DNS entries for Exchange 2010 in CPANEL

We have 2 public IPs (Note to moderation:below IPs and addresses have been editted) to the outside of organization. We also have Exchange 2010 running recently but we are not sure if our Exchange related entries are correct in the our website hosting company's CPANEL. If you can have alook at the screen shots from cpanel and give me an advise to fix them, that would be much appreciated.
Note: We are sending and receiving emnails from 2 IPs (2x ADSL1 connection)

Could you check the entries below and tell me please if anything need to be fixed according to issues below.

    -Mobile devices such as IPhone cannot be configured for email at the moment.
   - Users cannot configure their outlooks from outside (home)
   - Rest of everyting is OK, incoming outgoing email etc..

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Incoming mail can come in on any of multple IP#s you setup MX records for.  It will use them based on the Priority Setting.

However,...outgoing mail is only going to use one of the IP#s.    Incoming and outgoing are entirely separate and independent of each other.  Make sure that whoever Hosts your Public DNS Records properly setup the Pointer Record so that the IP# of the outgoing mail resolves back to the same FQDN used on the right side of the "@" in the User's "return" Email Address.  If this isn't done correctly everyone's SPAM Filtering Systems will reject your attempts to send mail to them.  I believe you can use http://www.mxtoolbox.com to test these settings and it will report what it finds wrong, if anything.

For the mobile devices you just have to get OWA to work properly from the outside.  ActiveSync runs off of OWA,..so if OWA works, it should work.   So if you can use OWA manually "as a human" from outside your network using a web browser,...then the ActiveSync should also work with the mobile devices.  OWA is just a glorified SSL (HTTPS) web site,...so it is more-or-less them same as setting up any HTTPS Site to work Publicly.

When you configure the Mobile Devices you will use the OWA's FQDN as the ServerName.  Do not give it the entire URL,...just the FQDN.   So if the OWA URL is https://owa.mycompany.org/exchange then the FQDN would just be owa.mycompany.org
When giving the user credentials you need to include the Netbios verion of the Domain Name,...if you are given a specific Box for that then fine,..if not, then include it in front of the UserName (domainname\username).
teomcamAuthor Commented:

If you were configuring this CPANEL which entries you would use? Are our existing entries correct?

You have mentioned OWA's FQDN. Our owa address is like in the iphone's screenshot below. Actually am I doing right the setting below?
Your help much appreciated.

For the mail server sections remove the https:// and the /owa.  It should just read as


Also no need for the domain\username if you have entered the domain in the box above
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Just read pwindell post and realised I have just told you what he mentioned in the last section of it...

In terms of your cPanel I would consider replacing your autodiscover A records with SRV records, otherwise the setup looks fine
teomcamAuthor Commented:
I filled the fields as you mentioned above but following error coming up.
So are you saying nothing to fix on CPANEL?
Should I put autodiscover record into mx section?

You would need to get your ISP to change the PTR record to match your SMTP banner for both IPs

Can you run this to test the Activesync (choose the Activesync option)

teomcamAuthor Commented:
Please find ActiveSync test results as word document. BTW we are using TMG 2010.

If you entered an SRV record on your Cpanel that would straighten up the autodiscover errors, I can't see from here whether or not your Cpanel supports them.

The cert erros may be down to the fact you don't have a SAN cert but that won't bother the iPhone

Have you published a rule in the TMG for the activesync and OWA?
teomcamAuthor Commented:
I will contact hosting company and I will ask the about SRV records for autodiscover as I am not able to access Advanced DNS Records.

OWA has been published by the installer of TMG but I just heard from you that must be seperate activesync publish rule!
This screenshot from TMG's firewall. I think we do not have activesync rule isn't it?
Sorry that should be Activesync/owa, the rule is there so providing that it is pointing to your CAS server that should be fine.

Does your OWA work?

Are you using a SAN certificate on your Exchange?

Do you have any Activesync policies set on your Exchange server?
teomcamAuthor Commented:

I am using UC certificate from Globalsign. OWA works with no problem. I also can access owa via typing https://autodiscover.iqld.edu.au with no problem.

Activesync policy is default and I do not have any other policy.

Apologies for the delay, been working

What names do you have listed for the UC cert?

Have you recently migrated from an older mail system?

Also what response do you get when you perform the following test from a web browser


Any joy with having the SRV record setup on your DNS?
teomcamAuthor Commented:

https://mail.iqld.edu.au/oma works fine with the browser.

In UC Certificate
server internal IP
server name

browser shows following link when I see the login screen of owa
Can you just review my last post as there were a few other questions in there.

In short everything looks ok and there is nothing obvious as to why this isn't working for you, it could be an inheritable permissions issue but this normally only occurs post migration (which I you haven't confirmed yet) - can you check your application event log for any active-sync related permission errors.  I can't recall the event id but I will look it up when I am back in my office.

This would explain the iPhone issue

The Outlook anywhere issue is down to your DNS needing an SRV record creating and your certificate not being authorised (it is likely that the latter is the root of the issue) so you need to confirm the names on your UC cert here and get your SRV setup and then test using the https://www.testexchangeconnectivity.com/ 

teomcamAuthor Commented:
We have made transition 2 years back. Iphone never worked (actually newly needed) and have decided to solve that issue now. All logs are clean, except Get Engine Files warning whihc related to Forefront protection for Exchange.
Should I create SRV record on my Active Directory DNS server? If yes how? or should I ask ISP to create this?

UC Certificate contains (Copied from certificate) from Globalsign

DNS Name=mail.iqld.edu.au
IP Address=
DNS Name=
DNS Name=iqldes2010.iqld.local
DNS Name=mail.iqld.local
DNS Name=autodiscover.iqld.edu.au

Note: I just had run ExRCA test

Under Autodoscovery only 1 error came up and it says following;
An HTTP 403 error was received because ISA Server denied the specified URL.

I have checked path in TMG server and path is /*

What would cause this issue?
teomcamAuthor Commented:
I just tryed by using internal wireless and used the server name in screenshot as server name sucessfully logged in with iphone. I also found this under OWA publishing rule. Should I replace this with https://mail.iqld.edu.au   ?
publishing rule
Try the link within this post on Technet, this seems to explain your scenario pretty well - I'm no expert in TMG but I think the redirection is causing you the Activesync issues

Also check here just in case you got this issue from your migration, it is written by Alan Hardisty who is one of the top EE members


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
teomcamAuthor Commented:
No worries, thanks very much for your time. I will check the both links. Hopefully I can find a solution. Now I am going to close this topic as I already took a lot of time from you.
Kind regards
teomcamAuthor Commented:
No need to worry about the time taken up...

Post a new question if you need to and we can get this sorted
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.