Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DNS - SSL F

Posted on 2011-03-01
7
Medium Priority
?
522 Views
Last Modified: 2012-05-11
Hi Guys,

I want to setup an "A" record for our SSL FDQN in DNS.

This is INTERNALLY for "AutoDiscover" to find the Exchange server on the local IP.
Externally our remote.domain.com refers to the public IP.

I've included the entry in the host file on the individual workstations, and it works just fine.

I guess a better way, is to include the record in DNS as an "A" record.

- I should create the "A" record under Forward Lookup Zones
- There is currently two zones listed (local domain & _msdcs)

* Should I create a new zone under which to create the "A" record?
0
Comment
Question by:Rupert Eghardt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 500 total points
ID: 35004996
It's always better to use DNS server instead of hosts file. Could you tell me please what you want to add to DNS? (I need a little bit more detailed explanation)

You have domain.local zone and you want to add local DNS zone domain.com ? What IP and what FQDN you'd like to have?

Thank you in advance.

Regards,
Krzysztof
0
 

Author Comment

by:Rupert Eghardt
ID: 35005022
The FDQN of our SSL for Outlook Anywhere (example:  OWA)
remote.domain.com

We have to add this to the DNS so that the local workstations could discover the Exchange server locally.
Currently the remote.domain.com refers to a PUBLIC IP externally.
Internally we want to setup the DNS so that the remote.domain.com would refer to LOCAL IP (192.x.x.x)

I hope this explains.

Thus, I need to know where I should add the "A" record for remote.domain.com to refer back to local IP?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 35005043
ok, so create new DNS zone domain.com in your DNS server and add A host for remote with internaql OWA server's IP :)
This would work :)

Then you will have OWA resolved internally :)

Krzysztof
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 10

Assisted Solution

by:JaredJ1
JaredJ1 earned 1000 total points
ID: 35005094
You could create a new zone for your email domain name however you should be aware of what this willl do. I assume your internal domain name is something like 'domain.local' and you want to create 'emailaddressdomain.com'. You could do this, and create an A record for Autodiscover, however, your DNS server will become authoritative internally for this zone. If you attempt to visit your external website (www.emailaddressdomain.com) internally, the DNS name will not resolve unless you create all of those records also. i.e. the 'www' record and any other hostnames that are required.

Just one thing to note about autodiscover - this record is only used by non-domain joined computers/devices. All PC's that are members of the domain will get the autodiscover address via an AD service connection point lookup so if all of your computers are members of the domain you probably don't need it.
0
 

Author Comment

by:Rupert Eghardt
ID: 35005384
I also thought that AD should have provided the lookup.
However, we had certificate error on W/S and I could see that it was referring back to public IP.
After adding the entry to the W/S host file, the error was resolved.

I have not yet imported the certificate into ISA, we are still buy setting up the OutlookAnywhere.
Would ISA not refer the lookup back to the Exchange server internally?
0
 
LVL 10

Accepted Solution

by:
JaredJ1 earned 1000 total points
ID: 35005466
The AD lookup should definitely work if they clients are members of the domain. Perhaps there is something configured incorrectly. You can do an autodiscover test to see what hostnames are being returned by Outlook. Launch Outlook, then hold down the Ctrl key and right click on the Outlook icon in the system tray/notification area. Select 'Test Autodiscover'.

Enter your email address and password. Untick the two guesssmart boxes. Run the test and then look at the 'log' tab. It will tell you which server names it has found and if they responded.

Let me know the results. If you don't have a trusted certificate installed on the Exchange CAS server you may get prompted to state whether you trust the cert/server but it should still work.
0
 
LVL 3

Assisted Solution

by:InterframeGap
InterframeGap earned 500 total points
ID: 35017748
When dealing with autodiscover there are a few things to remember (assuming my brain has not failed me today):

1) If the client is part of the domain (machine account exists for client)
1a) If the machine is internal to the company
2) Clients trusted to the domain will look for the SCP
REF: (http://msdn.microsoft.com/en-us/library/ms677638.aspx)
object for the CAS array and for autodiscover
3) autodiscover follows this sequence:
 - https://domain.com/autodiscover/autodiscover.xml
-  if fail then>
---https://autodiscover.domain.com/autodiscover/autodiscover.xml
- if fail and OL 2010 SP1 then>
--- _SRV lookup for cas array

------------
External clients follow a slightly different path:
This may supply some good sleeping material if you have sleeping problems:
http://technet.microsoft.com/en-us/library/bb124251.aspx
http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx

Keep away from hostfiles... always use DNS. Host files are fine for testing and troubleshooting but not for production (unless you have a 3 user office).

If you have integrated DNS/DHCP with AD pending on the site design your clients will find the autodiscover.xml  (but that must be created)

this post might give you some information:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22662775.html

0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question