Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Conditional Forwarders, Domain trusts, and DNS issues

Posted on 2010-08-20
5
Medium Priority
?
989 Views
Last Modified: 2012-05-10
We are in the beginning steps of integrating into our AD domain a company (we'll call them companyX) that we purchased.  One of the first steps in our integration is to set up a two way trust.  To do this we plan to use a conditional forwarder however in our testing we became aware of a critical issue. While our public and private domain DNS namespaces are different,  companyX has identical public and private namespaces.  To top that off, their Exchange 2003 mailserver's public and private dns names are identical.

The problem we are having is that when we put in place the conditional forwarders, our mail servers stop looking at the public address for companyX's mail server and start looking at their internal address.  Their Exchange server is configured to only accept email on their public IP address and so email to companyX stops flowing.

We have tried to circumvent this issue by configuring Hosts file entries on our mailservers so that they route to the external IP of companyX's mailservers but this did not work. I am hoping that someone might have other suggestions on how to resolve this. We're looking into configuring other smtp connectors on their Exchange server but no one on had is expert in Exchange 2003 or has the expertise to do this.  We're also talking with our Network/firewall admins to see if they can do some fancy NATting of the traffic.  Any other suggestions on how to proceed?
0
Comment
Question by:Tiarna101
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33484961
Mayb grab a copy of their zone file and modify it as per your requirements, (modify the Host files for their mail server etc)


0
 
LVL 1

Accepted Solution

by:
vr_000 earned 1400 total points
ID: 33485308
Create a SMTP connector for companyX's domain name space and set their external IP address as Smart Host. To do that, follow the below steps: For ease, I will consider CompanyX's domain name space as companyx.com
- Go to Exchange System manager
- Adminsitrative Groups > Routing Groups > Select Routing Group > Connectors.
- Right click on "Connectors" > New > SMTP Connector
- On General Tab page, Give Name "companyx.com"
- On General Tab Page, select option "Forward all mail through this connector to the following smart hosts" and mention Public IP address of  companyX's Exchange Server
- Go to Address Space tab, Add > SMTP > E-mail Domain: @companyx.com
- Click Okay and apply the settings.
- Restart MS Exchange Routing Engine service
- Go to CMD, run IPCONFIG/FLUSHDNS command

Let me know if you would have any query or concern or need clearification.


0
 
LVL 12

Assisted Solution

by:Rant32
Rant32 earned 600 total points
ID: 33492281
vr000 is right on the money with Exchange message delivery. This one can neatly be solved within Exchange, I hope that this is the only issue you run into...

If you use an IP address for the smart host in the SMTP Connector, it should be between brackets, like so: [10.5.5.5]

The cost for the CompanyX SMTP Connector should be lower than other connectors. You may have to increase the cost of your default SMTP connector (for asterisk address space). Exchange will try the lowest cost route first.
0
 
LVL 1

Author Comment

by:Tiarna101
ID: 33504672
Thanks for the suggestion on the SMTP connector.  We're going to try this on Thursday and I'll let you know how it goes!
0
 
LVL 1

Author Closing Comment

by:Tiarna101
ID: 33566423
Thanks guys, that absolutely did the trick.  We had to use slightly different steps since the sending servers were on Exchange 2007 but once we did this the conditional fowarders did not interrupt email flow to our subsidiary any longer.

Yesterday we put the 2 way trust in place and we're well on our way now to the next phase of our integration.  Thanks again for the excellent tip :)
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question