How to Use a Proxy Server with Microsoft Exchange 2007/2010

If you’re like me and managing an Exchange 2010 infrastructure in an environment that requires the use of a proxy server to access the Internet, you may experience various issues with Exchange.  One issue in particular is that SSL’s issued by an external certificate authority (CA) will not be able to be verified by Exchange.  You’ll get an error such as:

“The Certificate Status could not be determined because the revocation check failed”

The reason for this is that Exchange uses WinHTTP to determine the validity of the certificate.  WinHTTP uses the Web Proxy Auto-Discover Protocol (WPAD) in order to determine if a proxy server is utilized in the installed environment (if it’s specified in DHCP or DNS).

In order to determine what proxy server, if any, Exchange is using run the following command from the Exchange Management Shell (working in either Exchange 2007 or 2010):


netsh winhttp show proxy

If none is specified, or if you wish to change it, run the following command (2003/2008 only):


netsh winhttp set proxy-server="http=myproxy:8080;https=secureproxy:8080" bypass-list= "*.internal.com"

For 2008 R2, use this command:


netsh winhttp set proxy proxy-server="http=myproxy:8080;https=secureproxy:8080" bypass-list= "*.internal.com"

Just change the parts necessary to reflect the settings in your environment.  Note that “myproxy” and “secureproxy” may be the same thing.  Although techically optional, I would highly recommend setting the bypass-list to your local, internal domain name or you may have significant difficulty with the Exchange Management Console/Shell.

If you need to reset it back to direct access, just use this command:


netsh winhttp reset proxy

Advertisements

One Response to “How to Use a Proxy Server with Microsoft Exchange 2007/2010”

  1. Excellent article…infact we fixed an issue recently with a problem with a new Exchange server not being able to connect successfully to itself or other servers when lauching EMC or the EMC. For reasons unknown the WinHTTP proxy server was configured to point to an non-existing server / IP Address and thus the Ecxhange Tools were trying to go through this proxy, which was causing the tools to fail.’

    After reseting the proxy to “direct access” (defaults), the problem went away.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s