Solved

Exchange 2010 UCC Cert - Split DNS - Switch Internal to FQDN

Posted on 2014-04-21
5
680 Views
Last Modified: 2014-04-22
Greetings. I now understand that new Exchange Certs (3rd party) will not include internal network names (only public FQDN names).

This is our current configuration (from Exchange Admin MMC):

Outlook Web App is correct (Internal and External)
Exchange ActiveSync is partially correct (Internal is .Local Name, External is Correct)
Offline Address Book is partially correct (Internal is .Local Name, External is Correct)
Exchange Control Panel is correct (Internal and External)

Receive Connector (Client) is incorrect (Uses .Local Name)
--------------------------------------

Our correct external URL is:  mail.our_company.org

I'm pretty sure I understand how to change all these, but the "Split DNS" confuses me a bit.  We already have "Internal_Doman.LOCAL" as a forward lookup zone in DNS.  However, it is AD Integrated.  From what I've read, I need to create a new forward zone that is *not* AD Integrated, correct ?  Name it anything I want ?  Domain name will be the internal mail host ? (Server_Name.LOCAL)  And create a single A record with the external mail server name, yes ?

Also, from above it looks like I just need to update EAS, OAB, ECP and the Receive Connector, yes ?  I don't have a "default" receive connector, just the "Client" one.

Thanks all.
-Stephen
0
Comment
Question by:lapavoni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 500 total points
ID: 40013690
You basically create a zone for our_company,org on your internal DNS servers. I normally make these AD integrated. Then create A records for all your external URLs but have them point to the internal IPs of the corresponding servers (instead of their public IPs).

For more info. Scroll down to Step 5: Namespace design and Implementation. It is a 2003 to 2010 migration document but it discusses how to correctly configure split brain DNS for 2010. And has lots of screenshots.

http://supertekboy.com/2014/04/07/migrating-exchange-2003-2010-part-iii/
0
 

Author Comment

by:lapavoni
ID: 40013721
OK, this is interesting.  Looks like the DNS work has been done already.  The "non-AD-integrated" thing threw me.  My forward lookup zones for our FQDN look fine.  We have two .org domains (both same IP) that have the correct autodiscover and mail entries in them.  Here are screenshots.  I guess the EAS, OAB, ECP and Receive connector just weren't updated.  Would you say this is ready for those changes (along with a new cert), based on these DNS settings ? :

Forward Zones
Zones - AutoDiscover and Mail
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40013730
The DNS looks pretty good to me. Yes, you just need to make your internal URLs match your external URLs.
0
 

Author Closing Comment

by:lapavoni
ID: 40014229
Thanks for the information and confirming the settings we had in place, diggi.  New cert installed, Remote Connectivity Analyzer passes everything, and no one on the inside complaining yet :-)
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40014845
Awesome!
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question