Site icon SSL.com

Set Up Microsoft Exchange Server to Use a Fully Qualified Domain Name

Chris Kemmerer

This article will show you how to set up Microsoft Exchange Server to use a Fully Qualified Domain Name (or FQDN). This may be required if your present network uses “internal names” – FQDNs will need to be introduced to replace or reassign these internal names to make sure your security architecture will function in the face of upcoming changes.

What’s Changing, Exactly?

The Internet security community is phasing out the use of internal names and IP addresses as Primary Domain Names or the Subject Alternative Names (SANs) in SSL certificates. Any internal names you have configured will need to be adjusted to avoid exposure or interruption of services you wish to secure.

What Is an Internal Name?

In this context, an internal name is anything which can’t be guaranteed to be a unique identifier for a network resource. A mail server on your intranet named Mail uses an internal name (sometimes also called an “intranet name”) and will be affected by this change – however, the same server will work fine when assigned a FQDN like mail.mydomain.com using the instructions below.

How Can I Prepare for This Change?

If you use an internal name or IP address for an SSL certificate hosted on a Microsoft® Exchange Server, you can meet Certificate Authorities Browser Forum guidelines by reconfiguring your server to accept a fully qualified domain name (FQDN). For example, you can change internal name server.local to FQDN mail.coolexample.com.

If you haven’t already done so, to ensure that internal Autodiscover continues to work, you must create an internal DNS zone for your domain name (for example, autodiscover.coolexample.com) and an MX record that points to your server’s internal IP address.

The code samples below include the following variables:

Note: We strongly recommend that only experienced server administrators implement this procedure. These instructions do not apply to Windows Server® 2012 or Microsoft Small Business Financials (SBF) Server.

Re-configuring Microsoft Exchange Server to Use a Fully Qualified Domain Name

  1. Start the Exchange Management Shell.
  2. To change the Autodiscover URL, type the following command, and then press Enter: 
    Set-ClientAccessServer -Identity Your_Server_Name -AutodiscoverServiceInternalUri https://mail.coolexample.com/autodiscover/autodiscover.xml
  3. To change the InternalUrl attribute of the EWS, type the following command, and then press Enter: 
    Set-WebServicesVirtualDirectory -Identity "Your_Server_NameEWS (Default Web Site)" -InternalUrl https://mail.coolexample.com/ews/exchange.asmx
  4. To change the InternalUrl attribute for Web-based Offline Address Book distribution, type the following command, and then press Enter: 
    Set-OABVirtualDirectory -Identity "Your_Server_Nameoab (Default Web Site)" -InternalUrl https://mail.coolexample.com/oab
  5. If you use the Unified Message service in Exchange Server 2007: To change the InternalUrl attribute of the UM Web service, type the following command, and then press Enter: 
    Set-UMVirtualDirectory -Identity “Your_Server_Nameunifiedmessaging (Default Web Site)” -InternalUrl https://mail.coolexample.com/unifiedmessaging/service.asmx
  6. To recycle the application pools, open IIS Manager.
  7. Expand the local computer, and then expand Application Pools.
  8. Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.
Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products.
Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.
Exit mobile version