Learn how to a build a cloud-first strategyRegister Now


accessing webmail of mail server outside local domain from local domain client pc

Posted on 2011-10-13
Medium Priority
Last Modified: 2012-05-12
On any PC that is in our local domain, we cannot login to our mail server's webmail without changing the domain prefix.  Yet for computers not yet joined to the domain or outside the office, they don't need to change a thing.

EG:   Outside the local domain (or office)...
username = fsurname
password = abc123

As member of local domain...
it tries to connect with username = ourdomain.local\fsurname
but it fails and I have to change to clientpc\fsurname

How can I make it so that it works with either???

PS.   the local domain is setup like "ourdomain.local" and the email server (which is in the office, in a different IP range) is setup as "mail.emaildomain.com.au".  We can normally access webmail from any computer, anywhere.

Question by:Reece Dodds
LVL 17

Expert Comment

by:Sajid Shaik M
ID: 36966685
it's an dns issue...

Create DNS forwarder ins your DOmain point to Mail server...

open DNS management - select the DNS Server - right click- properties - select forwarder - type the mail server name in DNS name ..and tyep the IP addressof Mail server n " select domain forwardes ip address: add .. thats is (in win 2003)

ans similar in win 2008 and R2

all the best
LVL 41

Expert Comment

ID: 36973695
Unless the Exchange machine is also a DNS server with records that aren't available on the other DNS servers in your domain, it should NOT be listed in the forwarders list.

Can you clarify, when you say "computers... outside the office", are these computers joined to the domain or not?

Is the Exchange (webmail) server a part of the same domain "ourdomain.local" (with an A record mail.emaildomain.com.au pointing to its IP), or is actually part of the domain "emaildomain.com.au"?

What type of authentication are you trying to use?  Just Basic, or another type?

In IIS Manager go to the properties of the Exchange virtual directory > Directory Security tab. > Authentication and Access Control.  What do you have for authentication and default domain?

Author Comment

by:Reece Dodds
ID: 36982951
@ footech:  
The exchange server is not a DNS server.
"computers outside the office" are not joined to the domain or even the same network.
the exchange server is part of the domain "emaildomain.com.au" with it's own public IP and FQDN.
it is using Basic authentication, the default domain is "EMAILDOMAIN" (without the .com.au)

It is only computers in the new local domain that are having the issue and it is easy enough to modify the login prompt so instead of saying "LOCALDOMAIN\username" it says "LOCALCOMPUTER\username", but only I will know to do that.  I don't expect our all important bosses to need to (or know how to) change that.

I will try a DNS forward on the new local domain's DNS.   I know that the old DNS server (which wasn't a domain controller or part of a domain at all) DID have a number of DNS entries...
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

LVL 41

Expert Comment

ID: 36989904
What version of Exchange are you using?  Are you using a FE/BE configuration?

When I access OWA with only basic authentication I get a pop up for credentials but it doesn't include a domain by default.  What browser and OS are you using?

Author Comment

by:Reece Dodds
ID: 36989968
front end only.  It's not in a DMZ, just a public side of the firewall.
It's Exchange 2003 on Server 2003 Standard R2.

Most systems are XP Pro (SP3) with IE8.  Some are Win7 and IE9.

It's not doing it anymore though.  Possibly because I created the DNS entry, but I can't be sure.
I wish I could know what the issue was... so I'm going to remove the DNS forwarder that I added and see if the issue comes back.  
LVL 41

Expert Comment

ID: 36990046
I think I know the "why" behind it (at least some of it).  I was able to duplicate what you are seeing when accessing OWA from a member of a different domain.  The only time I see the domain included in the credentials prompt is when Integrated Windows Authentication is used.  In a FE/BE scenario, the FE server only has Basic Authentication set on the /Exchange VD, so you never see the issue.  On a BE server, the /Exchange VD has both Basic and Integrated set.  When you have only one server, it is a BE.  Unfortunately, I can't tell  you if unchecking the Integrated Windows Authentication would break any other functionality.  In a quick test I didn't notice any problems however.   Another work-around (though tedious), is to disable the ability to use Windows Integrated Authentication in IE, under the advanced settings.

Author Comment

by:Reece Dodds
ID: 37034821
I've requested that this question be deleted for the following reason:

Although some suggestions were helpful in trying to determine what the problem was, the problem no longer exists and no changes were made to the server config that had any effect.<br />So, I'm asking this question to be deleted due to the problem &quot;fixing itself&quot;.<br />thanks to the experts who commented though.

Author Comment

by:Reece Dodds
ID: 37034822
My reason is: Actually... the issue is still present.  But I've found that it localised to one client PC only.
All other Win XP computers can access webmail without needing to specify a domain for the username.
LVL 29

Accepted Solution

pwindell earned 2000 total points
ID: 37056748
Com'on!   Why can anyone just say that....

1. "There isn't anything wrong with it!"

2. "It's exactly the way it is supposed to be!"

3. "It's been that way since 1995"

Because those are all true statements.
If you want it to work cleanly the Clients have to be in the same Domain as the Exchange or not be in a domain at all.   If the Clients are in a different Domain than them Exchange  then you are going to get exactly what you are getting.   There is no "fix" because there is nothing "broken".

Author Closing Comment

by:Reece Dodds
ID: 37073797
Thanks for explaining that.  Don't understand why no-one else could point that out.
If anyone knows of a workaround, I'd love to know it, but until then, I'll have to provide instruction on what to do.

LVL 41

Expert Comment

ID: 37075097
Sorry I didn't get back to this sooner.  I try not to leave any questions I'm participating in hanging, so, my apologies.  I should have pointed out that most of what you're seeing is typical.  The twist is that you weren't seeing it on all of the machines on the local domain (which is baffling).  I was going to ask, why the separate domain for the email?

One thing that may help you:
Everyone should be able to use "EMAILDOMAIN\user" instead of "LOCALCOMPUTER\user", so each user doesn't have to know the name of the computer they're using.  As a side note, even for home users I recommend doing this as providing just the username is often enough, but I've also seen where some functions don't work unless the credentials are passed as DOMAIN\user.

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Suggested Courses
Course of the Month20 days, 17 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question