?
Solved

multiple servers on multiple locations sharing a domainname. How to configure.

Posted on 2008-10-03
17
Medium Priority
?
302 Views
Last Modified: 2010-04-07
Hi All,

I'll have to setup the following for a client.
On 1 exchange 2003 machine in the datacentre I need to receive all email for 3 domains: company.de company.be and company.nl
All clients connect to this machine using webmail. However all countries have an headoffice with their own exchange server using the same above mentioned domain names. On the head offices everyone uses outlook. Headoffice users must be able to send email to eachother but also to people that use webmail on the other server in the datacentre.

On the other hand people using webmail on the Datacentre server need to be able to send to eachother but also to headoffice users.

Off course everyone needs to be able to send to any other ourtside address.

Furthermore the three headoffice servers are connected to eachother via VPN and share the same AD.
The server in the datacentre (wich serves most users) is not connected trough VPN so does NOT share AD and is purely connected to the internet.

Is there a way to set this up without having emails bouncing back and forth between  the headoffice servers and the datacentre server?

Any respons is greatly appreciated!!!

Regards Dutchgeek
0
Comment
Question by:dutchgeek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 6
17 Comments
 
LVL 15

Expert Comment

by:fishadr
ID: 22632040
Not exactly sure if I understand exactly what you are trying to do but here goes:

If you need to share an e-mail domain between different e-mail organizations then you need to run through the following:
http://support.microsoft.com/kb/321721

Basically you set the main domain to accept the e-mails for the shared domain and then configure this e-mail as non-authoritative (so that it does not reject e-mails for users that are not in this organization), you then create a connector to the other e-mail domain to send the unresolved e-mail to. The other exchange domain is then configured to forward all e-mails via the primary domain. This way you get all mail messages sending to all domains and it is controlled (as per the article).

The part that confuses me in your question is regarding the webmail. With Webmail this is an web client interface that points to the server that holds the users mailbox, you cannot place a server in a data centre for webmail and have an Exchange back end in the data centre for the webmail if the clients have a mailbox on an exchange server in another country. You can only have one mailbox per user that the user logs in to or the users will get confused as to which system to logon to.

You could have an e-mail address in another organization that forwards on to the main e-mail systems in the seperate countries but again you would not want to have users logging on to this system for webmail as it will not contain all your information.

0
 

Author Comment

by:dutchgeek
ID: 22649206
Hi fishadr,

Thank you for the respons! I've read this article before and this is actualy how I set up my test envirroment. However I do not understand you remark "The other exchange domain is then configured to forward all e-mails via the primary domain."
At this moment I have all servers set up as non-authoritive wich creates a loop in the email that cannot be delivered.

Furthermore your questions about the webmail  are hard to answer. I'll trie to breakdown the situation below:

Server A resides in the data centre and has 300 users connecting trough webmail. The only connect to this box. No where else ! MX records point to this machine.
adresses can be:
general1@domain.nl
general2@domain.be
general3@domain.de
If mail cannot be resolved localy it is forwarded through a connector to server B

Server B resides in Dutch Headoffice and has 50 users connecting to it with outlook or/and webmail.
They always connect to this box when using webmail or outlook. No where else!!
adresses can be:
name@domain.nl
unresolved mail will be forwarded to Server C

Server C resides in German Headoffice and has 25 users connecting to it with outlook or/and webmail.
They always connect to this box when using webmail or outlook. No where else!!
adresses can be:
name@domain.de
unresolved mail will be forwarded to Server D

Server D resides in Belgian Headoffice and has 25 users connecting to it with outlook or/and webmail.
They always connect to this box when using webmail or outlook. No where else!!
adresses can be:
name@domain.be
unresolved mail will be forwarded to Server A

This last line is where I go wrong I think cause I send stuf back to the beginning of the chain. Furthermore there is no authoritive system that  generates a ndr.

Thanks

0
 

Author Comment

by:dutchgeek
ID: 22649244
Sorry,

There is one thing that I forgot!!!
 Server B, C and D can  also be put in a VPN so that they can share the sam AD.  This is NOT possible for server A.
However  I do not think this makes a huge difference regarding my question.

Thanks
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 15

Expert Comment

by:fishadr
ID: 22649378
Ok, this makes sense.

1) I would suggest that the datacentre (server A) be configured to accept e-mail for all domains as the primary connection from the internet (as set in the MX records - I think that you have already done this)

2) Ensure that all e-mail domain names for Server A are set to non-authoritative (I think that you have already done this)

3) Create a connector to server B and configure the connector from server A to Server B with the e-mail domain for domain.nl and set the Server B e-mail domain to be authoritative for this e-mail domain. Also create a connector from Server B to Server A for the domain.nl (this enables the address space to be shared). Set the default mail route to be forwarded to Server A (rather than to the internet)

4) Create a connector to server C and configure the connector from server A to Server C with the e-mail domain for domain.de and set the Server C e-mail domain to be authoritative for this e-mail domain. Also create a connector from Server C to Server A for the domain.de (this enables the address space to be shared)

5) Create a connector to server D and configure the connector from server A to Server D with the e-mail domain for domain.be and set the Server D e-mail domain to be authoritative for this e-mail domain. Also create a connector from Server D to Server A for the domain.de (this enables the address space to be shared)

This way e-mail comes in to the datacentre A server and if the users is not hosted there it passes it to the other server that it is sharing the e-mail domain with (if the user is not there a NDR will be generated). If a user in the authoritative e-mail domain (say server B) generates an e-mail and the user is not there it will go over the connector to server A

If a user in one of the subdomains (B,C,D) wants to send an e-mail to the other subdomains, e-mail is routed via Server A then to the other domains.

