Outlook 2010 exchange proxy settings automatically changes to incorrect details

Exchange 2007 Autodiscover Service can automatically change Outlook 2010 "Exchange Proxy Settings" to incorrect parameters if Exchange Outlook Anywhere is not configured correctly.
Even if you manually set correct details after restarting the Outlook changes get reverted back.
This only affects computer in the domain.

Outlook Microsoft Exchange Proxy Settings

You have 3 options to fix this:

  • Force settings via group policy

    Read this article for detailed instructions.

  • Disable Autodiscover on Exchange server

    • In Exchange Management Shell (EMS) run: Get-outlookprovider -identity EXPR | remove-outlookprovider
    • On Exchange Client Access Server - IIS Manager > Application Pools > MSExchangeAutodiscoveryAppPool > Actions > Recycle
    This will stop Outlook Anywhere settings from being automatically pushed to Outlook clients, but you still can configure them manually, or via group policy.
    To restore Autodiscover functionality:
    • In Exchange Management Shell (EMS) run: New-OutlookProvider -Name:EXPR
      You may need to reconfigure Autodiscovery as per instructions below.
  • Configure Autodiscover to push correct settings to all clients

    1. Exchange Management Console (EMC) > Server Configuration > Client Access > [servername] > Properties > Outlook Anywhere - Enter correct external exchange host name. E.g. mail.mydomain.com and select appropriate "Client authentication method". E.g. "Basic authentication".

      This will populate "Use This URL to connect to my proxy server for Exchange" and "Use this authentication when connecting..." in MS Outlook

      You can also check this information using Exchange Management Shell (EMS)
      Get-OutlookAnywhere -Server [servername] |fl

    2. Outlook Anywhere will also automatically populate "Only connect to proxy servers that have this principal name in their certificate" in MS Outlook. By default Outlook uses external exchange host parameter (configured in step 1). E.g. msstd:mail.mydomain.com

      If this matches the principal name in your certificate you can leave it as it is. Otherwise you need to change it using EMS.
      Run: Get-OutlookProvider -Identity EXPR | fl
      Check values:


      If CertPrincipalName is set, it will populate "Only connect to proxy servers that have this principal name in their certificate" field in Outlook and override the default value. To set it run:
      set-OutlookProvider -id EXPR -Server "[servername]" -CertPrincipalName "msstd:server.domain.com"

      Make sure server.domain.com matches principal name in your certificate.
      Also run following to reset Server value (it should be empty)
      set-OutlookProvider -id EXPR -server $null

      Double check your settings:
      Get-OutlookProvider -Identity EXPR | fl

MS Exchange 2007
MS Outlook 2010
Windows Server 2003 domain

Export private key and certificate from IIS .pfx file

If you need to move or copy a certificate from Windows IIS6 to Linux Apache server (or other device requiring .key and .crt formats) perform following steps:

1. Export IIS6 certificate into into .pfx format
On Windows Server machine
Start > Run MMC
File > Add/Remove Snap-in
Add > Certificates > Add > Computer Account > Local Computer
Navigate to Certificates > Personal > Certificates
Right click your certificate > All Tasks > Export
Yes, export private key
Personal Information Exchange (.pfx) - clear all checkboxes
leave password blank
Choose where to save file

2 . Extract private key and certificate file
You need OpenSSL to extract private key and certificate from .pfx
If you have Linux web server in place you should already have openssl there.
Alternatively you can download and install Windows version. For more info and latest versions check here
If you installed Windows version run openssl.exe from C:\OpenSSL-Win32\bin
In Linux version just type openssl in terminal

in OpenSSL
Export private key and certificate:
pkcs12 -in "C:\your\path\filename.pfx" -out "C:\your\path\cert.pem"
Enter Import Password: leave blank
Enter PEM pass phrase: 1234 (or anything else)

Created cert.pem file will have encrypted private key and all certificates (identity, root, intermediate) in a plain text.
To extract certificates or encrypted private key just open cert.pem in a text editor and copy required parts to a new .crt or .key file. If formatting doesn't look right in Windows notepad use Notepad++ or similar text editor.

If you need private key in not encrypted format you can extract it from cert.pem removing encryption:
rsa -in "C:\your\path\cert.pem" -out "C:\your\path\PrivateKey.key"
Enter pass phrase (1234 or somethinkg else you set previously) to remove encryption.

Windows Server 2003

Restore Exchange 2007 mailbox to a test lab server (ntbackup)

This guide helps to restore an Exchange 2007 mailbox to a test lab server on an isolated network and extract restored mailbox as a .pst file.
Normally you can only restore Exchange within the same organisation. If you want to restore Exchange mailbox to a server on a completely different network you have to replicate your domain and exchange setup.

1. Create a new virtual machine (or use a physical PC) on an isolated network not connected to your existing environment.

2. Install Windows Server 2003 (R2) 64 bit with SP2.

  • Start > Run > dcpromo. Create a new domain with the same name as you existing one.

