Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

DNS - SSL F

Posted on 2011-03-01
7
Medium Priority
?
526 Views
Last Modified: 2012-05-11
Hi Guys,

I want to setup an "A" record for our SSL FDQN in DNS.

This is INTERNALLY for "AutoDiscover" to find the Exchange server on the local IP.
Externally our remote.domain.com refers to the public IP.

I've included the entry in the host file on the individual workstations, and it works just fine.

I guess a better way, is to include the record in DNS as an "A" record.

- I should create the "A" record under Forward Lookup Zones
- There is currently two zones listed (local domain & _msdcs)

* Should I create a new zone under which to create the "A" record?
0
Comment
Question by:Rupert Eghardt
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 500 total points
ID: 35004996
It's always better to use DNS server instead of hosts file. Could you tell me please what you want to add to DNS? (I need a little bit more detailed explanation)

You have domain.local zone and you want to add local DNS zone domain.com ? What IP and what FQDN you'd like to have?

Thank you in advance.

Regards,
Krzysztof
0
 

Author Comment

by:Rupert Eghardt
ID: 35005022
The FDQN of our SSL for Outlook Anywhere (example:  OWA)
remote.domain.com

We have to add this to the DNS so that the local workstations could discover the Exchange server locally.
Currently the remote.domain.com refers to a PUBLIC IP externally.
Internally we want to setup the DNS so that the remote.domain.com would refer to LOCAL IP (192.x.x.x)

I hope this explains.

Thus, I need to know where I should add the "A" record for remote.domain.com to refer back to local IP?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 35005043
ok, so create new DNS zone domain.com in your DNS server and add A host for remote with internaql OWA server's IP :)
This would work :)

Then you will have OWA resolved internally :)

Krzysztof
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 10

Assisted Solution

by:JaredJ1
JaredJ1 earned 1000 total points
ID: 35005094
You could create a new zone for your email domain name however you should be aware of what this willl do. I assume your internal domain name is something like 'domain.local' and you want to create 'emailaddressdomain.com'. You could do this, and create an A record for Autodiscover, however, your DNS server will become authoritative internally for this zone. If you attempt to visit your external website (www.emailaddressdomain.com) internally, the DNS name will not resolve unless you create all of those records also. i.e. the 'www' record and any other hostnames that are required.

Just one thing to note about autodiscover - this record is only used by non-domain joined computers/devices. All PC's that are members of the domain will get the autodiscover address via an AD service connection point lookup so if all of your computers are members of the domain you probably don't need it.
0
 

Author Comment

by:Rupert Eghardt
ID: 35005384
I also thought that AD should have provided the lookup.
However, we had certificate error on W/S and I could see that it was referring back to public IP.
After adding the entry to the W/S host file, the error was resolved.

I have not yet imported the certificate into ISA, we are still buy setting up the OutlookAnywhere.
Would ISA not refer the lookup back to the Exchange server internally?
0
 
LVL 10

Accepted Solution

by:
JaredJ1 earned 1000 total points
ID: 35005466
The AD lookup should definitely work if they clients are members of the domain. Perhaps there is something configured incorrectly. You can do an autodiscover test to see what hostnames are being returned by Outlook. Launch Outlook, then hold down the Ctrl key and right click on the Outlook icon in the system tray/notification area. Select 'Test Autodiscover'.

Enter your email address and password. Untick the two guesssmart boxes. Run the test and then look at the 'log' tab. It will tell you which server names it has found and if they responded.

Let me know the results. If you don't have a trusted certificate installed on the Exchange CAS server you may get prompted to state whether you trust the cert/server but it should still work.
0
 
LVL 3

Assisted Solution

by:InterframeGap
InterframeGap earned 500 total points
ID: 35017748
When dealing with autodiscover there are a few things to remember (assuming my brain has not failed me today):

1) If the client is part of the domain (machine account exists for client)
1a) If the machine is internal to the company
2) Clients trusted to the domain will look for the SCP
REF: (http://msdn.microsoft.com/en-us/library/ms677638.aspx)
object for the CAS array and for autodiscover
3) autodiscover follows this sequence:
 - https://domain.com/autodiscover/autodiscover.xml
-  if fail then>
---https://autodiscover.domain.com/autodiscover/autodiscover.xml
- if fail and OL 2010 SP1 then>
--- _SRV lookup for cas array

------------
External clients follow a slightly different path:
This may supply some good sleeping material if you have sleeping problems:
http://technet.microsoft.com/en-us/library/bb124251.aspx
http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx

Keep away from hostfiles... always use DNS. Host files are fine for testing and troubleshooting but not for production (unless you have a 3 user office).

If you have integrated DNS/DHCP with AD pending on the site design your clients will find the autodiscover.xml  (but that must be created)

this post might give you some information:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22662775.html

0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes Top 9 Exchange troubleshooting utilities that every Exchange Administrator should know. Most of the utilities are available free of cost. List of tools that I am going to explain in this article are:   Microsoft Remote Con…
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question