Hello, I just need verification & guidance on my Outlook Anywhere & External Autodiscover access (via DNS) implementation plan. We have imported “exchange.onecliffs.com” certificate & keys at F5 load balancer so implementation plan is made according to SSL accelerator settings, There are total 12 CAS servers. TMEX05 & TMEX06 are two internet facing CAS servers. SAN certificates installed on TMEX05 & TMEX06: DNS Name=autodiscover.cliffsnr.com – for Autodiscover service DNS Name=exchange.onecliffs.com – newly imported for Outlook Anywhere DNS Name=tmex05.cliffsnet.com DNS Name=tmex06.cliffsnet.com DNS Name=email.onecliffs.com – using for OWA Below is the implementation plan, 1) Enable Outlook Anywhere: Enable-OutlookAnywhere -Server tmex05 -SSLOffloading:$true -ExternalHostname exchange.onecliffs.com l -ClientAuthenticationMethod basic -IISAuthenticationMethods basic Enable-OutlookAnywhere -Server tmex06 -SSLOffloading:$true -ExternalHostname exchange.onecliffs.com | -ClientAuthenticationMethod basic -IISAuthenticationMethods basic Does this command needs be run on all the CAS servers? If yes then do we need to import newly added “exchange.onecliffs.com” SAN certificate on all the CAS? Presently it is installed only on two internet facing CAS TMEx05 & TMEX06. 2) Network DNS External Team will create External (Public ) DNS Host record as below: Host Name : autodiscover.cliffsnr.com IP : 171.74.128.66 3) Once IP is confirm from n/w team then create internal A record (Forward & Reverse) for autodiscover.cliffsnr.com. Host Name : autodiscover.cliffsnr.com IP : 171.74.128.66 Does “exchange.onecliffs.com” require internal A record (Forward & Reverse) to be created? Presently external URLS for (Offline address book, Unified Messaging, Exchange Web Services) are set to email.onecliffs.com and internal URLS with the server name. I’m not sure if Outlook Anywhere & (Offline address book, Unified Messaging, Exchange Web Services) requires same external URL? If yes then need to change external URL to exchange.onecliffs.com? Does newly added “autodiscover.cliffsnr.com” SAN certificate to be installed on all the CAS servers? Presently it is installed only on two internet facing CAS. Kindly help with questions I would be most Grateful. Thanks, Abhishek

Unless you have clients on your network that are NOT part of the domain, then you do not need to have internal autodiscover entries. With regards to autodiscover, that only needs to be enabled on the internet facing CAS servers. You should have an SSL certificate of some description on all CAS servers. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Thanks for your reply. Could you verify steps 1,2,3 and throw some lights on the quesions below, 1) Does this command needs be run on all the CAS servers? If yes then do we need to import newly added “exchange.onecliffs.com” SAN certificate on all the CAS? Presently it is installed only on two internet facing CAS TMEx05 & TMEX06. Presently external URLS for (Offline address book, Unified Messaging, Exchange Web Services) are set to email.onecliffs.com (with OWA cert) and internal URLS with the server name. I’m not sure if Outlook Anywhere & (Offline address book, Unified Messaging, Exchange Web Services) requires same external URL? If yes then do we need to change external URL to exchange.onecliffs.com? Thanks, Abhi

I believe I have answered your questions. Is there something that isn't clear about what I have written? The external URL needs to match whatever is on the SSL certificate and resolves to the correct place. Posting the same question again doesn't help - I have reported the duplicated post for removal. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.