Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2011-03-19

In Microsoft Exchange Server 2010, several server roles rely on the underlying Microsoft Windows HTTP Services (WinHTTP) to manage all HTTP and HTTPS traffic. Both Hub Transport servers and Edge Transport servers may use HTTP to access filter updates for the Microsoft Exchange Anti-spam Update service and the Microsoft Forefront Protection for Exchange Server anti-spam update service, and for certificate revocation list (CRL) validation. If your organization supports smart card authentication for clients to connect to Exchange, and the CRL for the presented client certificates is hosted outside your firewall, Client Access servers need to be configured for proxy servers to make outbound requests to perform CRL validation. Additionally, Exchange organizations that have their archives hosted by Windows Live require that their Client Access and Mailbox servers are able to make outbound HTTP requests to Microsoft datacenters.

In most organizations, a proxy server is used for HTTP and HTTPS communications with destinations on the Internet. If your organization uses a proxy server and your Exchange transport servers aren't configured to use the proxy server for HTTP and HTTPS, you must configure them so that HTTP-enabled CRL validation works.

The simplest way to configure WinHTTP is to use the Netsh.exe tool. Netsh.exe is a command-line tool included in the %System32% directory on all computers running Windows Server 2008. You can use Netsh.exe to set and view WinHTTP configurations. All the WinHTTP-related commands are included under the WinHTTP context within the Netsh.exe tool.

For more information about how to use the Netsh.exe tool, see How to Use the Netsh.exe Tool and Command-Line Switches.

Looking for other management tasks related to anti-spam and antivirus features? Check out Managing Anti-Spam and Antivirus Features.

Use Netsh.exe to configure proxy settings for WinHTTP

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Hub Transport server" and "Edge Transport server" entries in the Transport Permissions topic.

To navigate to the WinHTTP context, open an administrator Command Prompt window, type netsh, and then type winhttp.

Copy Code
C:\Windows\system32>netsh
netsh>winhttp
netsh winhttp>

You use the set proxy command to configure the proxy settings. You can type the command followed by a question mark to see the syntax for this command.

Copy Code
netsh winhttp>set proxy /?

This example specifies that HTTP servers and HTTPS servers are accessed through the proxy server proxy_server, except for host names that don't contain a period specified by the "<local>" argument.

Copy Code
netsh winhttp>set proxy proxy_server "<local>"

This example imports proxy information used by Internet Explorer by using the import proxy command.

Copy Code
netsh winhttp>import proxy source=ie

This examples uses the reset proxy command to reset the WinHTTP proxy to DIRECT.

Copy Code
netsh winhttp>reset proxy

Even if you aren't running a proxy server, we recommend that you use Netsh.exe to check whether a previous proxy has been set. By running the tool without arguments, this example shows the current configuration.

Copy Code
netsh winhttp>show proxy
Important:
You must restart the Microsoft Exchange Transport service and the Microsoft Exchange Anti-spam Update service after you have made configuration changes to WinHTTP.