Solved

DNS issue

Posted on 2014-04-21
15
1,670 Views
Last Modified: 2014-05-02
I made the cutover (changed the MX records) so that our mailflow will now come from Office 365 and not the in house server. The issue is Once the cutover was made. Everything worked (OWA, reconfigured mobile devices and tablet and even outlook clients out of the network).

The issue is configuring the outlook client in network. This is not my first migration. So I know that I have to change the DNS of each individual user PC to a public DNS like 4.2.2.2 so that when I reconfigure outlook it picks up the office365 setup before the in house exchange.

That part worked. The issue is once I revert the DNS on the PC back to the internal DNS the user PC's start asking for the user name and password and the pop shows that the asking server is the internal OWA link.

I called Microsoft Office 365 team and this is what they said


"As discussed over the call last week, we found that we are able to configure Outlook in External Network and the issue is only in Internal Network. We can access Outlook Web Access in internal Network which means that the Office365 Exchange is working fine. Your Local DNS Manager seems to be blocking the Query to connect the Global Server.

The problem is with the network as you have as the Local DNS is not allowing us to connect to the Office365 exchange server.

As I am not a Network Engineer, would suggest you to contact the Network Admin. He will be able to bypass the Query and connect to the Office365 Exchange Server in internal Network."


I do not have much experience with the DNS. Can someone help me with this? I need to cutover to 365 and turn off the exchange server.

Thank you
0
Comment
Question by:IT_Fanatic
  • 8
  • 7
15 Comments
 
LVL 9

Expert Comment

by:BigPapaGotti
Comment Utility
When you point users on the internal network to the internal DNS servers and do an NSLookup for the Mail servers domain name what results are you getting? This sounds to me like it is still resolving to the internal Exchange server as opposed to the external Office 365 servers.

You may need to flush the DNS cache on the internal DNS Servers to get rid of the old entry and force the DNS entry to be updated to show the external IP for Office 365
0
 

Author Comment

by:IT_Fanatic
Comment Utility
We did NS lookup and the default server for the autodiscover.OURDOMAIN.com is our inhouse exchange server.

But if I do autodiscover.outlook.com i get the office 365 info
0
 
LVL 9

Accepted Solution

by:
BigPapaGotti earned 500 total points
Comment Utility
You need to adjust your in house DNS server to point to Office 365 instead of your inhouse exchange server. If you have access to the DNS server you should be able to connect to it and adjust the dns entry for "autodiscover.ourdomain.com" to point to the Office 365 info you are seeing on autodiscover.outlook.com
0
 

Author Comment

by:IT_Fanatic
Comment Utility
where is it that we do this and what exactly do I need to do?

But by changing the internal DNS to office 365 wont that cause issues to the equipment in house?
0
 
LVL 9

Expert Comment

by:BigPapaGotti
Comment Utility
You will only be changing an internal DNS record for office 365. You will not be moving everything over to office 365. So the only affect this will have is that anything that tries to resolve autodiscover.YOURDOMAIN.com will get a result that lives in Office 365 instead of your exchange server.

You need to connect to your DNS servers that are configured for your domain. You can find the IP address of them by opening a command prompt and typing "ipconfig /all" You will see in the output a list of DNS servers. You will need to adjust them by opening up the DNS MMC and finding the "autodiscover" record and updating it to point to Office 365's information that is found there. Have you ever worked with DNS? Are you the Network/Systems Administrator? If not are you able to touch base with them to see if they are able to assist you?
0
 

Author Comment

by:IT_Fanatic
Comment Utility
I have the IP of the DNS server and I log into and go to DNS Manager

From there I go to

DNS>The DNS Server>Forward Lookup Zones>My Domain

I see no CNAME record for autodiscover
0
 
LVL 9

Expert Comment

by:BigPapaGotti
Comment Utility
Do you see any DNS entry for autodiscover? This may not be a CNAME record.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:IT_Fanatic
Comment Utility
none. I see an A record called "mail" with the ip of the exchange server
0
 

Author Comment

by:IT_Fanatic
Comment Utility
I just checked a different client domain and they have a CNAME record call "autodiscover"

I open it and it says
Alias "autodiscover"
FQDN "The domain"
FQDN (i see it says autodiscover.outlook.com" so I look at browse and I see

Look in DNS
Records "The SBSDNS server"
Selection "The SBSDNS server"
Record Types "Hosts and Aliases (A and CNAME records)

So if I am reading this right.

I login to the DNS of the IP of the server under DNS when I did ipconfig /all
Go to DNS>The DNS Server>Forward Lookup Zones>My Domain
Create a CNAME record with the info of
Alias autodiscover
FQDN autodiscover.my domain.com
FQDN (DO i select the DNS server I am currently on?)

If this is correct what will happen if I create this record right now?

Also theres an option that says when your about to finish the creation of the CNAME record "Allow any authenticated user to update all DNS records with the same name. This setting applies only to DNS records for a new name.  (Do i put a check mark on this option)?
0
 
LVL 9

Expert Comment

by:BigPapaGotti
Comment Utility
Yes that is right. You need to create a CNAME on your internal DNS server in order get this setup to work on your hosts in the internal LAN. This would explain why it is working externally and not internally. Microsoft has already setup the public network to use the autodiscover DNS entry. The internal network however has not been configured for this yet which is why you are seeing the issue. Create the CNAME record and use the FQDN that Microsoft gave you for the Office 365 mail server.

When you create the CNAME on your internal DNS server I would NOT put a check mark in this box. This will protect you from any configuration mistakes in the future and any adjustments that would need to be made would be performed by you, the administrator.
0
 

Author Comment

by:IT_Fanatic
Comment Utility
What will happen if i create this record right now? The cutover has been postponed but If I can at least create the record and when we are good to go again atleast I know it will work 100%

If creating this record will cause issues on the DNS meaning email flow then ill hold back until we can cutover
0
 
LVL 9

Expert Comment

by:BigPapaGotti
Comment Utility
To be safe I would wait until the cutover (maintenance window) to make the change.
0
 

Author Comment

by:IT_Fanatic
Comment Utility
Is autodiscover basically the past when you setup a new Outlook on a user pc is fill in the blank with the user info to configure Outlook?
0
 
LVL 9

Expert Comment

by:BigPapaGotti
Comment Utility
Yes AutoDiscover will allow Outlook to automatically be configured with your mail server settings so that the account will be setup automagically. Things like server name, ports, user's full name, etc will automatically be setup. Before this was something that we (IT folks) had to do manually on each machine. Autodiscover will automate this for us so that users can simply click on the Outlook icon, and the information will already be present and the account will be setup saving us some time.
0
 

Author Closing Comment

by:IT_Fanatic
Comment Utility
that did it. But I also needed to go to every pc and do the following.

All domain joint machines will be performing SCP lookup for autodiscover while creating profile hence if possible please remove SBI from your server or you can create a group policy in your AD for modifying registry:

Registry which you need to modify is:

Hkey_current_user/software/Microsoft/Office/xx.x/Outlook/autodiscover/ExcludeSCPlookup =1

xx.x will be 14.0 for Office 2010 and 15.0 for Office 2013.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now