Since Nov 1, 2015 it was not possible to include .local domains inside externally used SSL certificates. This created a small problem for a lot of existing Exchange servers as more often than not, the UCC SSL cert would have the local server name and the external name applied. What was necessary was for the internal clients to access the Exchange server using the external FQDN. Once you have successfully applied the new SSL certificate, all the services inside Exchange need to be told to use the FQDN. To do this, a simple set of Powershell scripts can be used. In our example, the fqdn of ‘mail.icebluefrog.com’ was used for external communications. We will now apply this external FQDN to all the internal services on the Exchange 2016 server.

Get-OutlookAnywhere | Set-OutlookAnywhere -ExternalHostname mail.icebluefrog.com -InternalHostname mail.icebluefrog.com -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true -DefaultAuthenticationMethod NTLM


Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -ExternalUrl https://mail.icebluefrog.com/owa -InternalUrl https://mail.icebluefrog.com/owa


Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -ExternalUrl https://mail.icebluefrog.com/ecp -InternalUrl https://mail.icebluefrog.com/ecp


Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -ExternalUrl https://mail.icebluefrog.com/Microsoft-Server-ActiveSync -InternalUrl https://mail.icebluefrog.com/Microsoft-Server-ActiveSync


Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl https://mail.icebluefrog.com/EWS/Exchange.asmx -InternalUrl https://mail.icebluefrog.com/EWS/Exchange.asmx


Get-OabVirtualDirectory | Set-OabVirtualDirectory -ExternalUrl https://mail.icebluefrog.com/OAB -InternalUrl https://mail.icebluefrog.com/OAB


Get-ClientAccessService | Set-ClientAccessService -AutoDiscoverServiceInternalUri https://mail.icebluefrog.com/Autodiscover/Autodiscover.xml


Set-MapiVirtualDirectory -Identity “mapi (Default Web Site)” -InternalUrl https://mail.icebluefrog.com/mapi -ExternalUrl https://mail.icebluefrog.com/mapi -IISAuthenticationMethods Negotiate


Set-OrganizationConfig -MapiHttpEnabled $true

 

Once everything has run through, you can check that everything has taken effect nicely using the following powershell commands.

Resolve-DnsName mail.icebluefrog.com Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname Get-OwaVirtualDirectory | Select Server,ExternalURL,InternalURL | fl Get-EcpVirtualDirectory | ft Get-ActiveSyncVirtualDirectory | select server,externalurl,internalurl | fl Get-WebServicesVirtualDirectory | Select Server,ExternalURL,InternalURL | fl Get-OabVirtualDirectory | Select Server,ExternalURL,InternalURL | fl Get-ClientAccessService | Select Name,AutoDiscoverServiceInternalURI Get-MapiVirtualDirectory | Select Name,InternalUrl,ExternalUrl Get-OrganizationConfig | Select Name,MapiHttpEnabled

 

The output that you see should look something like this.

  And with that, you are done. It is often a good idea to reboot the Exchange Server after doing this, just to make sure everything is all good.