Exchange Server 2010 client access from branch network with differant AD/workgruop
please check the attached Doc for network Diagram
B1 /B2 ( workgroup),B3 / B4 (AD) are braches . b3 and b4 have their own local AD and DNS . Head of has the abc.com and same name registered externaly(public). Currently head office users got all the option to get connected to exchange mail boxes in Head office . unfortunately branch level only can access OWA by entering ipaddress\owa . but I want to go with the proper name resolving way .
I tried accessing via outlook any ware from the branch office . it seems to me that same issue like name thing .
When I configure the port 443 as ssl . this will resolve ? we are accessing head office via telikom and isp Data ip VPN
Please let me know the best way go with my branch mail setup (client)
NetDialogex.bmp
B1 /B2 ( workgroup),B3 / B4 (AD) are braches . b3 and b4 have their own local AD and DNS . Head of has the abc.com and same name registered externaly(public). Currently head office users got all the option to get connected to exchange mail boxes in Head office . unfortunately branch level only can access OWA by entering ipaddress\owa . but I want to go with the proper name resolving way .
I tried accessing via outlook any ware from the branch office . it seems to me that same issue like name thing .
When I configure the port 443 as ssl . this will resolve ? we are accessing head office via telikom and isp Data ip VPN
Please let me know the best way go with my branch mail setup (client)
NetDialogex.bmp
ASKER
sorry . this is not help on this case . bit advance level of feedback need
You need to have a ClientAccessArray for each site in AD. You can then change DNS in each site to point to its local owa array. Once you do that just go into IIS on each array and set it to the correct certificate for use with the local address or load balanced address.
So if you have in site B1 the array may be arrayb1.org then point it to the DAG or mailbox server it should use. the same for B2, B3 and B4.
Once you have 4 arrays, you can then trick local DNS to think that owa.org is the local address for each AD site. In your case, any array will access the DAG or mailbox servers but from each location.
A bit tricky, but it can be done.
So if you have in site B1 the array may be arrayb1.org then point it to the DAG or mailbox server it should use. the same for B2, B3 and B4.
Once you have 4 arrays, you can then trick local DNS to think that owa.org is the local address for each AD site. In your case, any array will access the DAG or mailbox servers but from each location.
A bit tricky, but it can be done.
ASKER
without that option . best option we have to access the mail server in headoffice via OWA .isn't it
some of the places we have only 5 mail users except b4 got 20 users . all other users in Head office .
some are giving the option to create the DNS A record pointing to Head office DNS . primary dns zone to abc.com from the branch network dns server (abc.local). so then users can used the outlook any ware ?
some of the places we have only 5 mail users except b4 got 20 users . all other users in Head office .
some are giving the option to create the DNS A record pointing to Head office DNS . primary dns zone to abc.com from the branch network dns server (abc.local). so then users can used the outlook any ware ?
Yes that should be fine, as long as you assign unique addresses to each DNS entry and then bind a certificate for each site to IIS on the CAS server in question.
The smaller sites, can connect to head office and the larger sites will connect to their local CAS array.
The smaller sites, can connect to head office and the larger sites will connect to their local CAS array.
Please correct me if I am wrong but, from the diagram, it seems you only have exchange in the head office.
If this is the case then adding a CAS in each site is useless it will only make you spend more money.
Your issue is that the sites are not configured to resolve abc.com domain correctly what you should do is
a. Go to the DNS server of each of Sites B3 and B4
b. Right click properties on the DNS server name -> forwarder
c. configure conditional forwarding to send all abc.com requests towards the DNS server in the head office
If this is the case then adding a CAS in each site is useless it will only make you spend more money.
Your issue is that the sites are not configured to resolve abc.com domain correctly what you should do is
a. Go to the DNS server of each of Sites B3 and B4
b. Right click properties on the DNS server name -> forwarder
c. configure conditional forwarding to send all abc.com requests towards the DNS server in the head office
ASKER
yes Akhater .
adding Cas in each site not worth . that option totly out . sites are not configired to resolve abc.com .
i need to do the conditional forwarders in the B3 and B4 . somebody told me separate zone for abc.com in the brach level . it seems to be not correct . that's why i didn't do that . i will try this conditional forwaders .
how about the workgrop dns . how can I setup the same thing ? is it forwarders or anything else ?
adding Cas in each site not worth . that option totly out . sites are not configired to resolve abc.com .
i need to do the conditional forwarders in the B3 and B4 . somebody told me separate zone for abc.com in the brach level . it seems to be not correct . that's why i didn't do that . i will try this conditional forwaders .
how about the workgrop dns . how can I setup the same thing ? is it forwarders or anything else ?
you can configure conditional forwarding on any DNS server no matter if it is workgroup or for a domain as long as the clients points to it it would work
<< With akhater.
I dont think you can configure CAS arrays from branch since they dont have any exchange installation.
Also
Your outlook clients which are not joined to the domain will repeatedly prompt for passwords.
The way to get around that is this.
check the last post here
http://www.petri.co.il/forums/showthread.php?t=18808
Please test this on a workgroup:
a) Configure DNS forwarding as per akhater's post above.
b) try to setup Outlook RPC/HTTPS to connect to exchange in HQ.
c) Work around the password prompt issue using the post in above link.
Please post back if you have questions.
I dont think you can configure CAS arrays from branch since they dont have any exchange installation.
Also
Your outlook clients which are not joined to the domain will repeatedly prompt for passwords.
The way to get around that is this.
check the last post here
http://www.petri.co.il/forums/showthread.php?t=18808
Please test this on a workgroup:
a) Configure DNS forwarding as per akhater's post above.
b) try to setup Outlook RPC/HTTPS to connect to exchange in HQ.
c) Work around the password prompt issue using the post in above link.
Please post back if you have questions.
ASKER
i have the same issue .i will try all your method tommorow and see.
still i can go with the OWA access from the branch . isn't it
still i can go with the OWA access from the branch . isn't it
what do you mean by "i haev the same issue" ? what did you try to do ?
ASKER
outlook password promt issue
I don't understand you got me lost can you now access OWA https://name.domain.com/owa?
ASKER
a. Go to the DNS server of each of Sites B3 and B4
b. Right click properties on the DNS server name -> forwarder
c. All other domains and i can mention the ip address or do i have to create the new one called abc.com ?
Do we need any record on the DVS server level as i mentioned to you like mail.abc.com . but i need a new zone to do that . isn't it
create one called abc.com that's it
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
still i cant access that https://name.domain.com/owa? from the branch level . only https://ipaddress/owa
i am trying to do your conditional forwaders and see . for that i need to know there is a option All other domains and i can put my abc.com ip address or new ----abc.com -----ipaddress
i am trying to do your conditional forwaders and see . for that i need to know there is a option All other domains and i can put my abc.com ip address or new ----abc.com -----ipaddress
don't use "all other domians" create one called abc.com and forward it to the abc.com dns ip that's all you need
ASKER
thank you
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Akhater: conditional forwerders ok . now i can resoleve the name from the branch level .
now i am trying to do the outlook anyware setup for the same poeple . coz i think it will more flexible for them.
password promt issue ? sunnyc7 are sure this will work or any other alternate options ?
now i am trying to do the outlook anyware setup for the same poeple . coz i think it will more flexible for them.
password promt issue ? sunnyc7 are sure this will work or any other alternate options ?
Great cur, if you need more help just update this thread
ASKER
i am testing this client side by login to the remote client computer as administrator and setting up the outlook anyware for test user . i hope no point of login to the remote PC as test user due to branch network in the separate AD. just i want to confirm by setps are correct on outlook anyware configuration.
Still i can't login to the exchnage server via outlook anware from the branch . asking password . I did the following settings. one of the link says 'S1' to enter as server ? what you mean my 's1' . shell i try this ?
following is the way i tried .
e) erase the Server name and type in the name of your DC / global catalog server
there is no server name to erase . but i add new server entry with my GC server name with FQDN -dc1.abc.com and i have put the username as test . i have to enter the login name
f) leave the password blank and click OK
Still i can't login to the exchnage server via outlook anware from the branch . asking password . I did the following settings. one of the link says 'S1' to enter as server ? what you mean my 's1' . shell i try this ?
following is the way i tried .
e) erase the Server name and type in the name of your DC / global catalog server
there is no server name to erase . but i add new server entry with my GC server name with FQDN -dc1.abc.com and i have put the username as test . i have to enter the login name
f) leave the password blank and click OK
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i am not testing administrator account . i am login to the remote client PC via remote windows session configuring as normal user account . i will try this and update you
thank you
thank you
ASKER
good
http://technet.microsoft.com/en-us/library/bb123741.aspx
autodicovery:
http://technet.microsoft.com/en-us/library/bb124251.aspx