It will soon be time to renew our SSL cert for Exchange, used for OWA, Outlook Anywhere and Autodiscover, to name a few. I've already asked some questions about certs and as I'm waiting for our credit to become effective with the CA (we just purchased a renewal), I thought of another question I've actually been wanting to ask for a while. Should we rename Internal URLs to match External URLs (E2K7)? Now, I've already done this and do not intend to go back and redo everything. So, yes, my internal URLs, like the one for OWA, match the external URL. I'm more interested for future reference. I've heard of 3 reasons for: 1) Conceal the name of your internal servers, whose name would otherwise appear on the cert (if you know where to look). 2) Limit the number of names on your SSL cert 3) Possibly simplify access for users who enter the URL manually (assuming we are not using redirection). As for number 3, I simply modified a .vbs script, executed at logon, that creates a shortcut with the proper URL on the desktop of each user. For use from home, we created instructions on how to create such a shortcut manually (you only need to do it once). Working more recently with Exchange 2010 (for practice), I see that the setup wizard will configure all these URLs for you quite nicely, except that the Internal URLs reference the FQDN of the internal servers. So... Since the Exchange 2010 wizard takes care of this for you, is there a compelling reason to run Set-OWAVirtualDirectory, etc, etc, and change all these internal URLs so they match the external ones?

You don't get security by obscurity. Therefore not exposing the name of your internal servers will slow down an attacker for all of 30 seconds, if that. You don't need to change the internal URLs - just configure a SPLIT DNS system so the external DNS resolves internally to the internal IP address. Then it doesn't matter which one they use. As for the number of URLs on the certificate, you can do it with four on most single server deployments. If you have multiple servers then you need more slots. There are many providers who can give you lots of slots on a trusted certificate for very little money. Finally, if you are using the UM role then you need to use a UC certificate, otherwise Exchange will just create a self signed certificate for UM to use. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources

What happened to Sembee's response? His/your profile does show that there was a response. I remember what it was, having read it late last night, so there's no problem in that respect. But I'm wondering where it went, especially seeing that the last part of a conversation I was having in a SQL forum seems to have disappeared as well.

The forums are playing up. Not every response can always be seen. I can see my reply. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources

What happened to Sembee's response? His/your profile does show that there was a response. I remember what it was, having read it late last night, so there's no problem in that respect. But I'm wondering where it went, especially seeing that the last part of a conversation I was having in a SQL forum seems to have disappeared as well. Restart the IE and see if the issue persists. The problem could be caused by IE cache.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks Gen Lin-MSFT