All about Set-OutlookProvider

 This subject seems to be one of the gray areas in terms of Exchange 2007 product documentation. Apart from Exchange help, only resources I could able to find is the blogs by Vandy, which are listed below:


The Autodiscover Service and Outlook Providers - how does this stuff work?

When, if and how do you modify Outlook Providers?


These blogs provide very detailed information about Outlook Providers. Consider my blog as a summary and some few extra information missing.


The common benefit of enabling Outlook Provider, is to assure Outlook client connecting to a specific server, which has a specific name in subject name field on the certificate.


Set-OutlookProvider EXPR -CertPrincipalName


Running above command will force Outlook client "Only connect to proxy servers that have this principal name in their certificate" to be enabled and value set to If client connects to a proxy server, which does not have in subject name field in the certificate, the connection will fail.


Outlook provider settings are being pushed to client by autodiscover service. You can verify it by running Test E-mail AutoConfiguration on Outlook computer. The Results pane will show "Mutual Authentication: Yes", if it is applied to Outlook. So be aware that legacy Outlook clients will not be forced, since autodiscover service is not applicable to them.


$null vs none:

  • As explained by Vandy's second blog, setting CertPrincipalName value $null, will populate certificate principal name depending on CAS server that client connected to. This is the ExternalHostname value of Outlook Anywhere on that CAS. You can query all values from all CAS servers by running following commandlet:
    Get-OutlookAnywhere | fl Server,ExternalHostname
  • Setting CertPrincipalName parameter value to none, is how you disable mutual authentication settings from Exchange side. This is not been documented for Exchange 2007. Luckily it has been added Exchange 2010 documentation as third exaple for Set-OutlookProvider subject.


An addition to what we have in Exchange 2007, is OutlookProviderFlags parameter comes with Exchange 2010. Basically this new parameter can force "connect using HTTP first, then connect using TCP/IP" proxy setting on Outlook 2010 clients only.


After making changes on Outlook Provider settings, you would want to test and see the results from client side. Some might think restarting IIS Admin service would make new Outlook Provider setting immediately effective. Infact it is. However it will be a lot more downtime, compared to restarting only World Wide Web Publishing service.


I hope this blog generally explains everything about Outlook Providers. As said before, I strongly recommend Vandy's blogs for details. If you still have questions, feel free to post them here.

Comments (2)
  1. Levin says:

    Hello I am multiple child domains in single forest, each country has each child. Each country has different outlook anywhere URL since each country connects to their own exchange CAS servers. in this case if I set outlookprovider it will force all domain’s outlook clients to use my domain’s CAS server. is it advisable to set it in my environment.

Comments are closed.

Skip to main content