Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Configuration questions

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Installation >> Configuration questions Page: [1]
Login
Message << Older Topic   Newer Topic >>
Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
Configuration questions - 5.Aug.2008 8:17:28 PM   
pbryant75

 

Posts: 32
Joined: 26.Jun.2008
Status: offline 		Hi.  I need some questions answered about DNS and OAW.  Here is my environment. 
I am running one AD domain that is the same as the external domain name.  Email is currently hosted through an ISP on mail.domain.com.  I am running HUB, Client Access and Mailbox roles.  Internal mail works fine in test environment. I have started moving over users to Exchange with them still using POP 3 for mail flow.  I plan on cutting over the MX records in two weeks. I installed the SAN certificate today to use OAW without problems.  The Cert is registered to mail.domain.com with alternate names of webmail.domain.com,  autodiscover.domain.com and servername.neumanusa.com.  I called our ISP to request aliases for webmail.domain.com and autodiscover.domain.com and he has them pointing to my companies public IP address and not the mail.domain.com (they are hosting).  Is this correct?  He also told me that I would have issues sending and receiving outside mail because my internal domain is the same as our external domain.  If this is true, what do I need to change in my DNS?  I am also having an issue resolving the oaw url, webmail.domain.com.  I can resolve server.domain.com/oaw (the default url), even though I changed both the internal and external urls.  Sorry that i have so many questions in one thread.  Thanks in advance

Phillip
Post #: 1
RE: Configuration questions - 5.Aug.2008 8:29:43 PM   
Elan Shudnow

 

Posts: 670
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline 		Having the same name externally and internally is fine.  If you have your mail going directly to Exchange (Public IP being Nat'd to an IP that lives on Exchange), you'll have your mail.domain.com go directly to exchange.  Then on Exchange, you'll just want to make sure you have an Accepted Domain for the domain.com you're accepting mail for.  Then you'll make sure an E-mail Address Policy exists to provide user's with an e-mail address for that domain.com.

For the autodiscover, you'll do the same.  If you have non-domain joined clients, you'll also want to put the autodiscover record on the inside of the network.  For non-domain joined users and internet  users, you'll want to make sure for every service you specify an -externalurl that allows your client to connect to those services.  For users who are connected on the internal network and are domain joined, you'll want to make sure your -InternalURLs are specified correctly.  Since the Exchange services use SSL, you'll want to make sure the FQDNs you specify in the URLs contain a name that is included on the certificate you received.

For sending mail, you'll be fine as your Exchange Server will send mail to the Internet via DNS unless you want to smart host it to a service provider on the internet who does antispam/antivirus before sending it off into the cloud.

_____________________________

Elan Shudnow
Exchange MVP
http://www.shudnow.net

(in reply to pbryant75)
Post #: 2
RE: Configuration questions - 5.Aug.2008 9:31:22 PM   
pbryant75

 

Posts: 32
Joined: 26.Jun.2008
Status: offline 		Thanks Elan.
If I understand you correctly, I don't have to make any mods to DNS for Exchange to handle mail flow.  Is that correct?  I do have the AD domain as the accepted authorative domain.  Do I need  to add an authorative domain for mail.domain.com and webmail.domain.com?  

I have defined the internal and external urls for all the internet services.  As for OAW, both urls are webmail.domain.com, which I can not resolve.  Do I have to configure something in DNS or IIS?  And can you please enlighten me as to why my ISP would point the webmail.domain.com to my public IP and not the mail.domain.com's address? 

Phillip

(in reply to Elan Shudnow)
Post #: 3
RE: Configuration questions - 6.Aug.2008 9:37:50 AM   
Elan Shudnow

 

Posts: 670
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline 		You don't have to make any modifications to DNS really.  Just have the MX record go to Exchange, create two Accepted Domains (authoritative if there are no other mail servers that host mail for this smtp namespace).  Even if you are accepting mail for a non-AD domain, you still do the same exact steps.

Any server on the internet needs a public ip.  So webmail.domain.com needs to point to a public IP on the internet which should hit your router then firewall.  Your firewall should have a static NAT entry created on hit which NAT's that public IP to the Exchange Server's private ip.  That way when someone goes to webmail.domain.com, they'll resolve it as a public ip, it'll hit your internal hardware, and be NAT'd to your Exchange Server.  That is all of course if you are not using ISA in which the NAT would be to ISA instead of Exchange.

