Solved

win 2003 domain name convention puzzled

Posted on 2009-04-12
39
273 Views
Last Modified: 2013-12-05
when i install win 2003 server on a domain for example and it asks me for a name, I have named it:

- DC1.local

Ive also installed win 2003 on a 2nd pc added it to the domain only and added primary dns to point to "DC1.local" & also put my exchange 2003 on the same pc.  ive named this exchange 2003 server:

- email-pri

after obviously installing the relevant SP's for both and hotfixes and added "smart host" entry from NTL ISP: smtp.ntltelewestbusiness.co.uk.

which then enabled me to log onto my client pc and send an email which passed through my home exchange 2003 server to 2 external email addresses.


my query is when im naming the above, should have i called DC1.local:

1. - DC1.mydomain.local for example instead of just as above?

note:  i ask this because i have a business line at home and have a "static ip address" for my NTL ISP, but at the moment not using a domain name from them!

i do have a domain name currently with 123reg called:  masterexchange.co.uk
i have added an "A record" & "mx record" pointing to my "static ip address"

2.  so should have i called DC1.local, DC1.masterexchange.local?

3.  after running "/forestprep & /domainprep" on exchange 2003 server i followed the guide from "deploy tools" from the actual CD which told me to run: "orgprepcheck", to confirm exchange to this point was installed.  but on the disc it prompts me to put in the "Global Catalogue" and when i typed in: "email-pri" & tried "DC1.local"this did not work and it stated that the server name was incorrect.  Why?

4.  i then accessed the command prompt and typed:

d:\support\exdeploy\exdeploy.exe /gc:dc1.local /t:orgprepcheck - and this worked

so why didnt it work from the original disc?

5.  when I now try to reply back to the email ive sent myself externally it returns:

corinne@email-pri.dc1.local
    Unrouteable address

why?

note:  im assuming that in order to send email that was sent via "smart host" which then enabled me to send email externally.

6. so if i wish to reply back to the emails received or even send a separate email rather than selecting reply, is this where my domain I currently have comes into affect and if not set up correctly i would not be able to send emails back, hence the response im getting?

note:  on my 123 reg domain ive added:

mx record

mail.masterexchange.co.uk - IP Address, which is my static ip address that NTL ISP have given me

a record

mail.masterexchange.co.uk.

7.  do i need to add presumably an "mx record" on my home Primary DC1.local to link it all together, in which case im assuming it should be:?

- mail.masterexchange.co.uk - I have added it but still cannot receive emails back!
0
Comment
Question by:mikey250
  • 26
  • 13
39 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 24125038

mikey250,

The internal domain name you choose does not have any bearing on the external name for your network. You could potentially use ANY domain name internally and it will not be a problem whatsoever; the most common choices for internal Active Directory domain names are either company.local or corp.company.com. However, it doesn't make a difference whatever you choose. If your current domain name is DC1.local, then all the machines joined to that will have a name of <machine name>.DC1.local.

The Global Catalog server is your existing DC - <DC-Name>.DC1.local.

Replying to a message sent externally is not going to work if Exchange is not configured properly. What was the Sender's address on the outbound email? It was probably something like @DC1.local. That domain will NOT route externally. You'll need to add your masterexchange domain into the Exchange recipient policy (http://computerperformance.co.uk/exchange2003/exchange2003_recipient_policy.htm) as an SMTP address in the format @masterexchange.co.uk, and set it as the Primary/Default email address. If your DNS configuration is correct and port 25 is open to the Exchange Server, this configuration will then work.

-Matt
0
 

Author Comment

by:mikey250
ID: 24125060
thats good to know!

1. why 2 parts?

company.local

2.why 3 parts?

- corp.company.com

machine name.dc1.local  - i understand
gc - yes i agree
---------------------------------------------------------------------------------------------
3.  when I now try to reply back to the email ive sent myself externally it returns:

corinne@dc1.local
    Unrouteable address

as no3 did work above i tried a separate email and sent it to:

corinne@email-pri.dc1.local
    Unrouteable address

because i wasnt sure what was wrong!

as for "route externally"

- yes in my exchange recipient policy it is already:

- @masterexchange.co.uk - set to primary yes

my dns is showing no errors at all
i can telnet from my client pc on my domain all the way to my smtp server with ntl ISP and it shows my static ip
i can telnet into my own exchange and i can see the correct smtp verbs also & ive run, orgprepcheck, which was successful

although on my 123reg domain the:

mx record

mail.masterexchange.co.uk - IP Address - it is my static ip given from my ntl ISP business line

a record

mail.masterexchange.co.uk.

but still i cannot receive
0
 

Author Comment

by:mikey250
ID: 24125061
correction, no3 did not work is what i meant.
0
 

Author Comment

by:mikey250
ID: 24125065
in recipient policy i did already select apply then ok, rather than, as ive just checked, created this recipient policy then right click and i can see it does say "apply this policy now", but as i already selected apply it is showing as now dimmed out.
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 24125079

As I've posted in your other question, the domain name you choose truly does not matter whatsoever. We can discuss that further if necessary at http://www.experts-exchange.com/Q_24315519.html.

