Exchange 2013 Virtual Directories, CNAME & DNS Help

Posted on 2014-09-23
Last Modified: 2016-06-14
I am in the process of setting up a fresh install of Exchange 2013 in a new domain.  The domain is  I have setup the Exchange Virtual Directories (OWA, ECP, etc.) to be  

In order to allow my internal users to use to access their email in their browser, I created an Alias / CNAME in the DNS Manager on the domain controller.  Since there was only one Forward Lookup Zone of, I had to create a second Forward Lookup Zone of and create the Alias there for  

This seems to have worked.  Within the network, I am able to go to and it brings me to the OWA login page.  

Now for my questions:

#1 - Did I set this up correctly?  I am pretty green when it comes to DNS configurations and such.  I just want to make sure that this was setup properly and that I am not going to have any problems.  

#2 - I am purchasing a wildcard SSL certificate for use on the Exchange Server.  I am assuming that I will need to use as the root domain for the certificate.  While the Exchange server that the certificate will be installed on is part of the domain, the site that the user will go to is to access their mail.  I just want to verify that is the proper root domain to have the certificate issued to for use on the Exchange server.  

Thanks in advance for all the help!
Question by:csimmons1324
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 40340432
It will work but the question, why do you have different domain names for the same org ?  one internally and one externally with different names ?
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40340476
You should set up your DNS entries to something like as wild card certificates works for entries such as * where * could be each division name.  If you are going with then you will require multiple SSL certificates, one for each division name.

Author Comment

ID: 40341788

Our legal name for the company is "XYZ, Inc."  However, we do not really use this name in the marketplace as it is simply the legal parent company name.  Everyone in the market knows us as "XYZ Systems."  Technically speaking, "XYZ Systems" is a division of "XYZ, Inc."  We also have another division "ABC Technologies."  Once again, this division falls under the "XYZ, Inc." parent company.  

We own the external domains, and  "ABC Technolgies" sells a subset of the products of "XYZ Systems" and just targets a niche market.  Being a SMB...all of our sales guys and internal employees support both divisions.  So from an internal structure there is really no seperation between the divisions.  Therefore, management made the decision that all of our email addresses will be as this is our largest division and the name we are known as in the market place.    

With all of that said, I made the decision to setup our internal domain as "" since it is our actual legal name.  As I stated above, management made the decision to use for all our company email addresses.  When I setup our new Exchange server I set all the virtual directions to be I did this for two reasons:

1.  This is the site that our current Exchange Server (setup by our previous IT person) uses so our employees are familiar with going to to check their email over the web.

2.  Seeing that our email addresses are all it makes the most sense for the users to got to to get their email.

Author Comment

ID: 40341935

I understand what you are saying and see the advantages there.  Using the naming convention in my last post...On the other hand, we pretty much use for everything.  If I buy a wildcard SSL certificate for * then I can use it in the following locations:

1. On our webserver to encrypt our backend admin login pages for our hosted website site.
2. I can use it on our internal email server.
3. Possibly on our IIS server for our outside sales guys to access our ERP portal.  I have yet to look into this so I am not entirely sure about this one.

Let's say I decide to with setting up DNS entris to something like as you mentioned.  How would I setup an Alias within DNS for  When I create the alias, the FQDN is automatically set with the format aliasname.forwardlookupzone.  If I had forward lookup zones of, per your suggestion, then wouldn't my virtual directories for Exchange need to be set to so that I could setup the mail alias within DNS?

I hope that makes stated previously, I am pretty new to this stuff.

Accepted Solution

csimmons1324 earned 0 total points
ID: 40342152
After setting up DNS with a new forward lookup zone for I realized that when I opened IE and went to it wouldn't resolve to our webhost.  I did some investigating and came across this article:

DNS now seems to resolve correctly as my internal users can visti and the website loads properly.  They can also go to and DNS resolves and they are able to access OWA.

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question