Solved

Exchange 2013, DNS Settings, and Configure Mail Flow

Posted on 2013-10-31
15
2,229 Views
Last Modified: 2013-10-31
GOAL:

I setup a basic test domain with two Windows 2012 servers. One has Exchange 2013 installed onto it. My goal is to have a fully functional domain and a working Exchange 2013 server that can send and receive messages. I want to use OUtlook Web Access, Outlook Anywhere and Autodiscover. I have an SSL certificate for 10 domains that I will apply.

PROBLEM:
I followed the exact procedures listed in the following Microsoft Tech Note on how to configure Mail Flow and Client Access.
http://technet.microsoft.com/en-us/library/4acc7f2a-93ce-468c-9ace-d5f7eecbd8d4(v=exchg.150)#CreateConnector

If I log into OWA using the public facing URL,  I can log in as a user, and send messages. This user can also receive messages. So, it looks like I have been successful in all of the steps listed in this technical document until I get to Step #5, which is to configure Internal URLs and when Configuring internal and external URLs to be the same. I followed the steps exactly, but when I run NSLOOKUP (as the self-checking step says, I get errors or I think I get errors.

Please look at the ***PROBLEM*** section of this post to see what the NSLOOKUP command reports. Why do I have these results, and what should they be? How do I correct these errors so that I can begin the SSL step?

Thanks,
John

***********************

Here is what my domain looks like and my detailed notes:

My Domain Name
When I installed active directory, I set it up with a <mydomain.com> address.


* I have one static IP
* SERVER1 has Windows 2012 server has AD installed.
* SERVER2 has Windows 2012 server and Exchange 2013 is installed.
* SERVER2, the Exchange 2013 server, has IIS installed with a basic web page.
* Two Windows 7/8.1 workstations are joined to the domain.

DNS settings at my ISP:

A Record
mail - points to my static IP address

CNAME
autodiscover - points to mail.mycompany.com
owa - points to mail.mycompany.com

MX Record
points to mail.mydomain.com

DNS Settings on my Network:

A Record
SERVER2 - Internal Static IP Address Assigned.

CNAME
mail - points to server2.domain.com
owa - points to server2.mail.com

Firewall
SMTP  Port 25 forwards to SERVER2
HTTP  Port 80 forwards to SERVER2
HTTPS Port 443 forwards to SERVER2

The Exchange 2013 Server has been assigned the following roles:

* Mailbox Role
* Client Access Role

Steps already Taken:

1. Created Send Connector. Tested and Internet recipients receive messages from test account.
2. Verified Accepted Domain, and the authorative domain listed is the one I want to use. No other accepted domains were added.
3. Reviewed the default email address policy and accepted the default SMTP email address policy already in place.
4. Configured External URL's exactly like in technical document listed below:

http://technet.microsoft.com/en-us/library/4acc7f2a-93ce-468c-9ace-d5f7eecbd8d4(v=exchg.150)#CreateConnector

While configuring the external URL's, I went through steps 1 through 11, and I also made the suggestions in the Note. My DNS public records are the same as the table's records, but of course I am using myowndomain.com.I double-checked my work by reviewing their next step titled, "How do you know this step worked?". All my paths are the same except I am using my domain.

5. Configure Internal URL's: I used the suggested setting listed in Step number 5: Configure internal URLs. I implemented a new address scheme so I used the same URL for both internal and external URLs. The document says that "using the same URL makes it easier to acces your Exchange server because they only have to remember one address." So, this is the choice I used.

When configuring the internal and external URLs to be the same, I had to use PowerShell to set the Hostname. Then, I executed all the PowerShell settings listed in the table under step 3.

This section also gives examples what I should create for my CNAME, and I believe this step needs to be for my Internal network. I don't know if I set it up correctly. The example shows Ex2013CAS.corp.contoso.com but I only entered server2.mydomain.com. Is this a problem and did I create my CNAMES for MAIL and OWA correctly? Here are my Internal CNAME settings.

CNAME
mail - points to server2.domain.com
owa - points to server2.mail.com

Here is an example of my CNAME setting for MAIL

Alias Name: mail
Fully qualified domain name (FQDN): mail.mydomain.com
Fully qualified domain anme (FQDN) for target host: server2.mydomain.com

How do I know this step worked? I walked through the technote topic named, "How do you know this step worked?" and I verified that my virtual directories are correct. They are the same as listed in the table. My Internal and External URL's are the same.