>> corinne@dc1.local

That is NOT an externally routable address. You do not own and have not configured "dc1.local" in any public DNS namespace, so for all the Internet cares, that domain doesn't exist. It's simply a name you've come up with and named your internal network. The only place that domain has a resemblance is internally in Active Directory. There is NO DNS link between your internal environment and the external (Internet) environment, so sending email to anything @<something>.local will not work.

The only domain name you have registered on the Internet is @masterexchange, and that is therefore the only domain name which will be publicly routable via Exchange from the outside.

Are you able to send email to <any valid alias>@masterexchange internally (from another Exchange mailbox), or is it bounced?

-Matt
0
 

Author Comment

by:mikey250
ID: 24125086
corinne@masterexchange.co.uk
    all relevant MX records point to non-existent hosts

the above did work some weeks ago when i sent it like this, but since then ive reinstalled as I had the primary dc and exchange on the same server.

but now i have the primary dc separate

& now a win 2003 linked to the domain via AD of the primary dc with exchange 2003 on it
0
 

Author Comment

by:mikey250
ID: 24125107
1. do i need to add an a record to my 123reg domain dns:?

a record

dc1.local
0
 

Author Comment

by:mikey250
ID: 24125112
i have already yesturday added in my primary dc1.local dns:

mx record

mail.masterexchange.co.uk
0
 

Author Comment

by:mikey250
ID: 24125130
in the recipient policy there is two entries:

default policy

within this smtp is selected by default and called:

smtp box is ticked  -  @dc1.local
the x400 is in there also by default

but when creating my own recipient policy i didnt add a new one in this as the priority says "lowest" anyway.  i created my own called:

123reg - and within this by default:

smtp is ticked  -  @dc1.local - in here by default
smtp is ticked by me - @masterexchange.co.uk
x400 in there by default        
0
 

Author Comment

by:mikey250
ID: 24125136
1. do i need to add the:

mail. - part anywhere as this is what it is called in my 123reg dns & everywhere else (masterexchange.co.uk)?
0
 

Author Comment

by:mikey250
ID: 24125173
my apologies it is the other way round:

my 123 reg domain ive added:

mx record

mail.masterexchange.co.uk.

a record

mail.masterexchange.co.uk  - IP Address, which is my static ip address that NTL ISP have given me


0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24128353

I checked your external DNS records. You have the MX record set correctly to map to mail.masterexchange.co.uk, so mail servers know where email should be sent. However, mail.masterexchange.co.uk does not resolve to your static IP address, so no email will flow in. You need to go back to your domain registrar/DNS host, and ensure you have a subdomain called 'mail' created, which maps accordingly to your external static IP address.

You do not (and cannot) add any reference to your internal Active Directory (xxx.local) environment to any form of external DNS. It will not help, and will not work anyway. .local is not a routable Internet TLD (Top Level Domain).

Having the DC and Exchange Server role separate will not have any effect on Exchange at this stage.

-Matt
0
 

Author Comment

by:mikey250
ID: 24133089
1. why doesnt "mail.masterexchange.co.uk", resolve to my "static ip address", as in my 123 reg dns the "a record" is linked to my "static ip" given from my ntl isp?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24133146

I cannot tell you that. The only information I have access to is what is present in the public DNS namespace, which clearly states mail.masterexchange.co.uk is a non-existent domain.

What this does say is that the record does not actually exist, not that it doesn't resolve to your static IP. The fact the record does not exist would indicate the record is mis-named, or has been created incorrectly.

-Matt
0
 

Author Comment

by:mikey250
ID: 24136037
1. ok, but before i ring 123reg dns, all i do is tell them the name i wish to call my domain name, which is what i can see when i actually log onto my 123reg dns server as they let us have control!!

default settings are in place for the ns servers etc in order to get my domain name functional etc, whatever?

i then added the following:

a record

mail.masterexchange.co.uk  - IP Address

mx record

mail.masterexchange.co.uk.


2. surely it should be:?

a record

masterexchange.co.uk   - IP Address

mx record

masterexchange.co.uk.

3.  so i need to say something else to 123regdns in order to point them in the right directio, as other than what has been said above they will say that is all that is needed as ive clearly pointed my domain name to my static ip address.

you say that my domain name is clearly showing: mailmasterexchange.co.uk, but is a NON EXISTENT DOMAIN, why?

4. but then you say it DOES NOT ACTUALLY EXIST, although not that it doesnt resolve to my static ip.  so when you say mis-named, where could it be mis-named other than what i can see in my 123reg dns control panel?

once i know something i can call them today.  even then to make changes they say it takes 24-48 hrs.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24136659

The problem has been fixed. mail.masterexchange.co.uk is now resolving to 77.98.87.114. If that is your static IP, that is the correct configuration.

The next problem is you do not have port 25 open in your firewall to the Exchange Server, as I am unable to connect out to your Exchange Server directly on the above IP.

-Matt
0
 

Author Comment

by:mikey250
ID: 24136934
i rang 123reg this morning and he said my dns showed:

a record

mail.masterexchange.co.uk   - IP Address

mx record

mail.masterexchange.co.uk.

although they told me to call it the above, this particular technical person said is should be, so presumably this is why it is now resolving.  i will have to make a note of this.

a record

mail    -   IP Address

mx record

mail.masterexchange.co.uk

just so you know, i can telnet from my client pc through my DLink 604 firewall to my ntl isp static ip address to their port 25 and it states my IP Address that you have correctly located.

other than the default settings of my DLink firewall nothing has been configured changed on it except for "Allow" entries for port 25.

I have a clean install currently on my exchange server 2003 which i still havent activated the firewall so i havent needed to add "allow" statements in the exceptions tab of win 2003 standard firewall. As i have no firewall in place at all as yet, until i know exactly what procedures are correct in order to send emails, from external back to myself.


ive attached my dlink 604 firewall entries, as you will see ive added more than one entry as i always get confusing whether it is wan first or lan 2nd and vice versa.  please advise then hopefully you'll be able to telnet in.

i can telnet from a client on my side of the network as my standalone pc is also plugged into the same dlink 604 router for internet access.  although my domain network is separate but for purposes of internet access and for example is also plugged into same dlink router, although it is via a hub.
dlink-604-firewall-allow-entries.doc
0
 

Author Comment

by:mikey250
ID: 24136973
1. how did you find my static ip address, what site did you use.

i can find my masterexchange.co.uk domain and it also shows me the ip address of www for example and the fact that im with 123reg.

i can do a dns lookup and locate my ntl isp dns entry pertaining to my static ip address as well as it showing other entries.
0
 

Author Comment

by:mikey250
ID: 24137062
how would you know what my exchange 2003 ip address in order to telnet from the outside world if i havent told you yet?

it is by the way - 192.168.0.100
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Author Comment

by:mikey250
ID: 24137090
although my static ip address is given dynamically and not entered on this dlink 604 router it works on a 192.168.0...  address for internal.

so may this is why you cannot telnet in!!

i did try however entering the static ip address on this dlink router 604 in the relevant and only place that said static ip address from isp companies and it would allow this to happen.  so whether this function for whatever reason is not working on my particular dlink 604 router or not, i just had to set it back to dynamic and my ntl isp under status picks up the static ip address given, which i can also see.  just so you know!!
0
 

Author Comment

by:mikey250
ID: 24137098
correction for above:  it wouldnt allow me to complete the manual entry for my static ip address.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24137127

When you publish your IP address in public DNS to enable other servers on the Internet to locate you, it is freely accessible for anyone to look-up in the DNS system. You just use any form of Name Server query tool, such as the common one included with Windows, to do the lookup.

192.168.0.100 is NOT your Exchange Server's EXTERNAL IP. That IP would not be routable on the Internet. The external IP for your Exchange Server is the static IP assigned by the ISP to your Internet connection, presumably 77.98.87.114 if your DNS is configured correctly. ANY 192.168.x.x, 172.16.x.x through 172.32.x.x, or 10.x.x.x IP address is specifically reserved at IANA for internal use, and the same 192.168.x.x range will be in use on millions of computer networks worldwide.

Is 77.98.87.114 actually YOUR external static IP? If so, I am unable to telnet on port 25. There is either a misconfiguration on your part, or your ISP is blocking inbound port 25 connections at their firewall at the edge of their network (this is not uncommon). Looking at your firewall rules, you seem to have overcomplicated it. I'd suggest you take out all of the first 5, then create one new rule using the settings:

(Enabled)
Name: Inbound SMTP
Action: Allow
Source: Any
Destination: 192.168.0.100 TCP port range 25-25
Allow Always

I've never actually used a Dlink firewall myself though, so whether that is what the various settings need, I cannot say. Refer to http://portforward.com if you need more detailed instructions.

