How do I configure IIS/DNS for Outlook Web Access internally and externally?
Hi experts,
I want users to be able to open a web browser and type in "email" for access to OWA while inside the network and to be able to type in "email.domain" when outside the network. This keeps it simple and easy to remember and I hope it can be accomplished.
The actual URL for the OWA site is: https://server.domain/owa
Here is what I've done so far:
I purchased and installed a SSL certificate for common name "email.domain".
I configured IIS HTTP Redirect to https://email.domain.
I configured IIS Default Web Site HTTP Redirect to /owa.
I added an INTERNAL DNS Alias (CNAME) entry that resolves "email" to "server.domain.local".
I added a PUBLIC DNS Host (A) entry that resolves "email.domain" to IP 209.1.1.2 (the external IP address of the IIS server)
In IIS, I configured Site Bindings for the Default Web Site to use the public SSL certificate for "All Unassigned IP Address" and Port 443.
External access works great. It is secure and everything redirects as it is supposed to, but internal access does not work. When I try URL "http://email" I get an error that it is not found. I can use the address "https://email/owa" to access it, but it is not secured. I receive a certificate error "Mismatched Address" because the SSL certificate is valid for the public address, not the private address.
Can someone tell me what I need to do?!
I attached some screenshot images that might help.
http-redirect.JPG
warning.JPG
redirect-site.JPG
internal.JPG
I want users to be able to open a web browser and type in "email" for access to OWA while inside the network and to be able to type in "email.domain" when outside the network. This keeps it simple and easy to remember and I hope it can be accomplished.
The actual URL for the OWA site is: https://server.domain/owa
Here is what I've done so far:
I purchased and installed a SSL certificate for common name "email.domain".
I configured IIS HTTP Redirect to https://email.domain.
I configured IIS Default Web Site HTTP Redirect to /owa.
I added an INTERNAL DNS Alias (CNAME) entry that resolves "email" to "server.domain.local".
I added a PUBLIC DNS Host (A) entry that resolves "email.domain" to IP 209.1.1.2 (the external IP address of the IIS server)
In IIS, I configured Site Bindings for the Default Web Site to use the public SSL certificate for "All Unassigned IP Address" and Port 443.
External access works great. It is secure and everything redirects as it is supposed to, but internal access does not work. When I try URL "http://email" I get an error that it is not found. I can use the address "https://email/owa" to access it, but it is not secured. I receive a certificate error "Mismatched Address" because the SSL certificate is valid for the public address, not the private address.
Can someone tell me what I need to do?!
I attached some screenshot images that might help.
http-redirect.JPG
warning.JPG
redirect-site.JPG
internal.JPG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the response as well mobius, that pretty much answers my last question. I'll go do this and test it.
on your internal server, create a forward lookup zone with the name of the external fqdn (email.domain). Then the A record inside points to the internal IP address.
The result of this is users inside the network, using your internal dns server will query email.domain and will get the internal ip as a result, whilst external users will query external dns servers and get the external ip address
The result of this is users inside the network, using your internal dns server will query email.domain and will get the internal ip as a result, whilst external users will query external dns servers and get the external ip address
ASKER
So far testing does not work, I deleted the CNAME alias for "email" and flushed the dns cache but I am still resolving "email" to the private IP address.
I have to go on a call-out, I'll be back later to work on this again.
I have to go on a call-out, I'll be back later to work on this again.
Don't forget you will now go to https://email.domain while you are internal as well as external
ASKER
I repaired the network connection, and now it's working great!!
That was a nice feature to learn, and thank you for the quick solution. I can implement that DNS solution with a couple other external/internal applications as well.
That was a nice feature to learn, and thank you for the quick solution. I can implement that DNS solution with a couple other external/internal applications as well.
ASKER
Perfect and fast, thanks again!
ASKER