_____________________________

Elan Shudnow
Exchange MVP
http://www.shudnow.net

(in reply to pbryant75)
Post #: 4
RE: Configuration questions - 6.Aug.2008 10:03:15 PM   
pbryant75

 

Posts: 32
Joined: 26.Jun.2008
Status: offline 		Thank you Elan.  I made some break throughs today.  I can now access owa externally, but can't send or receive mail.  I'm sure that this is because the MX records are currently being hosted through an ISP.  I would like your opinion about what public address I should be using for SMTP and HTTPS services.  I have the WAN address that my firewall is using and 5 usable public address that are behind the firewall.  At first I used one of the 5 public lan address to handle the webmail.domain.com service by creating a one to one NAT inside my firewall.  This address worked fine, however my network is more exposed.  I later deleted the NAT record, redirected the webmail.domain.com to the WAN address and routed the HTTPS service to my exchange server.  This works fine to with less exposure.  Which address do you recommend?  Thanks again for your help

Phillip

(in reply to pbryant75)
Post #: 5
RE: Configuration questions - 6.Aug.2008 10:27:20 PM   
Elan Shudnow

 

Posts: 670
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline 		Well if you have both SMTP and your webmail.domain.com traffic going to the same public ip, just create a host record for mail going to the same public ip and create an mx record going to your mail a record.  Or you can just use your existing webmail record and just create the mx reocrd to go to your webmail record.

Personally, I would create a mail record and have that point to the same ip that webmail is being pointed to.  That way if you ever change what is receiving your mail like an Exchange Edge, Microsoft Hosted Services, an internal smtp antispam/antivirus appliance, you can just modify the host record and point it to your new appliance and no mx changes will need to be made.

_____________________________

Elan Shudnow
Exchange MVP
http://www.shudnow.net

(in reply to pbryant75)
Post #: 6
RE: Configuration questions - 12.Aug.2008 3:12:25 PM   
pbryant75

 

Posts: 32
Joined: 26.Jun.2008
Status: offline 		Elan:  Pardon my ignorance, but i'm still confused.  Why would my mail host record point to my public address and not my Exhange Servers private address and why the MX record?  I am having my ISP that is currently hosting the mail.domain1.com and mail.domain2.com switch the MX records to point to my Exchange servers public IP on Thursday.  They will still be handling the mail filtering.  Am I wrong by creating a host record for mail, webmail and autodiscover with them pointing to the Mail servers lan IP and having the ISP point the MX records Mail server's public IP?  I already have webmail and autodiscover pointed to the public IP and OWA is working great, both internally and Externally.  As far as the firewall goes, I have SMTP and HTTPS services routed to the Exchange server. 

Thanks
Phillip

(in reply to pbryant75)
Post #: 7
RE: Configuration questions - 12.Aug.2008 8:03:01 PM   
Elan Shudnow

 

Posts: 670
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline 		Well an MX essentially just points to an A (Host) Record and the MX basically says it is the MX record for a specific domain.  So if your MX record is pointing to your ISP it means the A record's IP points to the ISP and the MX points to that A.

So if your webmail.domain.com is pointing to your Exchange box then everything is fine there.  If your mail.domain.com is pointed to your ISP and your MX points to that A record, that's fine as long as you want your ISP filtering your mail.  If you want to filter your own mail, you would re-point that A record for mail.domain.com  (if this is the record you're using for SMTP) and point that to your Exchange box if it's doing its own filtering or another type of filtering device.

If you still don't understand this, I would suggest getting a consultant on-site to assist.

_____________________________

Elan Shudnow
Exchange MVP
http://www.shudnow.net

(in reply to pbryant75)
Post #: 8
RE: Configuration questions - 12.Aug.2008 8:58:27 PM   
pbryant75

 

Posts: 32
Joined: 26.Jun.2008
Status: offline 		Thanks.  Due to budget restraints, I can't hire a consultant.  I thinks I have a good handle on things except for the whole DNS and MX records confusion.  My ISP will only be filtering inbound mail.  If I understand you correctly, I just add an A record for mail.domain.com and point it to the Exchange servers IP.  Is this correct?  Thanks again for your help.

Phillip

(in reply to pbryant75)
Post #: 9
RE: Configuration questions - 12.Aug.2008 9:07:08 PM   
Elan Shudnow

 

Posts: 670
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline 		Depends on if you want your ISP filtering your mail still.  If you do, then why would you change the MX record.  You would leave the MX alone.  Depending on your ISP, you may have to tell them to change where their filtering service sends mail to your domain or they may provide a web portal for you to change this.  Or you can leave that alone and just change the NAT record on your firewall so it starts sending mail to a different private IP (your new Exchange box).

_____________________________

Elan Shudnow
Exchange MVP
http://www.shudnow.net

(in reply to pbryant75)
Post #: 10
RE: Configuration questions - 12.Aug.2008 9:24:09 PM   
pbryant75

 

Posts: 32
Joined: 26.Jun.2008
Status: offline 		Thanks Elan.  That makes perfect sense.  I'll do just that.  I'll be in Chicago in October for the marathon, I feel like I owe you dinner, lol.  Thanks again.

Phillip

(in reply to pbryant75)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Installation >> Configuration questions Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts