Solved

DNS - SSL F

Posted on 2011-03-01
7
476 Views
Last Modified: 2012-05-11
Hi Guys,

I want to setup an "A" record for our SSL FDQN in DNS.

This is INTERNALLY for "AutoDiscover" to find the Exchange server on the local IP.
Externally our remote.domain.com refers to the public IP.

I've included the entry in the host file on the individual workstations, and it works just fine.

I guess a better way, is to include the record in DNS as an "A" record.

- I should create the "A" record under Forward Lookup Zones
- There is currently two zones listed (local domain & _msdcs)

* Should I create a new zone under which to create the "A" record?
0
Comment
Question by:Rupert Eghardt
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 125 total points
ID: 35004996
It's always better to use DNS server instead of hosts file. Could you tell me please what you want to add to DNS? (I need a little bit more detailed explanation)

You have domain.local zone and you want to add local DNS zone domain.com ? What IP and what FQDN you'd like to have?

Thank you in advance.

Regards,
Krzysztof
0
 

Author Comment

by:Rupert Eghardt
ID: 35005022
The FDQN of our SSL for Outlook Anywhere (example:  OWA)
remote.domain.com

We have to add this to the DNS so that the local workstations could discover the Exchange server locally.
Currently the remote.domain.com refers to a PUBLIC IP externally.
Internally we want to setup the DNS so that the remote.domain.com would refer to LOCAL IP (192.x.x.x)

I hope this explains.

Thus, I need to know where I should add the "A" record for remote.domain.com to refer back to local IP?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 35005043
ok, so create new DNS zone domain.com in your DNS server and add A host for remote with internaql OWA server's IP :)
This would work :)

Then you will have OWA resolved internally :)

Krzysztof
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 10

Assisted Solution

by:JaredJ1
JaredJ1 earned 250 total points
ID: 35005094
You could create a new zone for your email domain name however you should be aware of what this willl do. I assume your internal domain name is something like 'domain.local' and you want to create 'emailaddressdomain.com'. You could do this, and create an A record for Autodiscover, however, your DNS server will become authoritative internally for this zone. If you attempt to visit your external website (www.emailaddressdomain.com) internally, the DNS name will not resolve unless you create all of those records also. i.e. the 'www' record and any other hostnames that are required.

Just one thing to note about autodiscover - this record is only used by non-domain joined computers/devices. All PC's that are members of the domain will get the autodiscover address via an AD service connection point lookup so if all of your computers are members of the domain you probably don't need it.
0
 

Author Comment

by:Rupert Eghardt
ID: 35005384
I also thought that AD should have provided the lookup.
However, we had certificate error on W/S and I could see that it was referring back to public IP.
After adding the entry to the W/S host file, the error was resolved.

I have not yet imported the certificate into ISA, we are still buy setting up the OutlookAnywhere.
Would ISA not refer the lookup back to the Exchange server internally?
0
 
LVL 10

Accepted Solution

by:
JaredJ1 earned 250 total points
ID: 35005466
The AD lookup should definitely work if they clients are members of the domain. Perhaps there is something configured incorrectly. You can do an autodiscover test to see what hostnames are being returned by Outlook. Launch Outlook, then hold down the Ctrl key and right click on the Outlook icon in the system tray/notification area. Select 'Test Autodiscover'.

Enter your email address and password. Untick the two guesssmart boxes. Run the test and then look at the 'log' tab. It will tell you which server names it has found and if they responded.

Let me know the results. If you don't have a trusted certificate installed on the Exchange CAS server you may get prompted to state whether you trust the cert/server but it should still work.
0
 
LVL 3

Assisted Solution

by:InterframeGap
InterframeGap earned 125 total points
ID: 35017748
When dealing with autodiscover there are a few things to remember (assuming my brain has not failed me today):

1) If the client is part of the domain (machine account exists for client)
1a) If the machine is internal to the company
2) Clients trusted to the domain will look for the SCP
REF: (http://msdn.microsoft.com/en-us/library/ms677638.aspx)
object for the CAS array and for autodiscover
3) autodiscover follows this sequence:
 - https://domain.com/autodiscover/autodiscover.xml
-  if fail then>
---https://autodiscover.domain.com/autodiscover/autodiscover.xml
- if fail and OL 2010 SP1 then>
--- _SRV lookup for cas array

------------
External clients follow a slightly different path:
This may supply some good sleeping material if you have sleeping problems:
http://technet.microsoft.com/en-us/library/bb124251.aspx
http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx

Keep away from hostfiles... always use DNS. Host files are fine for testing and troubleshooting but not for production (unless you have a 3 user office).

If you have integrated DNS/DHCP with AD pending on the site design your clients will find the autodiscover.xml  (but that must be created)

this post might give you some information:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22662775.html

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now