Solved

Exchange 2010 UCC Cert - Split DNS - Switch Internal to FQDN

Posted on 2014-04-21
5
661 Views
Last Modified: 2014-04-22
Greetings. I now understand that new Exchange Certs (3rd party) will not include internal network names (only public FQDN names).

This is our current configuration (from Exchange Admin MMC):

Outlook Web App is correct (Internal and External)
Exchange ActiveSync is partially correct (Internal is .Local Name, External is Correct)
Offline Address Book is partially correct (Internal is .Local Name, External is Correct)
Exchange Control Panel is correct (Internal and External)

Receive Connector (Client) is incorrect (Uses .Local Name)
--------------------------------------

Our correct external URL is:  mail.our_company.org

I'm pretty sure I understand how to change all these, but the "Split DNS" confuses me a bit.  We already have "Internal_Doman.LOCAL" as a forward lookup zone in DNS.  However, it is AD Integrated.  From what I've read, I need to create a new forward zone that is *not* AD Integrated, correct ?  Name it anything I want ?  Domain name will be the internal mail host ? (Server_Name.LOCAL)  And create a single A record with the external mail server name, yes ?

Also, from above it looks like I just need to update EAS, OAB, ECP and the Receive Connector, yes ?  I don't have a "default" receive connector, just the "Client" one.

Thanks all.
-Stephen
0
Comment
Question by:lapavoni
  • 3
  • 2
5 Comments
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40013690
You basically create a zone for our_company,org on your internal DNS servers. I normally make these AD integrated. Then create A records for all your external URLs but have them point to the internal IPs of the corresponding servers (instead of their public IPs).

For more info. Scroll down to Step 5: Namespace design and Implementation. It is a 2003 to 2010 migration document but it discusses how to correctly configure split brain DNS for 2010. And has lots of screenshots.

http://supertekboy.com/2014/04/07/migrating-exchange-2003-2010-part-iii/
0
 

Author Comment

by:lapavoni
ID: 40013721
OK, this is interesting.  Looks like the DNS work has been done already.  The "non-AD-integrated" thing threw me.  My forward lookup zones for our FQDN look fine.  We have two .org domains (both same IP) that have the correct autodiscover and mail entries in them.  Here are screenshots.  I guess the EAS, OAB, ECP and Receive connector just weren't updated.  Would you say this is ready for those changes (along with a new cert), based on these DNS settings ? :

Forward Zones
Zones - AutoDiscover and Mail
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40013730
The DNS looks pretty good to me. Yes, you just need to make your internal URLs match your external URLs.
0
 

Author Closing Comment

by:lapavoni
ID: 40014229
Thanks for the information and confirming the settings we had in place, diggi.  New cert installed, Remote Connectivity Analyzer passes everything, and no one on the inside complaining yet :-)
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40014845
Awesome!
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now