Set-WebServicesVirtualDirectory -ExternalUrl "https://$subdomain.$domain/EWS/Exchange.asmx" -InternalUrl "https://$subdomain.$domain/EWS/Exchange.asmx"
Get-MapiVirtualDirectory -Server $servername | Set-MapiVirtualDirectory -ExternalUrl "https://$subdomain.$domain/mapi" -InternalUrl "https://$subdomain.$domain/mapi"
Get-ActiveSyncVirtualDirectory -Server $servername | Set-ActiveSyncVirtualDirectory -ExternalUrl "https://$subdomain.$domain/Microsoft-Server-ActiveSync" -InternalUrl "https://$subdomain.$domain/Microsoft-Server-ActiveSync"
Get-OabVirtualDirectory -Server $servername | Set-OabVirtualDirectory -ExternalUrl "https://$subdomain.$domain/OAB" -InternalUrl "https://$subdomain.$domain/OAB"
Get-OwaVirtualDirectory -Server $servername | Set-OwaVirtualDirectory -ExternalUrl "https://$subdomain.$domain/owa" -InternalUrl "https://$subdomain.$domain/owa"
Get-PowerShellVirtualDirectory -Server $servername | Set-PowerShellVirtualDirectory -ExternalUrl "https://$subdomain.$domain/powershell" -InternalUrl "https://$subdomain.$domain/powershell"
Get-OutlookAnywhere -Server $servername | Set-OutlookAnywhere -ExternalHostname "$subdomain.$domain" -InternalHostname "$subdomain.$domain" -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true -DefaultAuthenticationMethod NTLM
Run Exchange Management Shell as administrator. Next, change the path to the scripts folder and run the PowerShell script to configure the internal and external Exchange URLs.
PS C:\> cd c:\scripts
PS C:\scripts> .\Set-ExchangeURLs.ps1
That’s it!
Conclusion
You learned how to configure Internal and External URL in Exchange Server. Go through the services in the list and set the URL for each service. A faster way is to run the Set-ExchangeURLs.ps1 PowerShell script. Always verify that the URL is set correctly.
Did you enjoy this article? You may also like Recreate virtual directories in Exchange Server. Don’t forget to follow us and share this article.
Slightly off topic – Can we have two CAS roles in a single AD site both configured with different URLs, lets say mail.contoso.com and webmail.contoso.com. The idea is to use one of them dedicated to setup EX hybrid use.
Thanks,
Az
Yes, you can.
For example:
– mail.exoip.com
– hybrid.exoip.com
Will it be an issue if the use case is mail.exoip.com is not published and only hybrid.exoip.com is published to internet/EXO.
Hello, thanks for the article, it is very helpful!
I have a question regarding Internal and External URL and 3rd party wildcard cert. I have a issue with Security Alert every time I open Outlook.
I get” The name on the security certificate is invalid or does not match the name of the site.”
How I understand it’s all about those Internal and External URL, for example:
Internal URL:
https://exchange.corp.contoso.com/EWS/Exchange.asmx
External URL:
https://mail.contoso.com/EWS/Exchange.asmx
I understand that wildcard covers only for *.contoso.com, not for *.corp.contoso.com.
My question is, can I safely change this, for example in a way that I change Internal URL to exchange.contoso.com, which will lead to internal dns name change to exchange.contoso.com, or this will break the server itself, as this is how it’s configured during install ?
You can safely change the Internal URL (recommended). Just make sure that you configure the internal DNS for Exchange Server.
I did, and it was a success.
Yet, I still have some Microsoft Outlook popup, with autodiscover asking to allow the website to configure server settings, which points to old internal configuration.
It states that this specific account was redirected to this website for settings.
Is this thing related?
Ali, your blogs are pretty good. I’ve been able to find many solutions from your blogs. Really appreciate that you are sharing. I have a question and I was hoping you could put me in the right direction. Exch2010 and Deployed Exch2016, following your instructions from your blog. However, when I create new test mailboxes, the profile gets created in Outlook Desktop client App, however they get disconnected and they would not reconnect to the Exch2016 Server. Any advise is greatly appreciated! Thank you in advance!
hello
i have question about the powershell part, on some recommandation, they dont set the powershell to the common name, but all other you mention.
is something to check with the powershell url?
or there are some cases you dont set them equal to LB url ?
thanks
You can skip the PowerShell virtual directory URL and keep it default. But I always recommend pointing all the virtual directories to the same URL.
Hello Ali, thanks for the detailed article.
I was searching through Autodiscover powershell commands, found out there are switches for externalUri as well.
AutoDiscoverServiceExternalUri
The result for “Get-ClientAccessService -Identity EX01-2016 | Format-List Identity, AutoDiscoverServiceExternalUri” would show as empty.
Any thoughts on this?
Thanks in advance
There is no AutoDiscoverServiceExternalUri property in Exchange Server 2016/2019.
Only the below properties are shown when you run the cmdlet “Get-ClientAccessService | fl”:
– AutoDiscoverServiceCN
– AutoDiscoverServiceClassName
– AutoDiscoverServiceInternalUri
– AutoDiscoverServiceGuid
Thanks Ali, great article.
You seem to ignore the “Exchange Back End” site. It usually binds to 81 and 444, where 444 binds to a certificate. It needs a valid certificate. You skipped it on purpose?
Nothing is skipped, Joe.
Configuring the virtual directories is only for the “Default Web Site” and not “Exchange Back End”.
But the Back End needs a certificate.
You should leave that on the default “Microsoft Exchange” self-signed certificate. Restart IIS after the change.
Very informative post thank you for posting.
Hi, thanks for the info. i have a question… what if i delete the exthernal URL from Virtual Directory in ECP?? I need to restrict OWA access Only Outside my Organizacion.
You Are The Best Dear Ali! 😀 :-*
Hello,
Thanks for your great article it’s very helpfulness for me.
I have question ; could we use different urls for owa as such owa.mail.exoip.com/owa
And to create A-record for this new FQDN
It’s possible to use different URLs, but I don’t recommend doing that. Keep the namespace easy as possible.