Deploying Exchange 2013 SP1 step by step – Part3

In Part2 we requested and installed the wildcard certificate on the first server – In Part3 we’ll pace through the setting up a new Autodiscover site and configuring various virtual directories.

Let’s open IIS and create a new site the Autodiscover service will use. 301

Notice that must use the same wildcard certificate – TestCompany-WildCard. We also need to add the new A-record to DNS.


Next, enable Directory Browsing and set authentication methods:



Then create the autodiscover virtual directory in EMS

New-AutodiscoverVirtualDirectory -WebSiteName “” -WindowsAuthentication $true

and configure Client Access Server:

Set-ClientAccessServer -Identity Exch1 -AutoDiscoverServiceInternalUri   https://Autodiscover.TestCompany/Autodiscover/Autodiscover.xml307

Use Get-AutodiscoverVirtualDirectory and to Get-ClientAccessServer | FL AutoDiscoverServiceInternalUri check the settings:310-1

The easiest way to configure external hostnames is to use the wizard:



As I decided to use the same external and internal hostnames for Exchange services I must either manually enter ‘’ instead of “” in EAC or type the corresponding commands in EMS for each virtual directory, for example:

Get-OwaVirtualDirectory -Server Exch1 | Set-OwaVirtualDirectory -InternalURL -ExternalURL 321-2

After configuring virtual directories let’s set up Outlook Anywhere (servers – Exch1/Properties) and reset IIS.

352 322

Now we can test connection to Exchange server using Outlook 2013 SP1 internally and externally.

1) I run Outlook 2013SP1 on a client computer in the domain.



If we right-click the Outlook system tray icon while holding Ctrl key we can check the connection by clicking “Connection status”.


2) Before I run Outlook in other domain to simulate external connection I need to install my internal CA’s (from the domain) root certificate to the client computer in that domain, otherwise Outlook will complain on untrusted certificate.



After installing this certificate to the “Trusted Root Certification Authorities” certificate store I can run Outlook to test connection externally.




Look! We’ve got a certificate error in spite of installing root CA’s certificate – why? As we can see this certificate arrived from, NOT from the – this is because Outlook first tries to connect to https:/ and only after that to Upon completion of the first connection attempt to a Outlook realises it is NOT an autodiscover site (as we used when setting up autodiscover) and makes another connection to, – we’ll check it a bit later.


Again, hold CTRL and right-click Outlook system tray icon, but this time let’s click “Test E-Mail Autoconfiguration”, enter e-mail address, password and run the test.


The Log tab will show what sites and with what results Autodiscover service were using while connecting to domain.



In Part3 of the series of articles on deploying Exchange 2013SP1 we configured Exchange-specific virtual directories, set up and tested autodiscover service. In Part4 we’ll continue to fine-tune the server by configuring the most important settings.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: