[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Exchange 2010 UCC Cert - Split DNS - Switch Internal to FQDN

Posted on 2014-04-21
5
Medium Priority
?
695 Views
Last Modified: 2014-04-22
Greetings. I now understand that new Exchange Certs (3rd party) will not include internal network names (only public FQDN names).

This is our current configuration (from Exchange Admin MMC):

Outlook Web App is correct (Internal and External)
Exchange ActiveSync is partially correct (Internal is .Local Name, External is Correct)
Offline Address Book is partially correct (Internal is .Local Name, External is Correct)
Exchange Control Panel is correct (Internal and External)

Receive Connector (Client) is incorrect (Uses .Local Name)
--------------------------------------

Our correct external URL is:  mail.our_company.org

I'm pretty sure I understand how to change all these, but the "Split DNS" confuses me a bit.  We already have "Internal_Doman.LOCAL" as a forward lookup zone in DNS.  However, it is AD Integrated.  From what I've read, I need to create a new forward zone that is *not* AD Integrated, correct ?  Name it anything I want ?  Domain name will be the internal mail host ? (Server_Name.LOCAL)  And create a single A record with the external mail server name, yes ?

Also, from above it looks like I just need to update EAS, OAB, ECP and the Receive Connector, yes ?  I don't have a "default" receive connector, just the "Client" one.

Thanks all.
-Stephen
0
Comment
Question by:lapavoni
  • 3
  • 2
5 Comments
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 2000 total points
ID: 40013690
You basically create a zone for our_company,org on your internal DNS servers. I normally make these AD integrated. Then create A records for all your external URLs but have them point to the internal IPs of the corresponding servers (instead of their public IPs).

For more info. Scroll down to Step 5: Namespace design and Implementation. It is a 2003 to 2010 migration document but it discusses how to correctly configure split brain DNS for 2010. And has lots of screenshots.

http://supertekboy.com/2014/04/07/migrating-exchange-2003-2010-part-iii/
0
 

Author Comment

by:lapavoni
ID: 40013721
OK, this is interesting.  Looks like the DNS work has been done already.  The "non-AD-integrated" thing threw me.  My forward lookup zones for our FQDN look fine.  We have two .org domains (both same IP) that have the correct autodiscover and mail entries in them.  Here are screenshots.  I guess the EAS, OAB, ECP and Receive connector just weren't updated.  Would you say this is ready for those changes (along with a new cert), based on these DNS settings ? :

Forward Zones
Zones - AutoDiscover and Mail
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40013730
The DNS looks pretty good to me. Yes, you just need to make your internal URLs match your external URLs.
0
 

Author Closing Comment

by:lapavoni
ID: 40014229
Thanks for the information and confirming the settings we had in place, diggi.  New cert installed, Remote Connectivity Analyzer passes everything, and no one on the inside complaining yet :-)
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40014845
Awesome!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question