Solved

multiple servers on multiple locations sharing a domainname. How to configure.

Posted on 2008-10-03
17
294 Views
Last Modified: 2010-04-07
Hi All,

I'll have to setup the following for a client.
On 1 exchange 2003 machine in the datacentre I need to receive all email for 3 domains: company.de company.be and company.nl
All clients connect to this machine using webmail. However all countries have an headoffice with their own exchange server using the same above mentioned domain names. On the head offices everyone uses outlook. Headoffice users must be able to send email to eachother but also to people that use webmail on the other server in the datacentre.

On the other hand people using webmail on the Datacentre server need to be able to send to eachother but also to headoffice users.

Off course everyone needs to be able to send to any other ourtside address.

Furthermore the three headoffice servers are connected to eachother via VPN and share the same AD.
The server in the datacentre (wich serves most users) is not connected trough VPN so does NOT share AD and is purely connected to the internet.

Is there a way to set this up without having emails bouncing back and forth between  the headoffice servers and the datacentre server?

Any respons is greatly appreciated!!!

Regards Dutchgeek
0
Comment
Question by:dutchgeek
  • 11
  • 6
17 Comments
 
LVL 15

Expert Comment

by:fishadr
Comment Utility
Not exactly sure if I understand exactly what you are trying to do but here goes:

If you need to share an e-mail domain between different e-mail organizations then you need to run through the following:
http://support.microsoft.com/kb/321721

Basically you set the main domain to accept the e-mails for the shared domain and then configure this e-mail as non-authoritative (so that it does not reject e-mails for users that are not in this organization), you then create a connector to the other e-mail domain to send the unresolved e-mail to. The other exchange domain is then configured to forward all e-mails via the primary domain. This way you get all mail messages sending to all domains and it is controlled (as per the article).

The part that confuses me in your question is regarding the webmail. With Webmail this is an web client interface that points to the server that holds the users mailbox, you cannot place a server in a data centre for webmail and have an Exchange back end in the data centre for the webmail if the clients have a mailbox on an exchange server in another country. You can only have one mailbox per user that the user logs in to or the users will get confused as to which system to logon to.

You could have an e-mail address in another organization that forwards on to the main e-mail systems in the seperate countries but again you would not want to have users logging on to this system for webmail as it will not contain all your information.

0
 

Author Comment

by:dutchgeek
Comment Utility
Hi fishadr,

Thank you for the respons! I've read this article before and this is actualy how I set up my test envirroment. However I do not understand you remark "The other exchange domain is then configured to forward all e-mails via the primary domain."
At this moment I have all servers set up as non-authoritive wich creates a loop in the email that cannot be delivered.

Furthermore your questions about the webmail  are hard to answer. I'll trie to breakdown the situation below:

Server A resides in the data centre and has 300 users connecting trough webmail. The only connect to this box. No where else ! MX records point to this machine.
adresses can be:
general1@domain.nl
general2@domain.be
general3@domain.de
If mail cannot be resolved localy it is forwarded through a connector to server B

Server B resides in Dutch Headoffice and has 50 users connecting to it with outlook or/and webmail.
They always connect to this box when using webmail or outlook. No where else!!
adresses can be:
name@domain.nl
unresolved mail will be forwarded to Server C

Server C resides in German Headoffice and has 25 users connecting to it with outlook or/and webmail.
They always connect to this box when using webmail or outlook. No where else!!
adresses can be:
name@domain.de
unresolved mail will be forwarded to Server D

Server D resides in Belgian Headoffice and has 25 users connecting to it with outlook or/and webmail.
They always connect to this box when using webmail or outlook. No where else!!
adresses can be:
name@domain.be
unresolved mail will be forwarded to Server A

This last line is where I go wrong I think cause I send stuf back to the beginning of the chain. Furthermore there is no authoritive system that  generates a ndr.

Thanks

0
 

Author Comment

by:dutchgeek
Comment Utility
Sorry,

There is one thing that I forgot!!!
 Server B, C and D can  also be put in a VPN so that they can share the sam AD.  This is NOT possible for server A.
However  I do not think this makes a huge difference regarding my question.

Thanks
0
 
LVL 15

Expert Comment

by:fishadr
Comment Utility
Ok, this makes sense.

1) I would suggest that the datacentre (server A) be configured to accept e-mail for all domains as the primary connection from the internet (as set in the MX records - I think that you have already done this)

2) Ensure that all e-mail domain names for Server A are set to non-authoritative (I think that you have already done this)

3) Create a connector to server B and configure the connector from server A to Server B with the e-mail domain for domain.nl and set the Server B e-mail domain to be authoritative for this e-mail domain. Also create a connector from Server B to Server A for the domain.nl (this enables the address space to be shared). Set the default mail route to be forwarded to Server A (rather than to the internet)

4) Create a connector to server C and configure the connector from server A to Server C with the e-mail domain for domain.de and set the Server C e-mail domain to be authoritative for this e-mail domain. Also create a connector from Server C to Server A for the domain.de (this enables the address space to be shared)

5) Create a connector to server D and configure the connector from server A to Server D with the e-mail domain for domain.be and set the Server D e-mail domain to be authoritative for this e-mail domain. Also create a connector from Server D to Server A for the domain.de (this enables the address space to be shared)

This way e-mail comes in to the datacentre A server and if the users is not hosted there it passes it to the other server that it is sharing the e-mail domain with (if the user is not there a NDR will be generated). If a user in the authoritative e-mail domain (say server B) generates an e-mail and the user is not there it will go over the connector to server A

If a user in one of the subdomains (B,C,D) wants to send an e-mail to the other subdomains, e-mail is routed via Server A then to the other domains.

