For OA to proxy from 2013 to 2007, the IISAuthentication Methods on 2007 must be reconfigured to support both Basic and NTLM.By default, Exchange 2007 IISAuthentication Methods is set to just Basic. Set-Outlook Anywhere –Identity “Ex2013\Rpc (Default Web Site)” –Internal Hostname webmail.–External Host Name webmail.–External Client Authentication Method Basic –IISAuthentication Methods Basic, NTLM Auto Discover – Both the 20 SCP locator can be configured to point to the Autodiscover URL https://autodiscover.domain.com/Autodiscover/The default, self-signed certificate that Exchange 2013 creates during setup is valid for 5 years.
A certificate that has been acquired from a commercial certificate authority such as Digicert will usually be valid for one year.
For a client to trust the SSL certificate that a server is using the certificate must be issued by a certificate authority that the client already trusts.
Introducing Exchange 2013 into an Exchange 2007 environment can be a challenging task.
One of the most overlooked, and least documented topics I see is the proper configuration of URLs for Proxy and Redirection. I wouldn’t worry about that little guy.” Yes, I personally like to test everything prior to making any change to the existing 2007 environment.
This means that you can use a single certificate to secure one or more Exchange 2013 servers, and it can include all of the server names and other external URLs you plan to use for your Exchange environment, instead of having to provision a single-named SSL certificate for each of the different names.
There are three requirements for an SSL certificate to work correctly in your Exchange 2013 environment.
Because of the “secure by default” requirements, when an Exchange 2013 server is installed it is configured with self-signed SSL certificates that are enabled for those protocols.
Here is an example of the self-signed certificates installed on a new Exchange 2013 server.
The major commercial certificate authorities are already trusted by the operating systems running on most computers or mobile devices, so when you acquire your certificate from one of those CAs it will be trusted by connecting clients as well.
These trust issues mean that although you can use a private CA to issue your SSL certificates, it tends to be easier and less administrative effort to use a commercial CA.
Get-Exchange Certificate | Select Subject, Is Self Signed, Services | ft -auto Subject Is Self Signed Services ------- ------------ -------- CN=Microsoft Exchange Server Auth Certificate True SMTP CN=E15MB1 True IMAP, POP, IIS, SMTP CN=WMSvc-E15MB1 True None Although this means that services such as Outlook Web App, Outlook Anywhere, and Activesync are secure right from the moment the Exchange server is installed, the use of self-signed SSL certificates in Exchange Server 2013 is only intended to be temporary while the administrator acquires and installs the correct SSL certificates for the server.