Solved

Outlook anywhere

Posted on 2009-04-02
16
246 Views
Last Modified: 2012-05-06
I have been trying to figure out how to set up the last section of the server configuration. I need an fqdn (fully qualified domain name) and an ssl certificate to go with it. However I though that I could just use the subdomain of my site mail.website.com but the company that provided me with the domain and hosted my website says that I can only link my ssl to my www.website.com
Do I need to link it to my www or am I going about this the wrong way?
Do I need to own mail.website.com as apposed to having a sub domain?
0
Comment
Question by:Night_Wolf87
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 3
16 Comments
 
LVL 11

Expert Comment

by:Stephen Croft
ID: 24050882
You can buy Certs for any domain or subdomain. You can also buy Certs that will cover any subdomain of your current domain (Wildcard), though my colleages have an ongoing argument with themselves as to whether they are worth the hassle.

Get your host to forward SUBDOMAIN.website.com to your Internet Facing IP that OWA/Outlook Anywhere is on. Make sure they do a DNS point, not a web-based pointer.

Buy your Certificate, and install it on your CAS / ISA server. Voila!

0
 

Author Comment

by:Night_Wolf87
ID: 24051263
How can I tell which is my CAS or ISA server. Also the company that hosts my domain says that they cant put ssl on my sub domain and they dont support or host third party SSL how can I do this? Do I install is on my sonicwall device?
0
 
LVL 11

Expert Comment

by:Stephen Croft
ID: 24051437
The company that hosts your domain wont be catering for the subdomain.

You only want the DNS pointer for the subdomain creating.

As for CAS/ISA, that depends on how your Exchange scenario is. For example, are you single or multi-server?

It sounds to me like they want to host the subdomain at their end, this is incorrect as you need its A record to point at your external IP.

To Clarify;

subdomain.domain.com A record points to 2.2.2.2

2.2.2.2 is the External IP of your Sonicwall (?) Router

You setup a NAT (or port forward) for the required ports (80 and 443 for OWA, cant remember for RPC/HTTPS) to your CAS-role server (or ISA if you have a ISA box)

you install your 3rd party Cert on your CAS/ISA box.

When users browse (for OWA) to https://subdomain.domain.com/OWA/ they are presented with a website served by your Internal server, secured with your 3rd party Certificate.

Make sense?

0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Night_Wolf87
ID: 24051545
So I already have the subdomain pointed at 2.2.2.2.When I go there it goes to the same site as if I went to 2.2.2.2. I am speaking with a rep from godaddy.com to buy a certificate, Now if I understand what your saying I dont need the company that host my website to be involved in the use of this certification. Do you have a guide on how to install the cert on my CAS/ISA box?
0
 
LVL 11

Expert Comment

by:Stephen Croft
ID: 24051669
There are plenty around, and I can help you with finding them :)

Again, are you a single server Exchange deployment?

0
 

Author Comment

by:Night_Wolf87
ID: 24051993
I have 2 exchange servers but only one is active and it is also the one where my mail boxes are stored, I was told that I could use the Separate Exchange and Domain Controller Configuration because I only have one domain controller and it is different from my primary/active exchange server
0
 

Author Comment

by:Night_Wolf87
ID: 24052224
I am trying to link my ssl I but I need to do a CSR-Generation for it. However I dont know how to do this. Do I add it to the list of websites in IIS? If so the adress I use is my external ip?
0
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24052627
Which version of Exchange is this?
If it is Exchange 2007, then I have the full process on my blog:
http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

Certificates for Exchange 2007 have to be done in a certain way so that everything works correctly.

If it is Exchange 2003, then you can just follow the instructions from the certificate supplier to generate the request through IIS manager for mail.example.com - but do ensure that you have setup a DNS record for mail.example.com to point to your external IP address.

Simon.
0
 

Author Comment

by:Night_Wolf87
ID: 24052764
So I set up a new zone for example.com then added an A record for mail.
 Now I go to IIS and use my default web page? it has all my internal ips, or do i make a new site and add it?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24052975
You don't have to add anything to IIS.
Otherwise I don't understand what you are asking.

Simon.
0
 

Author Comment

by:Night_Wolf87
ID: 24053049
Well i guess the best way to word this is I am at my IIS screen. I see my computer, I click the drop down menu and see Default website. When I got to properties I see the drop down menu and it is assigned to use all unassgined ip addresses.. The un assigned addresses are all the local addresses for that computer.  I was told by godaddy.com that I needed to make sure that I generate the csr for my external address and make sure I use the full mail.example.com. So I didnt want to add it to my default website before I was sure that is what I was suppose to do.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24053851
The IP address of the server has nothing to do with the host name that you are using. The setting in IIS does not need to be changed either.
All you need to do is ensure that the names resolve correctly to the server. If the server only has one IP address then that is fine.

If this is Exchange 2007 (as you haven't said what version) then IIS is not even involved in the certificate process.

Simon.
0
 

Author Comment

by:Night_Wolf87
ID: 24053979
Ok I was just worried that if I just assigned the SSL to default website it wouldnt target mail.example.com
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24054009
That isn't an IIS issue, that is a DNS issue. You need to ensure that DNS is pointing to the correct IP address. If the server only has one IP address then fine. If it has more than one then IIS either needs to be set to all unassigned or to the specific IP address that you have set in DNS.
However, for everything in Exchange to work correctly that really needs to be the server's main IP address, not one of the additional ones.

Simon.
0
 

Author Comment

by:Night_Wolf87
ID: 24054085
So my dns record for mail.example.com should point to my servers exchange primary ip and not my external devices ip?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24055685
Internally the DNS record for mail.example.com should point to Exchange.
Externally it should point to your external IP address and then that forwards to the internal IP address of your server, unless you are fortunate enough to be using public IP addresses on your LAN.

Simon.
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question