3. Install Exchange server 2007

  • Install Microsoft .NET Framework Version 2.0 Redistributable Package (x64)
  • Install Windows PowerShell 1.0 Windows Server 2003 x64 Edition
  • You may also need to install following updates before you can install Exchnage:
    Microsoft .NET Framework 2.0 Service Pack 1 (x64)
  • Enable IIS and WWW services: Add Remove Programs > Add Remove Windows Components > Application Server > Details > IIS.
  • Raise Domain Functional Level to Windows Server 2003: AD Users and Computers > mydomain.local > Raise Domain Functional Level.
  • Install Exchange Server 2007 SP1. Choose "Typical installation".
  • Make sure Exchange organisation name matches your existing Exchange organisation's name. To find Organisation Name of existing Exchange server run Shell command Get-OrganizationConfig | select name.

4. Restart newly installed Exchange Server.

5. Exchange Management Console (EMC) > Server Configuration > Mailbox Rename "First Storage Group" and "Mailbox Database" so they have the same names as the storage group and database you are restoring from.

6. Create new Recovery database. Exchange Management Console (EMC) > Toolbox > Database Recovery Management

  • Create a Recovery Storage Group. Use default values.
  • Using tasks in the opened Troubleshooting Assistant make sure Recovery database is dismounted and flag "Database can be overwritten by restore" is set.

7. Open Windows Backup utility (ntbackup) > Restore and Manage Media > Tools > Catalog a backup file > Select your .bkf backup file you will be restoring from.

  • Browse and select required storage group.
  • Click "Start Restore".
  • Enter <servername> of your new Exchange server  in "Restore to exchange" (Server names of old and new servers do not have to match)
  • Check "Last Restore Set" if this is the only restore you are going to run on this storage group.
  • Enter path for TMP files.
  • Click OK and run the Restore operation.

8. EMC > Recipient Configuration > Mailbox. Create a new mailbox where you will be restoring data.

9. Go back to Troubleshooting Assistant and Mount Recovery Storage Group.

10. Now you need to transfer restored mailbox from Recovery Storage Group to your main storage group.
Open Exchange Management Shell (EMS) and run: restore-mailbox -RSGMailbox '<User Name>' -RSGDatabase 'Recovery Storage Group\Mailbox Database' -id '<user.name>' -TargetFolder 'Restore'
"<User Name>" is full name of the user you are restoring
"<user.name>" is an alias of the user you created in stage 8.

11. Now you have only left to extract recovered mailbox into .PST file. This can only be done on a 32 bit computer with Outlook 2003 SP2 or later installed.

12. Install new Windows XP workstation on the same isolated network and join the domain.

13. Install MS Exchange 2007 SP1 32 bit version.

  • Choose Custom Installation and select Management Tools only.
  • As with the Exchange server you may need to install .NET framework, PowerShell and some other updates required for Exchange installation.

14. Install MS Outlook 2003 SP2 or later.

15. Export mailbox into .pst file - EMS > Export-Mailbox –Identity <user.name> -PSTFolderPath <pathToSavePST>
If you get Error: Failed to copy messages to the destination mailbox store with error: MAPI or an unspecified service provider, you need to set appropriate Exchange permissions to the user account you are logged on.
EMC > Organisation Configuration > Exchange Administrators > Add Exchange Administrator > Exchange Server Administrator Role
EMC > Recipient Configuration > Mailbox > user.name > Manage Full Access Permissions > Add

Useful Exchange 2007 and 2010 Management Shell commands


Get-MailboxStatistics -server <ServerName>
Get a list of all mailboxes, number of items, Storage Limit Status and Last Logon Time

Get-MailboxStatistics –server <ServerName> | Sort-Object TotalItemSize -Descending | ft DisplayName,@{label="TotalItemSize(MB)";expression={$_.TotalItemSize.Value.ToMB()}},ItemCount, storagelimitstatus
Get list of all mailboxes, sizes in MB, number of items and limit status. Sorted by size.

Get-MailboxStatistics -server <ServerName> | sort -Property @{expression={$_.TotalDeletedItemSize.value.ToMB()}} -Descending | select-object DisplayName, @{expression={$_.TotalDeletedItemSize.value.ToMB()};Label="Dumpster(MB)"}, @{expression={$_.totalitemsize.value.ToMB()}; label="Mailbox Size (MB)"}
Get list of all mailboxes and their dumpster sizes. Sorted by dumpster size.

Get-Mailbox | Get-MailboxFolderStatistics | sort -Property {$_.FolderAndSubFolderSize.ToMb()} -Descending | where{$_.FolderType -eq "DeletedItems"} | Select-Object Identity, @{expression={$_.FolderAndSubFolderSize.ToMb()};Label="Size of Deleted Items"}, ItemsInFolderAndSubFolders | fl
Get list of sizes and number of items of Deleted Items for all users. Sorted by Deleted Items folder size.
If you want results to be exported into .csv file, replace | fl with | Export-Csv c:\deleted_items.csv

Get-Mailbox | Format-Table alias, *quota
Retrieves all mailbox users with mailbox quotas (only set explicitly). "unlimited" may be misleading if default quota is used.  See bellow.

Get-Mailbox -id "**" | fl *quota*
A value of TRUE on UseDatabaseQuotaDefaults means that the per-mailbox settings are ignored and the mailbox database defaults are used. 


Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait