How Do I Change the Internal Autodiscover URL

I have seen this a few times recently so thought I would put down the definitive command that will allow you to change the internal autodiscover URL for you Exchange 2013 and Exchange 2010 servers (most likely Exchange 2016 also).

First a bit of background to when you may see this message, I have seen this when a client has changed there certificates within Exchange. They may have done this as they started using “split DNS” as you can no longer put SAN (subject alternative names) on certificates for domains that you do not own. When they have added the nice new shiny certificate to Exchange they have forgotten to change the path to Autodiscover to match the new SAN. For example:

Old Certificate

The old certificate would normally have the following SANs configured, but now we can no longer add the internal domains names.

Autodiscover.externaldomain.com
Mailserver.externaldomain.com
autodiscover.internaldomain.com
mailserver.interlandomain.com
OWA.internaldomain.com
OWA.externaldomain.com

New Certificate

We do not need any internal SANs so we just put the required external SANs and create a DNS zone with the external a records that point to the internal servers.

Autodiscover.externaldomain.com
mailserver.externaldomain.com
OWA.externaldomain.com

Forgetting to Change the Internal Autodiscover URL

The problem with the above is when you users fire up outlook the will get the following certificate error.

The name on the security certificate is invalid.
the name on the securuty certificate is invalid

To resolve this issue first make sure this is indeed the issue, lets check that the urls are incorrect. To do so run the following command.

Get-ClientAccessServer |fl identity,autodiscoverserviceinternaluri

If it lists any url that does not match the SANs on your certificate then we need to change those urls. We do so with the following command.

Set-ClientAccessServer -Identity OLD_SERVER -AutodiscoverServiceInternalUri https://correct_Autodiscover_URL

Also yes that is NOT a typo it says “URi” !

Tags: autodiscover

Allen White

Allen is a Consultant for ITPS in the North East of England and holds the following accreditations. MCSA, MCSE, MCTS, MCITP, CCA, CCSP, VCP 4,5 and HP ASE, AIS - Network Infrastructure.

Leave a comment

Categories

Vote!

What Web Browser Do You Use?

View Results

Loading ... Loading ...

Vote!

What do you prefer..VMware or Hyper-V?

View Results

Loading ... Loading ...