Solved

DNS entries for Exchange 2010 in CPANEL

Posted on 2012-03-29
21
1,513 Views
Last Modified: 2012-04-03
We have 2 public IPs (Note to moderation:below IPs and addresses have been editted) to the outside of organization. We also have Exchange 2010 running recently but we are not sure if our Exchange related entries are correct in the our website hosting company's CPANEL. If you can have alook at the screen shots from cpanel and give me an advise to fix them, that would be much appreciated.
Note: We are sending and receiving emnails from 2 IPs (2x ADSL1 connection)

Could you check the entries below and tell me please if anything need to be fixed according to issues below.

    -Mobile devices such as IPhone cannot be configured for email at the moment.
   - Users cannot configure their outlooks from outside (home)
   - Rest of everyting is OK, incoming outgoing email etc..

mxentriesdnsentries
0
Comment
Question by:teomcam
  • 10
  • 10
21 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 37784297
Incoming mail can come in on any of multple IP#s you setup MX records for.  It will use them based on the Priority Setting.

However,...outgoing mail is only going to use one of the IP#s.    Incoming and outgoing are entirely separate and independent of each other.  Make sure that whoever Hosts your Public DNS Records properly setup the Pointer Record so that the IP# of the outgoing mail resolves back to the same FQDN used on the right side of the "@" in the User's "return" Email Address.  If this isn't done correctly everyone's SPAM Filtering Systems will reject your attempts to send mail to them.  I believe you can use http://www.mxtoolbox.com to test these settings and it will report what it finds wrong, if anything.

For the mobile devices you just have to get OWA to work properly from the outside.  ActiveSync runs off of OWA,..so if OWA works, it should work.   So if you can use OWA manually "as a human" from outside your network using a web browser,...then the ActiveSync should also work with the mobile devices.  OWA is just a glorified SSL (HTTPS) web site,...so it is more-or-less them same as setting up any HTTPS Site to work Publicly.

When you configure the Mobile Devices you will use the OWA's FQDN as the ServerName.  Do not give it the entire URL,...just the FQDN.   So if the OWA URL is https://owa.mycompany.org/exchange then the FQDN would just be owa.mycompany.org
When giving the user credentials you need to include the Netbios verion of the Domain Name,...if you are given a specific Box for that then fine,..if not, then include it in front of the UserName (domainname\username).
0
 
LVL 8

Author Comment

by:teomcam
ID: 37785001
Hi,

If you were configuring this CPANEL which entries you would use? Are our existing entries correct?

You have mentioned OWA's FQDN. Our owa address is like in the iphone's screenshot below. Actually am I doing right the setting below?
Your help much appreciated.

mobilescreencapture
Regards
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37785829
For the mail server sections remove the https:// and the /owa.  It should just read as

mail.iqld.edu.au

Also no need for the domain\username if you have entered the domain in the box above
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37785838
Just read pwindell post and realised I have just told you what he mentioned in the last section of it...

In terms of your cPanel I would consider replacing your autodiscover A records with SRV records, otherwise the setup looks fine
0
 
LVL 8

Author Comment

by:teomcam
ID: 37786029
I filled the fields as you mentioned above but following error coming up.
So are you saying nothing to fix on CPANEL?
Should I put autodiscover record into mx section?

mxtooltest
iphonescreencap
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37786425
You would need to get your ISP to change the PTR record to match your SMTP banner for both IPs

Can you run this to test the Activesync (choose the Activesync option)

https://www.testexchangeconnectivity.com/
0
 
LVL 8

Author Comment

by:teomcam
ID: 37786520
Please find ActiveSync test results as word document. BTW we are using TMG 2010.

ActiveSyncTest-Details.doc
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37786887
If you entered an SRV record on your Cpanel that would straighten up the autodiscover errors, I can't see from here whether or not your Cpanel supports them.

The cert erros may be down to the fact you don't have a SAN cert but that won't bother the iPhone

Have you published a rule in the TMG for the activesync and OWA?
0
 
LVL 8

Author Comment

by:teomcam
ID: 37788291
I will contact hosting company and I will ask the about SRV records for autodiscover as I am not able to access Advanced DNS Records.

OWA has been published by the installer of TMG but I just heard from you that must be seperate activesync publish rule!
This screenshot from TMG's firewall. I think we do not have activesync rule isn't it?
tmgfirewall
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37788409
Sorry that should be Activesync/owa, the rule is there so providing that it is pointing to your CAS server that should be fine.

Does your OWA work?

Are you using a SAN certificate on your Exchange?

Do you have any Activesync policies set on your Exchange server?
0
 
LVL 8

Author Comment

by:teomcam
ID: 37789200
Hi,

I am using UC certificate from Globalsign. OWA works with no problem. I also can access owa via typing https://autodiscover.iqld.edu.au with no problem.

Activesync policy is default and I do not have any other policy.
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37796678
Hi

Apologies for the delay, been working

What names do you have listed for the UC cert?

Have you recently migrated from an older mail system?

Also what response do you get when you perform the following test from a web browser

https://mail.iqld.edu.au/oma

Any joy with having the SRV record setup on your DNS?
0
 
LVL 8

Author Comment

by:teomcam
ID: 37797654
Hi,

https://mail.iqld.edu.au/oma works fine with the browser.


In UC Certificate
mail.iqld.edu.au
autodiscover.iqld.edu.au
server internal IP
server name


browser shows following link when I see the login screen of owa
https://mail.iqld.edu.au/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.iqld.edu.au%2fowa%2foma
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37798200
Can you just review my last post as there were a few other questions in there.

In short everything looks ok and there is nothing obvious as to why this isn't working for you, it could be an inheritable permissions issue but this normally only occurs post migration (which I you haven't confirmed yet) - can you check your application event log for any active-sync related permission errors.  I can't recall the event id but I will look it up when I am back in my office.

This would explain the iPhone issue

The Outlook anywhere issue is down to your DNS needing an SRV record creating and your certificate not being authorised (it is likely that the latter is the root of the issue) so you need to confirm the names on your UC cert here and get your SRV setup and then test using the https://www.testexchangeconnectivity.com/

Thanks
0
 
LVL 8

Author Comment

by:teomcam
ID: 37798475
We have made transition 2 years back. Iphone never worked (actually newly needed) and have decided to solve that issue now. All logs are clean, except Get Engine Files warning whihc related to Forefront protection for Exchange.
Should I create SRV record on my Active Directory DNS server? If yes how? or should I ask ISP to create this?

UC Certificate contains (Copied from certificate) from Globalsign

DNS Name=mail.iqld.edu.au
IP Address=192.168.25.90
DNS Name=192.168.25.90
DNS Name=iqldes2010.iqld.local
DNS Name=mail.iqld.local
DNS Name=autodiscover.iqld.edu.au

Note: I just had run ExRCA test

Under Autodoscovery only 1 error came up and it says following;
An HTTP 403 error was received because ISA Server denied the specified URL.

I have checked path in TMG server and path is /*

What would cause this issue?
0
 
LVL 8

Author Comment

by:teomcam
ID: 37798563
I just tryed by using internal wireless and used the server name in screenshot as server name sucessfully logged in with iphone. I also found this under OWA publishing rule. Should I replace this with https://mail.iqld.edu.au   ?
publishing rule
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37799741
Try the link within this post on Technet, this seems to explain your scenario pretty well - I'm no expert in TMG but I think the redirection is causing you the Activesync issues

http://social.technet.microsoft.com/Forums/sv-SE/Forefrontedgegeneral/thread/25a1e54d-20fd-42f4-8233-f60378c0cd8d
0
 
LVL 12

Accepted Solution

by:
DLeaver earned 500 total points
ID: 37799750
Also check here just in case you got this issue from your migration, it is written by Alan Hardisty who is one of the top EE members

http://alanhardisty.wordpress.com/2010/03/05/activesync-not-working-on-exchange-2010-when-inherit-permissions-not-set/
0
 
LVL 8

Author Comment

by:teomcam
ID: 37799837
No worries, thanks very much for your time. I will check the both links. Hopefully I can find a solution. Now I am going to close this topic as I already took a lot of time from you.
Kind regards
0
 
LVL 8

Author Closing Comment

by:teomcam
ID: 37799840
Thanks
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 37800697
No need to worry about the time taken up...

Post a new question if you need to and we can get this sorted
0

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now