dutchgeek
asked on
multiple servers on multiple locations sharing a domainname. How to configure.
Hi All,
I'll have to setup the following for a client.
On 1 exchange 2003 machine in the datacentre I need to receive all email for 3 domains: company.de company.be and company.nl
All clients connect to this machine using webmail. However all countries have an headoffice with their own exchange server using the same above mentioned domain names. On the head offices everyone uses outlook. Headoffice users must be able to send email to eachother but also to people that use webmail on the other server in the datacentre.
On the other hand people using webmail on the Datacentre server need to be able to send to eachother but also to headoffice users.
Off course everyone needs to be able to send to any other ourtside address.
Furthermore the three headoffice servers are connected to eachother via VPN and share the same AD.
The server in the datacentre (wich serves most users) is not connected trough VPN so does NOT share AD and is purely connected to the internet.
Is there a way to set this up without having emails bouncing back and forth between the headoffice servers and the datacentre server?
Any respons is greatly appreciated!!!
Regards Dutchgeek
I'll have to setup the following for a client.
On 1 exchange 2003 machine in the datacentre I need to receive all email for 3 domains: company.de company.be and company.nl
All clients connect to this machine using webmail. However all countries have an headoffice with their own exchange server using the same above mentioned domain names. On the head offices everyone uses outlook. Headoffice users must be able to send email to eachother but also to people that use webmail on the other server in the datacentre.
On the other hand people using webmail on the Datacentre server need to be able to send to eachother but also to headoffice users.
Off course everyone needs to be able to send to any other ourtside address.
Furthermore the three headoffice servers are connected to eachother via VPN and share the same AD.
The server in the datacentre (wich serves most users) is not connected trough VPN so does NOT share AD and is purely connected to the internet.
Is there a way to set this up without having emails bouncing back and forth between the headoffice servers and the datacentre server?
Any respons is greatly appreciated!!!
Regards Dutchgeek
ASKER
Hi fishadr,
Thank you for the respons! I've read this article before and this is actualy how I set up my test envirroment. However I do not understand you remark "The other exchange domain is then configured to forward all e-mails via the primary domain."
At this moment I have all servers set up as non-authoritive wich creates a loop in the email that cannot be delivered.
Furthermore your questions about the webmail are hard to answer. I'll trie to breakdown the situation below:
Server A resides in the data centre and has 300 users connecting trough webmail. The only connect to this box. No where else ! MX records point to this machine.
adresses can be:
general1@domain.nl
general2@domain.be
general3@domain.de
If mail cannot be resolved localy it is forwarded through a connector to server B
Server B resides in Dutch Headoffice and has 50 users connecting to it with outlook or/and webmail.
They always connect to this box when using webmail or outlook. No where else!!
adresses can be:
name@domain.nl
unresolved mail will be forwarded to Server C
Server C resides in German Headoffice and has 25 users connecting to it with outlook or/and webmail.
They always connect to this box when using webmail or outlook. No where else!!
adresses can be:
name@domain.de
unresolved mail will be forwarded to Server D
Server D resides in Belgian Headoffice and has 25 users connecting to it with outlook or/and webmail.
They always connect to this box when using webmail or outlook. No where else!!
adresses can be:
name@domain.be
unresolved mail will be forwarded to Server A
This last line is where I go wrong I think cause I send stuf back to the beginning of the chain. Furthermore there is no authoritive system that generates a ndr.
Thanks
Thank you for the respons! I've read this article before and this is actualy how I set up my test envirroment. However I do not understand you remark "The other exchange domain is then configured to forward all e-mails via the primary domain."
At this moment I have all servers set up as non-authoritive wich creates a loop in the email that cannot be delivered.
Furthermore your questions about the webmail are hard to answer. I'll trie to breakdown the situation below:
Server A resides in the data centre and has 300 users connecting trough webmail. The only connect to this box. No where else ! MX records point to this machine.
adresses can be:
general1@domain.nl
general2@domain.be
general3@domain.de
If mail cannot be resolved localy it is forwarded through a connector to server B
Server B resides in Dutch Headoffice and has 50 users connecting to it with outlook or/and webmail.
They always connect to this box when using webmail or outlook. No where else!!
adresses can be:
name@domain.nl
unresolved mail will be forwarded to Server C
Server C resides in German Headoffice and has 25 users connecting to it with outlook or/and webmail.
They always connect to this box when using webmail or outlook. No where else!!
adresses can be:
name@domain.de
unresolved mail will be forwarded to Server D
Server D resides in Belgian Headoffice and has 25 users connecting to it with outlook or/and webmail.
They always connect to this box when using webmail or outlook. No where else!!
adresses can be:
name@domain.be
unresolved mail will be forwarded to Server A
This last line is where I go wrong I think cause I send stuf back to the beginning of the chain. Furthermore there is no authoritive system that generates a ndr.
Thanks
ASKER
Sorry,
There is one thing that I forgot!!!
Server B, C and D can also be put in a VPN so that they can share the sam AD. This is NOT possible for server A.
However I do not think this makes a huge difference regarding my question.
Thanks
There is one thing that I forgot!!!
