troubleshooting Question
Microsoft Exchange 2013 disjointed DNS - Multiple Client Access Servers
asked on
All,
Presently I am in the middle of upgrading to Exchange 2013 and I am having a few problems. The most annoying one is with internal and external DNS. We use a internal TLD company.local, this was setup before I got here and generally is not worth the trouble to try and fix, as we have quite a large number of systems.
Anyway because of changes in using internal names on public certificates, see link below, I cannot request a certificate from a public CA with company.local as a SAN.
GoDaddy
In light of this I decided to setup two Client Access servers, one public and one private. The private server would use an internal certificate from my internal CA. The public server would use a UCC certificate from Godaddy with my public addresses for mail, owa, and autodiscover.
MX1.company.local = Client Access (Private)/Mailbox
MX2.company.local = Client Access (Public)
Now my Exchange 2013 test users (including myself) are getting errors saying certificate for (MX2.company.local) is not valid. This is true, because they are connecting to the internal domain name. Also, we are constantly being prompted for our username and password. Frequently we type the correct combination and it comes up again.
I have attempted to remove all references to MX2.company.local from internal server virtual directories for mx2.company.local and point Outlook anywhere on MX2 to MX1. So at present the internal virtual directories on MX2 are blank, only public directories are filled out, and MX1 only has internal directories. This still has not worked.
Please help this is extremely painful.
Presently I am in the middle of upgrading to Exchange 2013 and I am having a few problems. The most annoying one is with internal and external DNS. We use a internal TLD company.local, this was setup before I got here and generally is not worth the trouble to try and fix, as we have quite a large number of systems.
Anyway because of changes in using internal names on public certificates, see link below, I cannot request a certificate from a public CA with company.local as a SAN.
GoDaddy
In light of this I decided to setup two Client Access servers, one public and one private. The private server would use an internal certificate from my internal CA. The public server would use a UCC certificate from Godaddy with my public addresses for mail, owa, and autodiscover.
MX1.company.local = Client Access (Private)/Mailbox
MX2.company.local = Client Access (Public)
Now my Exchange 2013 test users (including myself) are getting errors saying certificate for (MX2.company.local) is not valid. This is true, because they are connecting to the internal domain name. Also, we are constantly being prompted for our username and password. Frequently we type the correct combination and it comes up again.
I have attempted to remove all references to MX2.company.local from internal server virtual directories for mx2.company.local and point Outlook anywhere on MX2 to MX1. So at present the internal virtual directories on MX2 are blank, only public directories are filled out, and MX1 only has internal directories. This still has not worked.
Please help this is extremely painful.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 9 Comments.
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 9 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.