TereciaBurgess
asked on
Internal access to external webmail
I'm trying to get our external webmail functional internally. I've added mail.mycompany.com as a forward lookup zone in DNS. I've got the affiliated A record which is the same as the host. I've got the reverse lookup setup to point back to the internal IP address. I get the login prompt. However after 3 tries I get HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.
Internet Information Services (IIS)
I've removed the reverse lookup for mail.mycompany.com and get the login prompt. 3 strikes and Error: Access is denied.
Any assistance that gets me passed this hurdle is greatlyappreciated.
Internet Information Services (IIS)
I've removed the reverse lookup for mail.mycompany.com and get the login prompt. 3 strikes and Error: Access is denied.
Any assistance that gets me passed this hurdle is greatlyappreciated.
Instead of using DNS, trying creating a NAT Policy in your firewall to do this ?
Let me know what firewall are you using ?
Let me know what firewall are you using ?
ASKER
I should add that if I use servername/exchange or serverip/exchange internally, I can get to webmail. I'm pretty sure this is a DNS issue.
It is.
But NAT policy does a better job at this, than just Adding zones in Forward look up zone and then adding A-record to lan ip of exchange.
Let me know your firewall.
For Sonicwall Enhanced / Standard OS - Making these changes are piece of cake
But NAT policy does a better job at this, than just Adding zones in Forward look up zone and then adding A-record to lan ip of exchange.
Let me know your firewall.
For Sonicwall Enhanced / Standard OS - Making these changes are piece of cake
ASKER
Sunnyc7, we do not have access to the router. This is a small business with only 2 people in the office on a DSL connection. We need to make the changes on the server in DNS.
ok, if that's the case, then you do not have much of an option other than what you already did.
You can inspect the DNS with dcdiag /v /e /TEST:DNS
You can also check by ping
ping mail.domain.com and see if you get a lan ip
You can Add that IP in DHCP exclusion list, so that there is no conflict.
You can inspect the DNS with dcdiag /v /e /TEST:DNS
You can also check by ping
ping mail.domain.com and see if you get a lan ip
You can Add that IP in DHCP exclusion list, so that there is no conflict.
ASKER
DCdiag test of DNS passed.
Ping mail.mycompany.com returns e-mail server internal address
IP address is included in exclusion list of DHCP
I'm leaning toward IIS at this point. Seems I need to be able to put \exchange after my server name in the DNS (which cannot be done) to get past the issues with the login prompt.
Ping mail.mycompany.com returns e-mail server internal address
IP address is included in exclusion list of DHCP
I'm leaning toward IIS at this point. Seems I need to be able to put \exchange after my server name in the DNS (which cannot be done) to get past the issues with the login prompt.
Can you post a screenshot of the error please.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Turns out one of the people in my office had the solution for me.
1. Have you got a UCC SSL certificate setup? It should at least include: mail.yourcomopany.com, autodiscover.yourcompany.c
2. Ensure that all services are assigned to the certificate.
3. What have you got in front of your server? ISA, TMG or Edge?
Let me know then we can go through the next step.