This way you should have no message loops and mail should work efficiently.
0
 

Author Comment

by:dutchgeek
ID: 22668159

Thanks, I'll come back to you next week to tell you if this solved my problems. I do not have time to test any sooner. Sorry about that.
0
 

Author Comment

by:dutchgeek
ID: 22731323
UNfortunately it is not working. I set up the situation as described but with only two servers to keep it simple.

Server A is unauthortive and has a connector that point to serverB

Server B is authoritive and has a connector to the internet and also one that point directly to ServerA for the domain in question. Furthermore in the default smtp virtual server I have all undeleverable mail send to Server A

If I send an email from a user on server A to a user on server A it works.
If I send an email from a user on server A to a user on server B it works.
If I send an email from a user on server A to a non existing user email dissapears.

If i send an email from a user on server B to a user on Server A I get the following NDR:
You do not have permission to send to this recipient. Relaying denied. This message originates from server A

0
 

Author Comment

by:dutchgeek
ID: 22765443
Hi there,

I read that article again and noticed the part below:

When Exchange receives an incoming SMTP message from the Internet, Exchange first tries to resolve the e-mail addresses that are displayed in the recipient fields to objects in Active Directory. If the e-mail address resolves to an Exchange mailbox, Exchange routes the message to the mailbox. If the e-mail address does not resolve to an Exchange mailbox, Exchange routes the message to the e-mail system with which the SMTP address space is shared. The receiving e-mail system then delivers the message to a local mailbox, or it generates a non-delivery report (NDR) delivery status notification (DSN) message. The e-mail system with which the SMTP address space is shared cannot forward the unresolved recipients back to the Exchange incoming SMTP gateway. If you configure the last e-mail system that is in an e-mail system chain to forward unresolved recipients to the incoming e-mail gateway, you will have a messaging loop in which e-mail messages may continuously loop between e-mail servers.

Reading this I think what I want is not possible. Am I missing something?

Regards,

0
 
LVL 15

Expert Comment

by:fishadr
ID: 22765607
Hi,

Yes it is all possible - I have implemented it many times, it is nearly there, sounds like there are a few things missing:

1) You mention that if you send an e-mail from a user in server A to a new existing user then email disapears. Have you got the forwarding for unresolved recipients configured in Server A domain. Also check the Exchange Message Tracking centre to see where the e-mail is being delivered to. It sounds like it is mis-configured  somewhere. Also where are the NDR's sent to for unresolved recipients for Server A?

2) Sending an email from users on server B to server A gets a relayinging denied error - You need to allow relaying to this domain for the mails to get though.
0
 
LVL 15

Expert Comment

by:fishadr
ID: 22765610
0
 

Author Comment

by:dutchgeek
ID: 22786964
Back again. Thank you for the above.
I've done everything as you said and it is working except one thing. If I send an email to a NON existing user email goes back and forth between the two machines. If i check in message traking they are using the correct smtp connectors. It says:

Message submitted from store
message submitted to Advanced queing
started message submission to advanced que
message submitted to catecorizer
message catecorized and queed fo routing
message routed and queed for remote delivery
started outbound transfer of message
message transferred to server B through SMTP

this repeats itself on both servers.
0
 
LVL 15

Expert Comment

by:fishadr
ID: 22787078
This is a configuration problem on the secondary Domain B.

Is it configured as authoritative?
0
 

Author Comment

by:dutchgeek
ID: 22794201
yes it is. I've also created the smtp connector to share the name space and in the default smtp virtual server defined that all unresolved mail should be forwarded to server A.
0
 

Author Comment

by:dutchgeek
ID: 22794978
New Info. I just saw that Server B finaly generates a NDR after a few hours.
It says:
A configuration error in the email system caused the message to bounce between two servers or to be forwarded between two recipients.
0
 
LVL 15

Assisted Solution

by:fishadr
fishadr earned 800 total points
ID: 22795020
This is due to a message loop and we don't want this message to be dispayed, the NDR should display recipient not found.

There is a misconfiguration on the Server B side. I am going to configure on a VMWare session to see if I can find what is missing.
0
 

Author Comment

by:dutchgeek
ID: 22795200
Thanks a lot Fishadr. This is greatly appreciated!!!
0
 

Author Comment

by:dutchgeek
ID: 22904166
Any luck yet?
0
 

Accepted Solution

by:
dutchgeek earned 0 total points
ID: 22959625
Thanks for all the effort but at this point I have to move along to an alternative. I will be setting up contacts in order to forward all emails for teh HQ's.


0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question