-Matt
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24137136

I missed your last two comments. If you have a dynamic IP address provided by your ISP, you introduce another element of complication into making this work, as you will need to use a Dynamic DNS provider to get your public IP to always be up-to-date in public DNS.

While 192.168.0.100 is a static Exchange Server IP which you will always be able to telnet internally, it will not work externally. It is the IP assigned by the ISP which is used to access your network from the outside.

-Matt
0
 

Author Comment

by:mikey250
ID: 24137279
1st paragraph i agree.

2nd paragraph above:

regarding my ip oh ok, i understand now.  and yes that is the the static ip address ive been given from my ntl isp.

192.168.x.x  i agree.

your right i cannot no longer telnet back into my static ip address, but i was able to before as per guidance from ntl isp when on the phone last week.  ive just been on the phone with them and ive logged a call for them to check as i have not done anything at all to change this because my only issue has been sending email back.

is my static ip address classed as a lan or wan?


0
 

Author Comment

by:mikey250
ID: 24137295
hi,

just read your comment about my dynamic address.  for the purposes of this it is a static ip address and it has not changed.  apologies if confused you here, but disregard.  ive spoken with ntl isp and it hasnt changed for the time being everything is OK.  once i can send email from external back to myself, then i can discuss further with ntl isp about this ip address given!!
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24137314

The 192.168.x.x address is the LAN address - it is assigned to the device on the LAN port of the firewall.

The 77.98... address is a public WAN address, assigned to the WAN (Wide Area Network / Internet) port of the firewall.

Your firewall configuration here is most definitely an issue. Have you referred to http://portforward.com and followed the instructions specific to your firewall for enabling inbound port 25 yet?

-Matt
0
 

Author Comment

by:mikey250
ID: 24137388
ive set my firewall

(Enabled)
Name: Inbound email
Action: Allow
Source: * - "the astrix is what is used to mean any"
Destination: 1lan 92.168.0.100 TCP port range 25-25
Allow Always

nothing else can be set on my dlink firewall,  i will have a look at this link youve sent me anyway.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24137397

Port 25 is still not open. It's either being blocked still by the firewall, or being blocked at the ISP. It wouldn't be a bad idea to give the ISP a call and verify port 25 is open, as many block it.
0
 

Author Comment

by:mikey250
ID: 24137412
my router is not in the link you sent anyway.
0
 

Author Comment

by:mikey250
ID: 24137447
hi ive said earlier that ive already logged a call when you told me you couldnt telnet in and i then checked and couldnt either, but i COULD last week.  so NTL isp are now currently dealing as they must have made some changes, as they ASKED me to check if i could telnet into them and I COULD!

when they tell me i will try and once successful i will message you back.

it is appreciated on all your comments though!!
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24137538
Sounds good. I can't do any more until you can get an external connection on port 25.

Thanks.
0
 

Author Comment

by:mikey250
ID: 24137568
ok.  im hoping i will get a call back today, but i will continue to check.
0
 

Author Comment

by:mikey250
ID: 24174641
i can log onto port 25 for my ntl isp now.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24178362

You still have a problem somewhere, as I am unable to telnet 77.98.87.114 on port 25. This could indicate it is still your firewall being the problem, or there is a central firewall at your ISP causing this issue.

-Matt
0
 

Author Comment

by:mikey250
ID: 24178991
im waiting for a phonecall from ntl isp.  maybe this should be the situation as im not hosting my own site im just using ntl isp as a means of sending & receiving emails!!
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24179012

Hosting your own site has nothing to do with hosting a mail server. All you need is to verify with the ISP that port 25 is open inbound to your IP address.

-Matt
0
 

Author Comment

by:mikey250
ID: 24179042
ok i wasnt sure as some of what ntl have been telling me has been contradictory believe it or not!!  should you be able to telnet into my static ip?
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24179055

Yes - I should be able to telnet into port 25 of your IP if you are going to receive email from the outside world. My manual connection mimics how a mail server would connect to your server, and at present, it is being rejected.

-Matt
0
 

Author Comment

by:mikey250
ID: 24188209
my ntl isp are currently creating my domain so im assuming over the next 5 days which they say i should then hopefully be able to send email from and external source into my home internal domain.  i will let u know thanks for a response though it is appreciated.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
inactive users 13 53
Bizarre hard disk problem 15 73
Unknown AD user under VMWare OU 4 29
Can’t delete a file 14 87
The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now