Link to home
Start Free TrialLog in
Avatar of technolutions
technolutionsFlag for South Africa

asked on

Exchange 2003 with .local extension

hi, i'm having dificulty setting up OWA on a Domain with a example.local extension. I do not have any troubles setting it up with a .com or .co.za extension. is their some way i can work around this??

For example: how i set it up normally is as follow, I create an SSL certificate called secure.example.com/co.za on the Internal Server/mail. SSL and OWA internaly works fine, no problems. The other thing is we run ISA 2004, now i create the neccesary rules and I don't have any troubles from the outside/internet. all is well when i do this with a .com or.co.za extension.

But as soon as a domain has a .local extension i have troubles. i know that .local cannot be resolved externally, and i use SBS 2003 premuim.all my services\applications are running off a single DC. IF i use a certificate called secure.example.local, how will i use this from the internet?? because you cannot use .local. as far as i know the Certificate you create needs to match the internal mail server/domain name?? changing the Hosts file and adding an entry would'nt help either??

Is their a work around on this or not??

thanks
ASKER CERTIFIED SOLUTION
Avatar of Steve Knight
Steve Knight
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of technolutions

ASKER

Hi Steve

what you have mentioned above is all well if i had a different extension to .local but unfortunately it does'nt work with what i currently have.
What we are using is DynDns and it won't  help creating record at the ISP because .Local won't resolve anywhere.(with a .com or.co.za extension i create the records) we do not make use of a static IP. the certificates are in place. Just to state that i don't have any problems doing so when a domain has a .com/.co.za extension.

Look my domain is called example.local and my certificate is called secure.example.local, I believe the problem is with the .Local??

thanks

Johan
I have to say I have never used OWA being a Lotus Notes/Domino person mainly (though I do work on Exchange).

The .local should be irrelevant. If you are using dydns.org then presumably you have an address with them such as company.dyndns.org and/or a a cname in your own dns pointing at the dyndns.org address.  Either way if you have company.dyndns.org then you need a certificate that matches that so that when a user outside types in https://company.dyndns.org it resolves to your external IP opens up an encrypted path to your ISA server.  As long as there is a suitable certificate on that server then surely that is that.

Again I'm not sure of the mechanisms built in to SBS for OWA but for other hosted applications I have dealt with behind an ISA 2004 firewall you can create a web listener on port 443 (SSL) on the outside interface in ISA that listens for https://company.....org/owa/ or whatever and decodes the traffic then forwards it to http://exchangeserver.company.local/ or whatever inside.  You just install the trusted external certificate you have craeted onto the ISA server itself in the certficiates MMC snap-in.

Maybe someone else here will knwo more about the OWA side or perhaps this would be better in the Exchange or Outlook question areas?

https://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/

Steve
Avatar of SkUllbloCk
SkUllbloCk

.local wont be routed

The only way i can suggest that you do this, is by first creating a vpn onto the network, and then access the OWA. or disable the SSL connection part of it. (the later is NOT recommended)
Hi Steve/SkUllbloCk

is their a way you can setup the OWA without using SSL? Not recomended but is it possible. and if it is can you please support me with details in doing so?

Johan
Not sure, but if you can connect to it using http://yuourip/owa or whatever the url is then use your ISA as an SSL endpoint as suggeste so the traffic remains encrypted over the internet portion. WIll see if I can find any docs on this later

Steve
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial