• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 566
  • Last Modified:

DNS Records for exchange 2003/2010 coexistence

I need to understand the records that must be included in internal / External DNS for Exchange 2003/2010 Coexistence  please explain why they are in the internal and/or in the external DNS

I have done a lot of reading, and they recommend having, mail.domain.com, legacy.domain.com,autodiscover.domain.com on the internal and external DNS, but they never explain how these records are touched ,for instance during the mail access/flow through OWA while users are inside or outside the network, or through outlook anywhere or through mobile devices

any expert out there that have configured DNS for exchange 2003 and exchange 2010 coexistence...please explain which records you put in the public and internal DNS, and why you needed these records and how they are touched during mail flow and access

Thank you
0
jskfan
Asked:
jskfan
  • 4
  • 4
3 Solutions
 
Simon Butler (Sembee)ConsultantCommented:
You have read the coexistance documentation?
http://technet.microsoft.com/en-us/library/aa998186(v=exchg.141).aspx
http://technet.microsoft.com/en-us/library/ee332348(v=exchg.141).aspx

The DNS records come in to play for anything that is using HTTPS traffic.
The main use of legacy.example.com is for OWA access. The clients hit the Exchange 2010 server and if their mailbox is on Exchange 2003 then they are redirected to the legacy address.

Autodiscover is used in the day to day operations of Exchange. It is how Outlook 2007 and higher configure themselves and then find the various bits of information such as free/busy.

The other host name is used for ActiveSync, Outlook Anywhere and OWA (Exchange 2010).

Simon.
0
 
SteveCommented:
basically, when running 2007/2010/2013 exchange alongside 2003, you need to allow the systems to tell the difference between them.

internally:

The 2010 server and the 2003 server's internal FQDN should resolve to their internal IP (eg mail.domain.local & mail2.domain.local)
Where possible the external FQDN of each server should also resolve to their internal IP address. (eg mail.domain.com & legacy.domain.com)
the external Autodiscover FQDN should also resolve to the internal IP of the 2010 server (eg autodiscover.domain.com)

Externally, you need 2 external IPs if you intend to run 2003/2010 together.
Each server should accept port 443 on their own external IP.

Externally, the primary FQDN & autodiscover records should point to the 2010 server's external IP
the legacy FQDN should point to the 2003's external IP.

You can replace 'legacy' 2003 FQDN with whatever you choose, as long as it is different to the FQDN used for the 2010 server.
0
 
jskfanAuthor Commented:
SORRY for the DELAY
when a user is inside the network and wants to use OWA,  they will type https://mail.domain.com, then type user name and password, they reach the CAS sever, which in turns looks for the user mailbox location, if it is in Exchange 2003 , it will redirect the request to legacy.domain.com as specified in the INTERNAL DNS record.
the legacy.domain.com record points to Front End exchange 2003 server...
Correct ??
===================================

if a user is outside the network and wants to use OWA, they will type :
https://mail.domain.com, then type user name and password, the request will be redirected to Public DNS then to the public IP of mail.domain.com, as the protocol is 25 (SMTP) the firewall will redirect the request to the internal IP address of CAS server, which in turns looks for the user mailbox location, IF IT IS IN EXCHANGE 2003, Would the request be redirected to the External IP address of Legacy.domain.com (located in the public DNS record ) OR to the Internal IP address of legacy.domain.com (located in the internal DNS record).??
If it will be redirected to the Internal DNS to resolve legacy.domain.com, it means that the external legacy.domain.com will never be used....
if it will be redirected to the external DNS  to resolve legacy.domain.com, it means that it does not make sense, while the request made it all the way to the internal network , then it should make sense to use the internal DNS to resolve the legacy.domain.com... inh stead of being redirected to the external DNS record legacy.domain.com

To my understanding the Legacy.domain.com in the public DNS, is of No Use....

please let me know if my confusion is not understood
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Simon Butler (Sembee)ConsultantCommented:
Internally they will get the internal IP address, externally they will get the external IP address.
There is no way that the external users will get the internal IP address of the legacy address because OWA just tells the client to go somewhere else. It is down to the client to resolve the address, not Exchange.

Simon.
0
 
jskfanAuthor Commented:
Hi Sembee2:

Ok, Briefly :

 the external user will type https://mail.domain.com, then username and password,  the request will be redirected to the public IP address of the firewall, since it is an SMTP request, it will be NATted or redirected to the internal IP address of the CAS server, which in turns will look for the mailbox location in Exchange servers...
At this point if the mailbox is in Exchange 2003 server, will the CAS redirect the request to the IP address of Legacy.domain.com record located in the internal DNS server, which should be pointing to the Front End Server  OR to the IP address of Legacy.com record located in the public DNS server ?
it will make sense that it will be redirected to the internal IP address of the Legacy.com record located in the internal DNS pointing to the FE, since it is closer instead of redirecting it to the IP address of Legacy.com located in the public DNS, then coming back to the Front End Server
0
 
Simon Butler (Sembee)ConsultantCommented:
Why would it use the internal IP address?

Client hits mail.example.com, which is the Exchange 2010 server. The user logs in. Exchange sees that the user is a legacy mailbox so redirects the user to legacy.example.com - this is basically a HTTP request. The client (browser) then does a regular lookup of legacy.example.com and goes to that IP address. If external then it will be a query against your external IP address. You just need to ensure that you are pointing the NAT for the external IP address for legacy.example.com to the Exchange 2003 platform.

Simon.
0
 
jskfanAuthor Commented:
<<Client hits mail.example.com, which is the Exchange 2010 server. The user logs in. Exchange sees that the user is a legacy mailbox so redirects the user to legacy.example.com - this is basically a HTTP request>>
Ok, that's when the user is inside the network and trying to use OWA. the legacy.example.com here should be pointing to FE

==========================================
<<If external then it will be a query against your external IP address. You just need to ensure that you are pointing the NAT for the external IP address for legacy.example.com to the Exchange 2003 platform. >>

The request will still have to make it to the CAS server inside the network in order for the CAS to determine if the mailbox is in the Exchange 2003 or not.
At this point if the user mailbox is in 2003, will the request be redirected to Legacy.example.com Internal or External IP address...

Did you get where the confusion is ?

Both internal and external OWA access have to reach CAS server inside the Network to determine if the Mailbox is in 2003 or 2010....if OWA is tried outside and CAS found that the mailbox is in 2003 why CAS would not redirected to the internal IP address of legacy.example.com instead to the external IP??/
0
 
Simon Butler (Sembee)ConsultantCommented:
You are overcomplicating things.
There is no connection required to the legacy CAS to determine that it is - that information is stored within the domain which Exchange queries.
Furthermore there is no internal connection either. It is basically Exchange saying the mailbox isn't ehre, it is there, and telling the client - the browser - to go elsewhere.

Simon.
0
 
jskfanAuthor Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now