Server B, C and D can also be put in a VPN so that they can share the sam AD. This is NOT possible for server A.
However I do not think this makes a huge difference regarding my question.
Thanks
Ok, this makes sense.
1) I would suggest that the datacentre (server A) be configured to accept e-mail for all domains as the primary connection from the internet (as set in the MX records - I think that you have already done this)
2) Ensure that all e-mail domain names for Server A are set to non-authoritative (I think that you have already done this)
3) Create a connector to server B and configure the connector from server A to Server B with the e-mail domain for domain.nl and set the Server B e-mail domain to be authoritative for this e-mail domain. Also create a connector from Server B to Server A for the domain.nl (this enables the address space to be shared). Set the default mail route to be forwarded to Server A (rather than to the internet)
4) Create a connector to server C and configure the connector from server A to Server C with the e-mail domain for domain.de and set the Server C e-mail domain to be authoritative for this e-mail domain. Also create a connector from Server C to Server A for the domain.de (this enables the address space to be shared)
5) Create a connector to server D and configure the connector from server A to Server D with the e-mail domain for domain.be and set the Server D e-mail domain to be authoritative for this e-mail domain. Also create a connector from Server D to Server A for the domain.de (this enables the address space to be shared)
This way e-mail comes in to the datacentre A server and if the users is not hosted there it passes it to the other server that it is sharing the e-mail domain with (if the user is not there a NDR will be generated). If a user in the authoritative e-mail domain (say server B) generates an e-mail and the user is not there it will go over the connector to server A
If a user in one of the subdomains (B,C,D) wants to send an e-mail to the other subdomains, e-mail is routed via Server A then to the other domains.
This way you should have no message loops and mail should work efficiently.
1) I would suggest that the datacentre (server A) be configured to accept e-mail for all domains as the primary connection from the internet (as set in the MX records - I think that you have already done this)
2) Ensure that all e-mail domain names for Server A are set to non-authoritative (I think that you have already done this)
3) Create a connector to server B and configure the connector from server A to Server B with the e-mail domain for domain.nl and set the Server B e-mail domain to be authoritative for this e-mail domain. Also create a connector from Server B to Server A for the domain.nl (this enables the address space to be shared). Set the default mail route to be forwarded to Server A (rather than to the internet)
4) Create a connector to server C and configure the connector from server A to Server C with the e-mail domain for domain.de and set the Server C e-mail domain to be authoritative for this e-mail domain. Also create a connector from Server C to Server A for the domain.de (this enables the address space to be shared)
5) Create a connector to server D and configure the connector from server A to Server D with the e-mail domain for domain.be and set the Server D e-mail domain to be authoritative for this e-mail domain. Also create a connector from Server D to Server A for the domain.de (this enables the address space to be shared)
This way e-mail comes in to the datacentre A server and if the users is not hosted there it passes it to the other server that it is sharing the e-mail domain with (if the user is not there a NDR will be generated). If a user in the authoritative e-mail domain (say server B) generates an e-mail and the user is not there it will go over the connector to server A
If a user in one of the subdomains (B,C,D) wants to send an e-mail to the other subdomains, e-mail is routed via Server A then to the other domains.
This way you should have no message loops and mail should work efficiently.
ASKER
Thanks, I'll come back to you next week to tell you if this solved my problems. I do not have time to test any sooner. Sorry about that.
ASKER
UNfortunately it is not working. I set up the situation as described but with only two servers to keep it simple.
Server A is unauthortive and has a connector that point to serverB
Server B is authoritive and has a connector to the internet and also one that point directly to ServerA for the domain in question. Furthermore in the default smtp virtual server I have all undeleverable mail send to Server A
If I send an email from a user on server A to a user on server A it works.
If I send an email from a user on server A to a user on server B it works.
If I send an email from a user on server A to a non existing user email dissapears.
If i send an email from a user on server B to a user on Server A I get the following NDR:
You do not have permission to send to this recipient. Relaying denied. This message originates from server A
Server A is unauthortive and has a connector that point to serverB
Server B is authoritive and has a connector to the internet and also one that point directly to ServerA for the domain in question. Furthermore in the default smtp virtual server I have all undeleverable mail send to Server A
If I send an email from a user on server A to a user on server A it works.
If I send an email from a user on server A to a user on server B it works.
If I send an email from a user on server A to a non existing user email dissapears.
If i send an email from a user on server B to a user on Server A I get the following NDR:
You do not have permission to send to this recipient. Relaying denied. This message originates from server A
ASKER
Hi there,
I read that article again and noticed the part below:
When Exchange receives an incoming SMTP message from the Internet, Exchange first tries to resolve the e-mail addresses that are displayed in the recipient fields to objects in Active Directory. If the e-mail address resolves to an Exchange mailbox, Exchange routes the message to the mailbox. If the e-mail address does not resolve to an Exchange mailbox, Exchange routes the message to the e-mail system with which the SMTP address space is shared. The receiving e-mail system then delivers the message to a local mailbox, or it generates a non-delivery report (NDR) delivery status notification (DSN) message. The e-mail system with which the SMTP address space is shared cannot forward the unresolved recipients back to the Exchange incoming SMTP gateway. If you configure the last e-mail system that is in an e-mail system chain to forward unresolved recipients to the incoming e-mail gateway, you will have a messaging loop in which e-mail messages may continuously loop between e-mail servers.
