I am not sure if I have set this up correctly but I have the Exchange server setup in its own domain, own DNS server outside my firewall. My internal networks have its own Domain/ forest two Global catalogs, DNS, DHCP.
My thought was to keep the exchange server completely separate and if by chance it gets hacked into there is no chance of compromising our internal network shares. It was double work to key in all the users into the email/exchange domain but I thought for security it was worth it. In outlook, you specify the exchange server name (mail.mydomain.com) and then when you click on check name it would prompt for a username and a password (mydomain.com\username) This works fine for everyone at the corporate office and any remote location that is not a member of the domain mydomain.local
The internal domain is called mydomain.local (192.168.1.x network) and the Exchange domain is mydomain.com (24.x.x.x)
Food for more thought…
The internal domain client all talk back to the PDC for DNS (192.168.1.86) which forwards all outbound DNS to ISP. As I said though for all the computers at the corporate office this is working fine it is just the remote branches whose computers are members of the corporate domain (mydomain.local). They can ping the exchange server, they can telnet to port 25 on the exchange server, just can not resolve the name during the initial setup.
I have applied the hotfix to the 2 GC servers and the 1 Exchange server and have no such luck. Reference Microsoft KB 898060
I am stumped, any ideas?