Solved

Exchange Server 2010 client access from branch network with differant AD/workgruop

Posted on 2010-09-12
27
741 Views
Last Modified: 2012-05-10
please check the attached Doc for network Diagram



B1 /B2 ( workgroup),B3 / B4  (AD) are braches . b3 and b4 have their own local AD and DNS . Head of has the abc.com and same name registered externaly(public). Currently    head office users got all the option to get connected to exchange mail boxes in Head office . unfortunately branch level only can access OWA by entering ipaddress\owa . but I want to go with the proper name resolving way .
I tried accessing via outlook any ware  from the branch office . it seems to me that same issue like name thing .
When I configure the port 443 as ssl . this will resolve ? we are accessing head office via telikom and isp Data ip VPN
Please let me know the best way go with my branch mail setup (client)


NetDialogex.bmp
0
Comment
Question by:cur
  • 12
  • 8
  • 3
  • +2
27 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 33658990
0
 

Author Comment

by:cur
ID: 33659052
sorry . this is not help on this case . bit advance level of feedback need
0
 
LVL 4

Expert Comment

by:PeterSinger
ID: 33659363
You need to have a ClientAccessArray for each site in AD.  You can then change DNS in each site to point to its local owa array. Once you do that just go into IIS on each array and set it to the correct certificate for use with the local address or load balanced address.
So if you have in site B1 the array may be arrayb1.org then point it to the DAG or mailbox server it should use. the same for B2, B3 and B4.
Once you have 4 arrays, you can then trick local DNS to think that owa.org is the local address for each AD site. In your case, any array will access the DAG or mailbox servers but from each location.
A bit tricky, but it can be done.
0
 

Author Comment

by:cur
ID: 33659385
without that option . best option we have to access the mail server in  headoffice via OWA .isn't it
some of the places we  have only 5 mail users except b4 got 20 users . all other users in Head office .
some are giving the option to create the DNS A record pointing to Head office DNS . primary dns zone to abc.com  from the branch network dns server (abc.local). so then users can used the outlook any ware ?


0
 
LVL 4

Expert Comment

by:PeterSinger
ID: 33659393
Yes that should be fine, as long as you assign unique addresses to each DNS entry and then bind a certificate for each site to IIS on the CAS server in question.
The smaller sites, can connect to head office and the larger sites will connect to their local CAS array.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33660036
Please correct me if I am wrong but, from the diagram, it seems you only have exchange in the head office.

If this is the case then adding a CAS in each site is useless it will only make you spend more money.

Your issue is that the sites are not configured to resolve abc.com domain correctly what you should do is

a. Go to the DNS server of each of Sites B3 and B4
b. Right click properties on the DNS server name -> forwarder
c. configure conditional forwarding to send all abc.com requests towards the DNS server in the head office
0
 

Author Comment

by:cur
ID: 33660089
yes  Akhater .

 adding  Cas  in each site not worth . that option totly out . sites are not configired to resolve abc.com .
i need to do the conditional forwarders in the  B3 and B4 . somebody told me  separate zone for abc.com in the brach level . it seems to be not correct . that's why i didn't do that . i will try this conditional forwaders .

how about the workgrop dns . how can I setup  the same thing ? is it forwarders or anything else ?

0
 
LVL 49

Expert Comment

by:Akhater
ID: 33660101
you can configure conditional forwarding on any DNS server no matter if it is workgroup or for a domain as long as the clients points to it it would work

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33661355
<< With akhater.
I dont think you can configure CAS arrays from branch since they dont have any exchange installation.

Also
Your outlook clients which are not joined to the domain will repeatedly prompt for passwords.

The way to get around that is this.
check the last post here
http://www.petri.co.il/forums/showthread.php?t=18808

Please test this on a workgroup:
a) Configure DNS forwarding as per akhater's post above.
b) try to setup Outlook RPC/HTTPS to connect to exchange in HQ.
c) Work around the password prompt issue using the post in above link.