*** PROBLEM***

I performed the NSLOOKUP test on step 5. I opened up a command prompt on a workstation joined to this domain. I ran NSLOOKUP against every path listed in this technical support document and I have some errors. Here are the errors:

C:\>nslookup https://owa.mydomain.com/ecp
Server:  UnKnown
Address:  10.10.10.60

*** UnKnown can't find https://owa.mydomain.com/ecp: Non-existent domain

C:\>nslookup https://mail.mydomain.com/ews/Exchange.asmx
Server:  UnKnown
Address:  10.10.10.60

*** UnKnown can't find https://mail.mydomain.com/ews/Exchange.asmx: Non-existent domain

C:\>nslookup https://mail.mydomain.com/Microsoft-Server-ActiveSync
Server:  UnKnown
Address:  10.10.10.60

*** UnKnown can't find https://mail.mydomain.com/Microsoft-Server-ActiveSync:Non-existent domain

C:\>nslookup https://mail.mydomain.com/OAB
Server:  UnKnown
Address:  10.10.10.60

*** UnKnown can't find https://mail.mydomain.com/OAB: Non-existent domain

C:\>nslookup https://owa.mydomain.com/owa
Server:  UnKnown
Address:  10.10.10.60

*** UnKnown can't find https://owa.mydomain.com/owa: Non-existent domain

C:\>nslookup http://mail.mydomain.com/PowerShell
Server:  UnKnown
Address:  10.10.10.60

*** UnKnown can't find http://mail.mydomain.com/PowerShell: Non-existent domain

Questions:

Before I can configured my SSL certificates, I believe I have to resolve this step. So, here are some questions concerning this test:

* Why is the server unknown?
* Why is the server Address 10.10.10.60 instead of 10.10.10.61, which is the INTERNAL IP address of the Web and Exchange 2013 server. If I ping the server name for server2, then I get the correct IP address.
* Does something need to change with my DNS record? If so, where and how?
* Does something need to change with my firewall and forwarding?
0
Comment
Question by:jhieb
  • 8
  • 7
15 Comments
 
LVL 7

Expert Comment

by:mmicha
ID: 39614729
You need to create a PTR record for the IP address in DNS.  That is why it is resolving as "unknown".
0
 
LVL 1

Author Comment

by:jhieb
ID: 39614733
mmicha,

Thank you for the response. I am not good at DNS so I need more detail. I Googled PTR record and found the following URL:

http://technet.microsoft.com/en-us/library/bb727018.aspx

Please explain what type of record the Pointer record is, and what I need to do to create it. Please be specific.

Thank you.
0
 
LVL 7

Accepted Solution

by:
mmicha earned 500 total points
ID: 39614753
Check out the following video and it walks you through creating a reverse lookup zone in DNS.

http://www.youtube.com/watch?v=wF6jxoY2pBQ

Once you create that...  Click on the "A record" for your mail server, and select "Update associated PTR record".

You would also have to do this externally with your ISP.  Whatever your public IP address is, you should contact your ISP and have them upgrade the PTR record to match the hostname as well.  For a lab you can probably get away not doing that though.
0
 
LVL 1

Author Comment

by:jhieb
ID: 39614971
mmicha, that was a very good video. I followed the steps exactly, and I setup a reverse lookup zone and a ptr record for my email server, my DC, and one other server having a static IP address.

I restarted DNS on my DNS server, and also restarted my workstation connecting to this domain so that DNS is refreshed both on the server and the workstation.

I opened a command prompt on my Windows 7 computer and ran NSLOOKUP without any parameters. My results are:

default server: ectsvr01.mycomain.com
address: 10.10.10.60

The results are correct.

If I enter one of the previously tried URL's, my errors are slightly different. For example, I get the following errors:

> nslookup https://owa.mydomain.com/ecp
*** Can't find address for server https://owa.mydomain.com/ecp: Non-existent domain

> nslookup https://mail.mydomain.com/oab
*** Can't find address for server https://mail.mydomain.com/oab: Non-existent domain

Are these errors because I need to setup this externally with my ISP, and they should upgrade the PTR record to match the host name? I do have a valid and registered domain and it is the one I will be using for this site.

Alternately, when I setup my URLs in step 5, perhaps it would have been better to make the internal and external URL's different.

Your thoughts?
0
 
LVL 7

Expert Comment

by:mmicha
ID: 39614990
It looks like your internal name and external names are different.  I'd just try creating "A records" for owa.mydomain.com, mail.mydomain.com on your internal dns and see what the results are of the nslookup.

