Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DNS issue

Posted on 2014-04-21
15
Medium Priority
?
2,397 Views
Last Modified: 2014-05-02
I made the cutover (changed the MX records) so that our mailflow will now come from Office 365 and not the in house server. The issue is Once the cutover was made. Everything worked (OWA, reconfigured mobile devices and tablet and even outlook clients out of the network).

The issue is configuring the outlook client in network. This is not my first migration. So I know that I have to change the DNS of each individual user PC to a public DNS like 4.2.2.2 so that when I reconfigure outlook it picks up the office365 setup before the in house exchange.

That part worked. The issue is once I revert the DNS on the PC back to the internal DNS the user PC's start asking for the user name and password and the pop shows that the asking server is the internal OWA link.

I called Microsoft Office 365 team and this is what they said


"As discussed over the call last week, we found that we are able to configure Outlook in External Network and the issue is only in Internal Network. We can access Outlook Web Access in internal Network which means that the Office365 Exchange is working fine. Your Local DNS Manager seems to be blocking the Query to connect the Global Server.

The problem is with the network as you have as the Local DNS is not allowing us to connect to the Office365 exchange server.

As I am not a Network Engineer, would suggest you to contact the Network Admin. He will be able to bypass the Query and connect to the Office365 Exchange Server in internal Network."


I do not have much experience with the DNS. Can someone help me with this? I need to cutover to 365 and turn off the exchange server.

Thank you
0
Comment
Question by:IT_Fanatic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
15 Comments
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 40012779
When you point users on the internal network to the internal DNS servers and do an NSLookup for the Mail servers domain name what results are you getting? This sounds to me like it is still resolving to the internal Exchange server as opposed to the external Office 365 servers.

You may need to flush the DNS cache on the internal DNS Servers to get rid of the old entry and force the DNS entry to be updated to show the external IP for Office 365
0
 

Author Comment

by:IT_Fanatic
ID: 40012812
We did NS lookup and the default server for the autodiscover.OURDOMAIN.com is our inhouse exchange server.

But if I do autodiscover.outlook.com i get the office 365 info
0
 
LVL 9

Accepted Solution

by:
BigPapaGotti earned 2000 total points
ID: 40012818
You need to adjust your in house DNS server to point to Office 365 instead of your inhouse exchange server. If you have access to the DNS server you should be able to connect to it and adjust the dns entry for "autodiscover.ourdomain.com" to point to the Office 365 info you are seeing on autodiscover.outlook.com
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:IT_Fanatic
ID: 40012831
where is it that we do this and what exactly do I need to do?

But by changing the internal DNS to office 365 wont that cause issues to the equipment in house?
0
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 40012888
You will only be changing an internal DNS record for office 365. You will not be moving everything over to office 365. So the only affect this will have is that anything that tries to resolve autodiscover.YOURDOMAIN.com will get a result that lives in Office 365 instead of your exchange server.

You need to connect to your DNS servers that are configured for your domain. You can find the IP address of them by opening a command prompt and typing "ipconfig /all" You will see in the output a list of DNS servers. You will need to adjust them by opening up the DNS MMC and finding the "autodiscover" record and updating it to point to Office 365's information that is found there. Have you ever worked with DNS? Are you the Network/Systems Administrator? If not are you able to touch base with them to see if they are able to assist you?
0
 

Author Comment

by:IT_Fanatic
ID: 40012915
I have the IP of the DNS server and I log into and go to DNS Manager

From there I go to

DNS>The DNS Server>Forward Lookup Zones>My Domain

I see no CNAME record for autodiscover
0
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 40012926
Do you see any DNS entry for autodiscover? This may not be a CNAME record.
0
 

Author Comment

by:IT_Fanatic
ID: 40012939
none. I see an A record called "mail" with the ip of the exchange server
0
 

Author Comment

by:IT_Fanatic
ID: 40012967
I just checked a different client domain and they have a CNAME record call "autodiscover"

I open it and it says
Alias "autodiscover"
FQDN "The domain"
FQDN (i see it says autodiscover.outlook.com" so I look at browse and I see

Look in DNS
Records "The SBSDNS server"
Selection "The SBSDNS server"
Record Types "Hosts and Aliases (A and CNAME records)

So if I am reading this right.

I login to the DNS of the IP of the server under DNS when I did ipconfig /all
Go to DNS>The DNS Server>Forward Lookup Zones>My Domain
Create a CNAME record with the info of
Alias autodiscover
FQDN autodiscover.my domain.com
FQDN (DO i select the DNS server I am currently on?)

If this is correct what will happen if I create this record right now?

Also theres an option that says when your about to finish the creation of the CNAME record "Allow any authenticated user to update all DNS records with the same name. This setting applies only to DNS records for a new name.  (Do i put a check mark on this option)?
0
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 40013209
Yes that is right. You need to create a CNAME on your internal DNS server in order get this setup to work on your hosts in the internal LAN. This would explain why it is working externally and not internally. Microsoft has already setup the public network to use the autodiscover DNS entry. The internal network however has not been configured for this yet which is why you are seeing the issue. Create the CNAME record and use the FQDN that Microsoft gave you for the Office 365 mail server.

When you create the CNAME on your internal DNS server I would NOT put a check mark in this box. This will protect you from any configuration mistakes in the future and any adjustments that would need to be made would be performed by you, the administrator.
0
 

Author Comment

by:IT_Fanatic
ID: 40013226
What will happen if i create this record right now? The cutover has been postponed but If I can at least create the record and when we are good to go again atleast I know it will work 100%

If creating this record will cause issues on the DNS meaning email flow then ill hold back until we can cutover
0
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 40013698
To be safe I would wait until the cutover (maintenance window) to make the change.
0
 

Author Comment

by:IT_Fanatic
ID: 40013706
Is autodiscover basically the past when you setup a new Outlook on a user pc is fill in the blank with the user info to configure Outlook?
0
 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 40013934
Yes AutoDiscover will allow Outlook to automatically be configured with your mail server settings so that the account will be setup automagically. Things like server name, ports, user's full name, etc will automatically be setup. Before this was something that we (IT folks) had to do manually on each machine. Autodiscover will automate this for us so that users can simply click on the Outlook icon, and the information will already be present and the account will be setup saving us some time.
0
 

Author Closing Comment

by:IT_Fanatic
ID: 40038698
that did it. But I also needed to go to every pc and do the following.

All domain joint machines will be performing SCP lookup for autodiscover while creating profile hence if possible please remove SBI from your server or you can create a group policy in your AD for modifying registry:

Registry which you need to modify is:

Hkey_current_user/software/Microsoft/Office/xx.x/Outlook/autodiscover/ExcludeSCPlookup =1

xx.x will be 14.0 for Office 2010 and 15.0 for Office 2013.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is my first article on Expert Exchange on the Manual Method of Exporting Office 365 Mailboxes to PST format by using the eDiscovery mechanism of Office. Hope you will enjoy the article.
This article describes how to import an Outlook PST file to Office 365 using a third party product to avoid Microsoft's Azure command line tool, saving you time.
Office 365 is currently available in five editions. Three of them are for business use: Office 365 Business Essentials, Office 365 Business, and Office 365 Business Premium. Two of them are for home/personal use: Office 365 Home and Office 365 Perso…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question