Reading this I think what I want is not possible. Am I missing something?
Regards,
I read that article again and noticed the part below:
When Exchange receives an incoming SMTP message from the Internet, Exchange first tries to resolve the e-mail addresses that are displayed in the recipient fields to objects in Active Directory. If the e-mail address resolves to an Exchange mailbox, Exchange routes the message to the mailbox. If the e-mail address does not resolve to an Exchange mailbox, Exchange routes the message to the e-mail system with which the SMTP address space is shared. The receiving e-mail system then delivers the message to a local mailbox, or it generates a non-delivery report (NDR) delivery status notification (DSN) message. The e-mail system with which the SMTP address space is shared cannot forward the unresolved recipients back to the Exchange incoming SMTP gateway. If you configure the last e-mail system that is in an e-mail system chain to forward unresolved recipients to the incoming e-mail gateway, you will have a messaging loop in which e-mail messages may continuously loop between e-mail servers.
Reading this I think what I want is not possible. Am I missing something?
Regards,
Hi,
Yes it is all possible - I have implemented it many times, it is nearly there, sounds like there are a few things missing:
1) You mention that if you send an e-mail from a user in server A to a new existing user then email disapears. Have you got the forwarding for unresolved recipients configured in Server A domain. Also check the Exchange Message Tracking centre to see where the e-mail is being delivered to. It sounds like it is mis-configured somewhere. Also where are the NDR's sent to for unresolved recipients for Server A?
2) Sending an email from users on server B to server A gets a relayinging denied error - You need to allow relaying to this domain for the mails to get though.
Yes it is all possible - I have implemented it many times, it is nearly there, sounds like there are a few things missing:
1) You mention that if you send an e-mail from a user in server A to a new existing user then email disapears. Have you got the forwarding for unresolved recipients configured in Server A domain. Also check the Exchange Message Tracking centre to see where the e-mail is being delivered to. It sounds like it is mis-configured somewhere. Also where are the NDR's sent to for unresolved recipients for Server A?
2) Sending an email from users on server B to server A gets a relayinging denied error - You need to allow relaying to this domain for the mails to get though.
More instructions / screenshots here:
http://www.msexchange.org/tutorials/Exchange-2003-SMTP-Namespace-Sharing.html
http://www.msexchange.org/tutorials/Exchange-2003-SMTP-Namespace-Sharing.html
ASKER
Back again. Thank you for the above.
I've done everything as you said and it is working except one thing. If I send an email to a NON existing user email goes back and forth between the two machines. If i check in message traking they are using the correct smtp connectors. It says:
Message submitted from store
message submitted to Advanced queing
started message submission to advanced que
message submitted to catecorizer
message catecorized and queed fo routing
message routed and queed for remote delivery
started outbound transfer of message
message transferred to server B through SMTP
this repeats itself on both servers.
I've done everything as you said and it is working except one thing. If I send an email to a NON existing user email goes back and forth between the two machines. If i check in message traking they are using the correct smtp connectors. It says:
Message submitted from store
message submitted to Advanced queing
started message submission to advanced que
message submitted to catecorizer
message catecorized and queed fo routing
message routed and queed for remote delivery
started outbound transfer of message
message transferred to server B through SMTP
this repeats itself on both servers.
This is a configuration problem on the secondary Domain B.
Is it configured as authoritative?
Is it configured as authoritative?
ASKER
yes it is. I've also created the smtp connector to share the name space and in the default smtp virtual server defined that all unresolved mail should be forwarded to server A.
ASKER
New Info. I just saw that Server B finaly generates a NDR after a few hours.
It says:
A configuration error in the email system caused the message to bounce between two servers or to be forwarded between two recipients.
It says:
A configuration error in the email system caused the message to bounce between two servers or to be forwarded between two recipients.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot Fishadr. This is greatly appreciated!!!
ASKER
Any luck yet?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you need to share an e-mail domain between different e-mail organizations then you need to run through the following:
http://support.microsoft.com/kb/321721
Basically you set the main domain to accept the e-mails for the shared domain and then configure this e-mail as non-authoritative (so that it does not reject e-mails for users that are not in this organization), you then create a connector to the other e-mail domain to send the unresolved e-mail to. The other exchange domain is then configured to forward all e-mails via the primary domain. This way you get all mail messages sending to all domains and it is controlled (as per the article).
The part that confuses me in your question is regarding the webmail. With Webmail this is an web client interface that points to the server that holds the users mailbox, you cannot place a server in a data centre for webmail and have an Exchange back end in the data centre for the webmail if the clients have a mailbox on an exchange server in another country. You can only have one mailbox per user that the user logs in to or the users will get confused as to which system to logon to.
You could have an e-mail address in another organization that forwards on to the main e-mail systems in the seperate countries but again you would not want to have users logging on to this system for webmail as it will not contain all your information.