This way you should have no message loops and mail should work efficiently.
0
 

Author Comment

by:dutchgeek
Comment Utility

Thanks, I'll come back to you next week to tell you if this solved my problems. I do not have time to test any sooner. Sorry about that.
0
 

Author Comment

by:dutchgeek
Comment Utility
UNfortunately it is not working. I set up the situation as described but with only two servers to keep it simple.

Server A is unauthortive and has a connector that point to serverB

Server B is authoritive and has a connector to the internet and also one that point directly to ServerA for the domain in question. Furthermore in the default smtp virtual server I have all undeleverable mail send to Server A

If I send an email from a user on server A to a user on server A it works.
If I send an email from a user on server A to a user on server B it works.
If I send an email from a user on server A to a non existing user email dissapears.

If i send an email from a user on server B to a user on Server A I get the following NDR:
You do not have permission to send to this recipient. Relaying denied. This message originates from server A

0
 

Author Comment

by:dutchgeek
Comment Utility
Hi there,

I read that article again and noticed the part below:

When Exchange receives an incoming SMTP message from the Internet, Exchange first tries to resolve the e-mail addresses that are displayed in the recipient fields to objects in Active Directory. If the e-mail address resolves to an Exchange mailbox, Exchange routes the message to the mailbox. If the e-mail address does not resolve to an Exchange mailbox, Exchange routes the message to the e-mail system with which the SMTP address space is shared. The receiving e-mail system then delivers the message to a local mailbox, or it generates a non-delivery report (NDR) delivery status notification (DSN) message. The e-mail system with which the SMTP address space is shared cannot forward the unresolved recipients back to the Exchange incoming SMTP gateway. If you configure the last e-mail system that is in an e-mail system chain to forward unresolved recipients to the incoming e-mail gateway, you will have a messaging loop in which e-mail messages may continuously loop between e-mail servers.

Reading this I think what I want is not possible. Am I missing something?

Regards,

0
 
LVL 15

Expert Comment

by:fishadr
Comment Utility
Hi,

Yes it is all possible - I have implemented it many times, it is nearly there, sounds like there are a few things missing:

1) You mention that if you send an e-mail from a user in server A to a new existing user then email disapears. Have you got the forwarding for unresolved recipients configured in Server A domain. Also check the Exchange Message Tracking centre to see where the e-mail is being delivered to. It sounds like it is mis-configured  somewhere. Also where are the NDR's sent to for unresolved recipients for Server A?

2) Sending an email from users on server B to server A gets a relayinging denied error - You need to allow relaying to this domain for the mails to get though.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 15

Expert Comment

by:fishadr
Comment Utility
0
 

Author Comment

by:dutchgeek
Comment Utility
Back again. Thank you for the above.
I've done everything as you said and it is working except one thing. If I send an email to a NON existing user email goes back and forth between the two machines. If i check in message traking they are using the correct smtp connectors. It says:

Message submitted from store
message submitted to Advanced queing
started message submission to advanced que
message submitted to catecorizer
message catecorized and queed fo routing
message routed and queed for remote delivery
started outbound transfer of message
message transferred to server B through SMTP

this repeats itself on both servers.
0
 
LVL 15

Expert Comment

by:fishadr
Comment Utility
This is a configuration problem on the secondary Domain B.

Is it configured as authoritative?
0
 

Author Comment

by:dutchgeek
Comment Utility
yes it is. I've also created the smtp connector to share the name space and in the default smtp virtual server defined that all unresolved mail should be forwarded to server A.
0
 

Author Comment

by:dutchgeek
Comment Utility
New Info. I just saw that Server B finaly generates a NDR after a few hours.
It says:
A configuration error in the email system caused the message to bounce between two servers or to be forwarded between two recipients.
0
 
LVL 15

Assisted Solution

by:fishadr
fishadr earned 200 total points
Comment Utility
This is due to a message loop and we don't want this message to be dispayed, the NDR should display recipient not found.

There is a misconfiguration on the Server B side. I am going to configure on a VMWare session to see if I can find what is missing.
0
 

Author Comment

by:dutchgeek
Comment Utility
Thanks a lot Fishadr. This is greatly appreciated!!!
0
 

Author Comment

by:dutchgeek
Comment Utility
Any luck yet?
0
 

Accepted Solution

by:
dutchgeek earned 0 total points
Comment Utility
Thanks for all the effort but at this point I have to move along to an alternative. I will be setting up contacts in order to forward all emails for teh HQ's.


0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now