How Do I Change the Internal Autodiscover URL

Written by Allen White on. Posted in Exchange 2013, Exchange 2016

I have seen this a few times recently so thought I would put down the definitive command that will allow you to change the internal autodiscover URL for you Exchange 2013 and Exchange 2010 servers (most likely Exchange 2016 also).

First a bit of background to when you may see this message, I have seen this when a client has changed there certificates within Exchange. They may have done this as they started using “split DNS” as you can no longer put SAN (subject alternative names) on certificates for domains that you do not own. When they have added the nice new shiny certificate to Exchange they have forgotten to change the path to Autodiscover to match the new SAN. For example:

Old Certificate

The old certificate would normally have the following SANs configured, but now we can no longer add the internal domains names.

Autodiscover.externaldomain.com
Mailserver.externaldomain.com
autodiscover.internaldomain.com
mailserver.interlandomain.com
OWA.internaldomain.com
OWA.externaldomain.com

New Certificate

We do not need any internal SANs so we just put the required external SANs and create a DNS zone with the external a records that point to the internal servers.

Autodiscover.externaldomain.com
mailserver.externaldomain.com
OWA.externaldomain.com

Forgetting to Change the Internal Autodiscover URL

The problem with the above is when you users fire up outlook the will get the following certificate error.

The name on the security certificate is invalid.
the name on the securuty certificate is invalid

To resolve this issue first make sure this is indeed the issue, lets check that the urls are incorrect. To do so run the following command.

Get-ClientAccessServer |fl identity,autodiscoverserviceinternaluri

If it lists any url that does not match the SANs on your certificate then we need to change those urls. We do so with the following command.

Set-ClientAccessServer -Identity OLD_SERVER -AutodiscoverServiceInternalUri https://correct_Autodiscover_URL

Also yes that is NOT a typo it says “URi” !

 
Allen White
Allen is a Consultant for ITPS in the North East of England and holds the following accreditations. MCSA, MCSE, MCTS, MCITP, CCA, CCSP, VCP 4,5 and HP ASE, AIS - Network Infrastructure.

ITPS provides strategic IT consultancy, implementation, data centre provision and unified communications, as well as support services and workspace and disaster recovery. If you require a consultation then please contact me via the contacts section or direct on 07931222991, add me on linkedin. https://uk.linkedin.com/in/allenwhiteconsultant0001

Tags:

Leave a comment

Categories

(c) Techieshelp.com. Please be aware, all information is provided freely, any information used is done so at your risk and Techieshelp will not be held responsible for any issue that may occur.
!-- BuySellAds On-Site Shopping Cart -->