?
Solved

Outlook anywhere

Posted on 2009-04-02
16
Medium Priority
?
258 Views
Last Modified: 2012-05-06
I have been trying to figure out how to set up the last section of the server configuration. I need an fqdn (fully qualified domain name) and an ssl certificate to go with it. However I though that I could just use the subdomain of my site mail.website.com but the company that provided me with the domain and hosted my website says that I can only link my ssl to my www.website.com
Do I need to link it to my www or am I going about this the wrong way?
Do I need to own mail.website.com as apposed to having a sub domain?
0
Comment
Question by:Night_Wolf87
  • 8
  • 5
  • 3
16 Comments
 
LVL 11

Expert Comment

by:Stephen Croft
ID: 24050882
You can buy Certs for any domain or subdomain. You can also buy Certs that will cover any subdomain of your current domain (Wildcard), though my colleages have an ongoing argument with themselves as to whether they are worth the hassle.

Get your host to forward SUBDOMAIN.website.com to your Internet Facing IP that OWA/Outlook Anywhere is on. Make sure they do a DNS point, not a web-based pointer.

Buy your Certificate, and install it on your CAS / ISA server. Voila!

0
 

Author Comment

by:Night_Wolf87
ID: 24051263
How can I tell which is my CAS or ISA server. Also the company that hosts my domain says that they cant put ssl on my sub domain and they dont support or host third party SSL how can I do this? Do I install is on my sonicwall device?
0
 
LVL 11

Expert Comment

by:Stephen Croft
ID: 24051437
The company that hosts your domain wont be catering for the subdomain.

You only want the DNS pointer for the subdomain creating.

As for CAS/ISA, that depends on how your Exchange scenario is. For example, are you single or multi-server?

It sounds to me like they want to host the subdomain at their end, this is incorrect as you need its A record to point at your external IP.

To Clarify;

subdomain.domain.com A record points to 2.2.2.2

2.2.2.2 is the External IP of your Sonicwall (?) Router

You setup a NAT (or port forward) for the required ports (80 and 443 for OWA, cant remember for RPC/HTTPS) to your CAS-role server (or ISA if you have a ISA box)

you install your 3rd party Cert on your CAS/ISA box.

When users browse (for OWA) to https://subdomain.domain.com/OWA/ they are presented with a website served by your Internal server, secured with your 3rd party Certificate.

Make sense?

0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 

Author Comment

by:Night_Wolf87
ID: 24051545
So I already have the subdomain pointed at 2.2.2.2.When I go there it goes to the same site as if I went to 2.2.2.2. I am speaking with a rep from godaddy.com to buy a certificate, Now if I understand what your saying I dont need the company that host my website to be involved in the use of this certification. Do you have a guide on how to install the cert on my CAS/ISA box?
0
 
LVL 11

Expert Comment

by:Stephen Croft
ID: 24051669
There are plenty around, and I can help you with finding them :)

Again, are you a single server Exchange deployment?

0
 

Author Comment

by:Night_Wolf87
ID: 24051993
I have 2 exchange servers but only one is active and it is also the one where my mail boxes are stored, I was told that I could use the Separate Exchange and Domain Controller Configuration because I only have one domain controller and it is different from my primary/active exchange server
0
 

Author Comment

by:Night_Wolf87
ID: 24052224
I am trying to link my ssl I but I need to do a CSR-Generation for it. However I dont know how to do this. Do I add it to the list of websites in IIS? If so the adress I use is my external ip?
0
 
LVL 65

Accepted Solution

by:
Mestha earned 2000 total points
ID: 24052627
Which version of Exchange is this?
If it is Exchange 2007, then I have the full process on my blog:
http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

Certificates for Exchange 2007 have to be done in a certain way so that everything works correctly.

If it is Exchange 2003, then you can just follow the instructions from the certificate supplier to generate the request through IIS manager for mail.example.com - but do ensure that you have setup a DNS record for mail.example.com to point to your external IP address.

Simon.
0
 

Author Comment

by:Night_Wolf87
ID: 24052764
So I set up a new zone for example.com then added an A record for mail.
 Now I go to IIS and use my default web page? it has all my internal ips, or do i make a new site and add it?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24052975
You don't have to add anything to IIS.
Otherwise I don't understand what you are asking.

Simon.
0
 

Author Comment

by:Night_Wolf87
ID: 24053049
Well i guess the best way to word this is I am at my IIS screen. I see my computer, I click the drop down menu and see Default website. When I got to properties I see the drop down menu and it is assigned to use all unassgined ip addresses.. The un assigned addresses are all the local addresses for that computer.  I was told by godaddy.com that I needed to make sure that I generate the csr for my external address and make sure I use the full mail.example.com. So I didnt want to add it to my default website before I was sure that is what I was suppose to do.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24053851
The IP address of the server has nothing to do with the host name that you are using. The setting in IIS does not need to be changed either.
All you need to do is ensure that the names resolve correctly to the server. If the server only has one IP address then that is fine.

If this is Exchange 2007 (as you haven't said what version) then IIS is not even involved in the certificate process.

Simon.
0
 

Author Comment

by:Night_Wolf87
ID: 24053979
Ok I was just worried that if I just assigned the SSL to default website it wouldnt target mail.example.com
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24054009
That isn't an IIS issue, that is a DNS issue. You need to ensure that DNS is pointing to the correct IP address. If the server only has one IP address then fine. If it has more than one then IIS either needs to be set to all unassigned or to the specific IP address that you have set in DNS.
However, for everything in Exchange to work correctly that really needs to be the server's main IP address, not one of the additional ones.

Simon.
0
 

Author Comment

by:Night_Wolf87
ID: 24054085
So my dns record for mail.example.com should point to my servers exchange primary ip and not my external devices ip?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24055685
Internally the DNS record for mail.example.com should point to Exchange.
Externally it should point to your external IP address and then that forwards to the internal IP address of your server, unless you are fortunate enough to be using public IP addresses on your LAN.

Simon.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
how to add IIS SMTP to handle application/Scanner relays into office 365.
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month13 days, 17 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question