Friday, June 21, 2024

Configure FQDN’s for On Premises Endpoints

Since Nov 1, 2015 it was not possible to include .local domains inside externally used SSL certificates. This created a small problem for a lot of existing Exchange servers as more often than not, the UCC SSL cert would have the local server name and the external name applied. What was necessary was for the internal clients to access the Exchange server using the external FQDN. Once you have successfully applied the new SSL certificate, all the services inside Exchange need to be told to use the FQDN. To do this, a simple set of Powershell scripts can be used. In our example, the fqdn of ‘’ was used for external communications. We will now apply this external FQDN to all the internal services on the Exchange 2016 server.

Get-OutlookAnywhere | Set-OutlookAnywhere -ExternalHostname -InternalHostname -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true -DefaultAuthenticationMethod NTLM

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -ExternalUrl -InternalUrl

Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -ExternalUrl -InternalUrl

Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -ExternalUrl -InternalUrl

Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl -InternalUrl

Get-OabVirtualDirectory | Set-OabVirtualDirectory -ExternalUrl -InternalUrl

Get-ClientAccessService | Set-ClientAccessService -AutoDiscoverServiceInternalUri

Set-MapiVirtualDirectory -Identity “mapi (Default Web Site)” -InternalUrl -ExternalUrl -IISAuthenticationMethods Negotiate

Set-OrganizationConfig -MapiHttpEnabled $true

Once everything has run through, you can check that everything has taken effect nicely using the following powershell commands.


Get-OutlookAnywhere | Select Server,ExternalHostname,Internalhostname

Get-OwaVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Get-EcpVirtualDirectory | ft Get-ActiveSyncVirtualDirectory | select server,externalurl,internalurl | fl

Get-WebServicesVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Get-OabVirtualDirectory | Select Server,ExternalURL,InternalURL | fl

Get-ClientAccessService | Select Name,AutoDiscoverServiceInternalURI

Get-MapiVirtualDirectory | Select Name,InternalUrl,ExternalUrl Get-OrganizationConfig | Select Name,MapiHttpEnabled

The output that you see should look something like this.

And with that, you are done. It is often a good idea to reboot the Exchange Server after doing this, just to make sure everything is all good.

Mark Rochester
Mark Rochester
Mark currently works in the cloud space assisting large companies to migrate from either on premises to the cloud, or cloud to cloud. His experience with Enterprise migrations spans more than 25 years which basically makes him old. However, with all the oldness creeping up he still finds technology massively exciting. Please reach out for a chat anytime you would like. :-)

Related Articles

Migrate Microsoft 365 Mailboxes to Google Workspace

This is not a very common subject to talk about as most of the migrations that get performed are people moving into the Microsoft...

Microsoft 365 Discovery Report

If you are working with a Microsoft 365 tenant, whether it is for your own or for a client, it is often necessary to...

Batches Paused in ‘Needs Approval’ Status

When you are using the native Microsoft tools to migrate from Google Workspace (Gmail) into Microsoft 365 the tool works very well. It does...

Stay Connected

- Advertisement -

Latest Articles