This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I accidentally found this article:
To ensure Outlook Anywhere connectivity after a database, server, or datacenter switchover, you must use the same Certificate Principal Name on each certificate, and configure the Outlook Provider Configuration object in Active Directory with the same Principal Name in Microsoft-Standard Form (msstd). For example, if you use a Certificate Principal Name of mail.contoso.com, you would configure the attribute as follows.
Set-OutlookProvider EXPR -CertPrincipalName "msstd:mail.contoso.com"
...and got confused a bit: I don't quite understand what does this command do - the Set-OutlookProvider documentation page says nothing about EXPR parameter. Furthermore, as soon as the Set-OutlookProvider cmdlet creates the new Autodiscovery service settings does it mean Q1) that the usage of Set-OutlookProvider EXPR -CertPrincipalName "msstd:mail.contoso.com**" is mandatory and the default set of Autodiscovery service parameters is not enough to service multi-datacenter configurations?
Q2) Should I issue Set-OutlookProvider EXPR -CertPrincipalName "msstd:*.contoso.com if I'm using wildcard certificate? ...I've never run that command before but had no issues with using wildcard certificates....
Thank you in advance,
Michael
Hi,
Outlookprovider EXPR is used for outlook anywhere protocol and with scenarios having multiple AD sites with internet facing Exchange servers, wildcard certificates, etc. Legacy versions of Exchange/Outlook will look for these values to connect to the Exchange using Outlook Anywhere.
Please refer the below articles for more information,
https://techcommunity.microsoft.com/t5/exchange-team-blog/the-autodiscover-service-and-outlook-providers-how-does-this/ba-p/584403
https://techcommunity.microsoft.com/t5/exchange-team-blog/when-if-and-how-do-you-modify-outlook-providers/ba-p/603426
Hi,
Just to check if there are any updates. If the above suggestion helps, please click on "Accept Answer" and upvote it. Thanks for understanding.
Thank you all for your replies!
AshokM-8240, thank you for the valuable articles!
EricYin-MSFT, can't put these two answers together: 1) I don't think it's mandatory, 2) Yes. Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.contoso.com ... If it's not mandatory why should I necessarily issue the command above? I just can't seem to understand what does this command change in the Exchange configuration - by adding the *.contoso.com certificate to my Exchange organization and bounding it to the respective services I have already ...stated that in this organization only *.contoso.com certificate must be in use - why should I do it once again by other means?
In my organization there are two Exchange Servers in ONE site and Outlook does not complain on EXPR - maybe the command must be issued only in multi-site configurations as AshokM-8240 said?
Regards,
Michael
Hi Michael,
Ideally, this is not a mandatory configuration. This will be used only if there are any issues with outlook clients connecting to the Exchange server and as part of troubleshooting. This was used widely as a troubleshooting step with legacy outlook clients i.e outlook 2007, etc connecting to Exchange 2013 or above. It is not required to set in your environment as you don't have multiple sites and no issues with outlook connectivity in Outlook Anywhere protocol.
AshokM-8240, thank you very much for the explanation!
Regards,
Michael
P.S. It's a pity this "forum page" does not allow selecting multiple replies as Answer - the previous forum did allow it :(
Glad that provided information for helpful.
Please refer the QnA FAQ's https://learn.microsoft.com/en-us/answers/articles/25904/accepted-answers.html
Also, you can share your feedback https://learn.microsoft.com/en-us/answers/content/idea/list.html
Yes, thanks!
P.P.S. Regarding the Q2:
"As the parameters Server and CertPrincName are $null. The Service Discovery will return to the client the best CAS for Outlook Anywhere, in this case mail1.fourthcoffee.com, and will configure the Certificate Principal Name to msstd:mail1.fourthcoffee.com. Given that the Certificate Principal Name setting does not match to the wild certificate installed on the CAS, it is required to modify the parameter CertPrincName.
Set-OutlookProvider EXPR -CertPrincipalName msstd:.fouthcoffee.com*"
Stupid question: why does mail1.fourthcoffee.com not match *****.fourthcoffee.com? Isn't the purpose of the wildcard certificates to match any "host".domain.com???
In this scenario, outlook clients will look for the SAN name mail1.fourthcoffee.com in the certificate but instead it will have *.fourthcoffee.com and consider that as a mismatch.
"In this scenario, outlook clients will look for the SAN name mail1.fourthcoffee.com in the certificate but instead it will have *.fourthcoffee.com and consider that as a mismatch." - yes, I understand, I just thought *.domain.com would match any hostname by default. Thank you once again.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 82%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEY%3C/text%3E%3C/svg%3E)
Thanks for reply. I'll report this "defect" to related departments as I can.
Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.contoso.com
Found this from old blog: https://learn.microsoft.com/en-us/previous-versions/office/exchange-server-2007/cc535023(v=exchg.80)?redirectedfrom=MSDN
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.