These errors you are seeing are most likely coming from your internal dns.
0
 
LVL 1

Author Comment

by:jhieb
ID: 39615017
I deleted the CNAMES for owa and mail, and then crated A records for them. Then, I restarted DNS on the DNS server, and restarted the DNS client service on the workstation. I get the same result.

I have checked the Internal and External URL's in Exchange and they are all the same.

Is it possible that something is wrong with my firewall and my redirection, or even with IIS?

By the way, I have GoDaddy support on the phone. I asked them about the PTR record and he wasn't sure about that. He said that he would do an NSLOOKUP on his end and then get back with me. He put me on hold and I am on hold right now.
0
 
LVL 7

Expert Comment

by:mmicha
ID: 39615028
I'm not sure they will be able to help with the PTR record.  Who ever owns the IP block you are using would be authoritative for the record to make that change.

So externally you want: mail.mydomain.com

and the internal name of the server is also mail.mydomain.com?
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 
LVL 1

Author Comment

by:jhieb
ID: 39615088
Gosh, I am not sure what I want exactly so that is why I followed the steps in this Microsoft technical note and these are the DNS settings the tech note said to create.

By the way, GoDaddy Support let me know that my SSL certificates are installed incorrectly (I experimented with them a couple of days ago). He said that they are the wrong certificates. So, I need to regenerate them. Do you think this has any affect on what I am doing today with DNS?
0
 
LVL 7

Expert Comment

by:mmicha
ID: 39615150
No, I don't think the SSL certificate has anything to do with the DNS issues you are stating.  That is the next step after you get this part all configured and working.

Might want to checkout cbtnuggets.com or pluralsight.com that have video training on software.  Help you get more comfortable with setup.
0
 
LVL 1

Author Comment

by:jhieb
ID: 39615200
I will check out those sites. I guess I should have answered differently in my previous reply.

For the Internal and External URL's, I selected the option to have both the Internal and External URL's to be the same. This was recommended in the technical document. I thought that was kind of odd but that was the recommendation.

I don't mind changing the Internal and external URL's if that resolves this DNS issue.
0
 
LVL 1

Author Comment

by:jhieb
ID: 39615269
How can I contact you directly?
0
 
LVL 7

Expert Comment

by:mmicha
ID: 39615312
Being the same is what I would do.

mail.mydomain.com is what I would use for both internal and external.

Though you mentioned previously a reference of ectsvr01.mydomain.com.  That is where I wasn't sure if you did it that way or not.

I wouldn't break it out like
owa.mydomain.com
ecp.mydomain.com
etc...

I'm not sure what you mean by contacting me directly.  I don't usually contact people outside of the forum, and there is no direct message ability.
0
 
LVL 1

Author Comment

by:jhieb
ID: 39615329
Oh, that was a result of nslookup. When I created a PTR record for my mail server, that's when I noticed I also needed to create a PTR record for my main server, which is ectsvr01. Now, nslookup displays the server name when I run the command without a parameter.

Way back when, Experts Exchange used to have a hire me feature or something similar to that. This is why I wanted to contact you directly. I have a hunch that my settings are very close to complete, and it would be much easier to have someone look at this directly for about 30 minutes to an hour. If that is not possible anymore than I understand.
0
 
LVL 7

Expert Comment

by:mmicha
ID: 39615338
I don't believe there is a feature to do that.  I'd just suggest looking on youtube for setup videos or the training sites I mentioned.  Watching an instructor do it can work wonders and get you moving in the right direction.

Normally, when I setup Exchange and use the same name internally and externally it goes pretty smooth.  Just create a send connector, and setup autodiscover, and ssl and it goes pretty quickly.  I wish I could be more assistance.  I struggle to understand everything without seeing, and the feature you mention would be helpful for sure.
0
 
LVL 1

Author Closing Comment

by:jhieb
ID: 39615364
Thank you. Usually, I can stumble along enough to get some testing done so I don't have to worry about fine details. Now, my testing requires a fully functional domain with Exchange 2013 to be accessible inside and outside of my LAN. As of now, I can access my email server and do some of the testing I need to do; however, I will probably need to get my DNS settings correct in order to test Outlook Anywhere with RPC over HTTPS. So, unfortunately, I have some work to do.

It is too bad some of my comments could not be made private. If they could be private then I would be posting the real domain name so that you could also use DNS and SSL tools to see what my site s saying.

Thanks for your help. Perhaps, I will see you on here some more as I have more questions to ask.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now