Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange 2010 UCC Cert - Split DNS - Switch Internal to FQDN

Posted on 2014-04-21
5
670 Views
Last Modified: 2014-04-22
Greetings. I now understand that new Exchange Certs (3rd party) will not include internal network names (only public FQDN names).

This is our current configuration (from Exchange Admin MMC):

Outlook Web App is correct (Internal and External)
Exchange ActiveSync is partially correct (Internal is .Local Name, External is Correct)
Offline Address Book is partially correct (Internal is .Local Name, External is Correct)
Exchange Control Panel is correct (Internal and External)

Receive Connector (Client) is incorrect (Uses .Local Name)
--------------------------------------

Our correct external URL is:  mail.our_company.org

I'm pretty sure I understand how to change all these, but the "Split DNS" confuses me a bit.  We already have "Internal_Doman.LOCAL" as a forward lookup zone in DNS.  However, it is AD Integrated.  From what I've read, I need to create a new forward zone that is *not* AD Integrated, correct ?  Name it anything I want ?  Domain name will be the internal mail host ? (Server_Name.LOCAL)  And create a single A record with the external mail server name, yes ?

Also, from above it looks like I just need to update EAS, OAB, ECP and the Receive Connector, yes ?  I don't have a "default" receive connector, just the "Client" one.

Thanks all.
-Stephen
0
Comment
Question by:lapavoni
  • 3
  • 2
5 Comments
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40013690
You basically create a zone for our_company,org on your internal DNS servers. I normally make these AD integrated. Then create A records for all your external URLs but have them point to the internal IPs of the corresponding servers (instead of their public IPs).

For more info. Scroll down to Step 5: Namespace design and Implementation. It is a 2003 to 2010 migration document but it discusses how to correctly configure split brain DNS for 2010. And has lots of screenshots.

http://supertekboy.com/2014/04/07/migrating-exchange-2003-2010-part-iii/
0
 

Author Comment

by:lapavoni
ID: 40013721
OK, this is interesting.  Looks like the DNS work has been done already.  The "non-AD-integrated" thing threw me.  My forward lookup zones for our FQDN look fine.  We have two .org domains (both same IP) that have the correct autodiscover and mail entries in them.  Here are screenshots.  I guess the EAS, OAB, ECP and Receive connector just weren't updated.  Would you say this is ready for those changes (along with a new cert), based on these DNS settings ? :

Forward Zones
Zones - AutoDiscover and Mail
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40013730
The DNS looks pretty good to me. Yes, you just need to make your internal URLs match your external URLs.
0
 

Author Closing Comment

by:lapavoni
ID: 40014229
Thanks for the information and confirming the settings we had in place, diggi.  New cert installed, Remote Connectivity Analyzer passes everything, and no one on the inside complaining yet :-)
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40014845
Awesome!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question