Please post back if you have questions.
0
 

Author Comment

by:cur
ID: 33662698
i have the same issue .i will try all your method tommorow and see.
still i can go with the OWA access from the branch . isn't it
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33662724
what do you mean by "i haev the same issue" ? what did you try to do ?
0
 

Author Comment

by:cur
ID: 33667168
outlook password promt issue
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33667206
I don't understand you got me lost can you now access OWA https://name.domain.com/owa?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:cur
ID: 33667210


a. Go to the DNS server of each of Sites B3 and B4
b. Right click properties on the DNS server name -> forwarder


c. All other domains and i can mention the ip address or do i have to create the new one called abc.com ?

Do we need any record on the DVS server level as i mentioned to you like mail.abc.com . but i need a new zone to do that . isn't it



0
 
LVL 49

Expert Comment

by:Akhater
ID: 33667249
create one called abc.com that's it
0
 
LVL 49

Accepted Solution

by:
Akhater earned 167 total points
ID: 33667254
create one called abc.com and forward it to the abc.com dns ip that's all you need
0
 

Author Comment

by:cur
ID: 33667261
still i cant access that https://name.domain.com/owa? from the branch level . only https://ipaddress/owa
i am trying to do your conditional forwaders and see . for that i need to know there is a option All other domains and i can put my abc.com ip address  or new ----abc.com -----ipaddress

0
 
LVL 49

Expert Comment

by:Akhater
ID: 33667266
don't use "all other domians" create one called abc.com and forward it to the abc.com dns ip that's all you need
0
 

Author Comment

by:cur
ID: 33667269
thank you
0
 
LVL 28

Assisted Solution

by:sunnyc7
sunnyc7 earned 333 total points
ID: 33677902
to fix the outlook password prompt issue

a) close outlook
b) go to Start... Run and type 'control userpasswords2' (without the quotes) and press OK
c) click on the Advanced tab and press 'Manage Passwords'
d) find the entry for your mail server and click ‘Properties’
e) erase the Server name and type in the name of your DC /  global catalog server
f) leave the password blank and click OK
g) start Outlook, enter your password and check off ‘Remember my password’ one last time. It should not prompt again.
0
 

Author Comment

by:cur
ID: 33710025
Akhater: conditional forwerders ok . now i can resoleve the name from the branch level .
now i am trying to do the outlook anyware setup for the same poeple . coz i think it will more flexible for them.

password promt issue ? sunnyc7 are sure this will work or any other alternate options  ?

0
 
LVL 49

Expert Comment

by:Akhater
ID: 33710546
Great cur, if you need more help just update this thread
0
 

Author Comment

by:cur
ID: 33710635
i am testing this client side by login to the remote client computer as administrator and setting up the outlook anyware for test user . i hope no point of login to the remote PC as test user due to branch network in the separate AD. just i want to confirm by setps are correct on outlook anyware configuration.

Still i can't login to the exchnage server via outlook anware from the branch . asking password . I did the following settings. one of the link says 'S1' to enter as server ? what you mean my 's1' . shell i try this ?

following is the way i tried .

e) erase the Server name and type in the name of your DC /  global catalog server
there is no server name to erase . but i add new server entry with my GC server name with FQDN -dc1.abc.com and i have put the username as test . i have to enter the login name

f) leave the password blank and click OK




0
 
LVL 28

Assisted Solution

by:sunnyc7
sunnyc7 earned 333 total points
ID: 33712740
cur @ that solution is for an outlook trying to login to an exchange server and not logged into the domain.
That should be tried from the workstation.

All outlook config etc assumes that you are logged into the domain before you start troubleshooting issues related to password prompts etc.
my soln works if you are not logged into the domain.

Also
Please do not test administrator account for that. Test any normal user account with domain perms.

Key-step is this:
e) erase the Server name and type in the name of your DC /  global catalog server
>> Thats the DC/GC in which you are trying to login. that's the corp network I believe.

Post back if you face any issues.

thanks
0
 

Author Comment

by:cur
ID: 33720816
i am not testing administrator account . i am login to the remote client PC via remote windows session configuring as normal user account . i will try this and update you
thank you
0
 

Author Closing Comment

by:cur
ID: 34140709
good
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now