Solved

Exchange 2013 Virtual Directories, CNAME & DNS Help

Posted on 2014-09-23
6
10 Views
Last Modified: 2016-06-14
I am in the process of setting up a fresh install of Exchange 2013 in a new domain.  The domain is ad.LegalName.com.  I have setup the Exchange Virtual Directories (OWA, ECP, etc.) to be https://mail.DivisionName.com/.  

In order to allow my internal users to use https://mail.DivisionName.com/owa to access their email in their browser, I created an Alias / CNAME in the DNS Manager on the domain controller.  Since there was only one Forward Lookup Zone of ad.LegalName.com, I had to create a second Forward Lookup Zone of Division.com and create the Alias there for mail.DivisionName.com.  

This seems to have worked.  Within the network, I am able to go to https://mail.DivisionName.com/owa and it brings me to the OWA login page.  

Now for my questions:

#1 - Did I set this up correctly?  I am pretty green when it comes to DNS configurations and such.  I just want to make sure that this was setup properly and that I am not going to have any problems.  

#2 - I am purchasing a wildcard SSL certificate for use on the Exchange Server.  I am assuming that I will need to use DivisionName.com as the root domain for the certificate.  While the Exchange server that the certificate will be installed on is part of the ad.LegalName.com domain, the site that the user will go to is mail.DivisionsName.com/owa to access their mail.  I just want to verify that DivisionName.com is the proper root domain to have the certificate issued to for use on the Exchange server.  

Thanks in advance for all the help!
0
Comment
Question by:csimmons1324
  • 3
6 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 40340432
It will work but the question, why do you have different domain names for the same org ?  one internally and one externally with different names ?
0
 
LVL 24

Expert Comment

by:Mohammed Khawaja
ID: 40340476
You should set up your DNS entries to something like divisionname.legalname.com as wild card certificates works for entries such as *.legalname.com where * could be each division name.  If you are going with mail.divisionname.com then you will require multiple SSL certificates, one for each division name.
0
 

Author Comment

by:csimmons1324
ID: 40341788
Suliman,

Our legal name for the company is "XYZ, Inc."  However, we do not really use this name in the marketplace as it is simply the legal parent company name.  Everyone in the market knows us as "XYZ Systems."  Technically speaking, "XYZ Systems" is a division of "XYZ, Inc."  We also have another division "ABC Technologies."  Once again, this division falls under the "XYZ, Inc." parent company.  

We own the external domains XYZinc.com, XYZsystems.com and ABCtechnologies.com.  "ABC Technolgies" sells a subset of the products of "XYZ Systems" and just targets a niche market.  Being a SMB...all of our sales guys and internal employees support both divisions.  So from an internal structure there is really no seperation between the divisions.  Therefore, management made the decision that all of our email addresses will be @XYZsystems.com as this is our largest division and the name we are known as in the market place.    

With all of that said, I made the decision to setup our internal domain as "ad.xyzinc.com" since it is our actual legal name.  As I stated above, management made the decision to use @XYZsystems.com for all our company email addresses.  When I setup our new Exchange server I set all the virtual directions to be https://mail.XYZsystems.com. I did this for two reasons:

1.  This is the site that our current Exchange Server (setup by our previous IT person) uses so our employees are familiar with going to https://mail.XYZsystems.com to check their email over the web.

2.  Seeing that our email addresses are all @XYZsystems.com it makes the most sense for the users to got to mail.XYZsystems.com to get their email.
0
 

Author Comment

by:csimmons1324
ID: 40341935
Mohammed,

I understand what you are saying and see the advantages there.  Using the naming convention in my last post...On the other hand, we pretty much use XYZsystems.com for everything.  If I buy a wildcard SSL certificate for *.XYZsystems.com then I can use it in the following locations:

1. On our webserver to encrypt our backend admin login pages for our hosted website site.
2. I can use it on our internal email server.
3. Possibly on our IIS server for our outside sales guys to access our ERP portal.  I have yet to look into this so I am not entirely sure about this one.

Let's say I decide to with setting up DNS entris to something like divisionname.legalname.com as you mentioned.  How would I setup an Alias within DNS for mail.divisionname.com?  When I create the alias, the FQDN is automatically set with the format aliasname.forwardlookupzone.  If I had forward lookup zones of divisionname.legalname.com, per your suggestion, then wouldn't my virtual directories for Exchange need to be set to mail.divisionname.legalname.com so that I could setup the mail alias within DNS?

I hope that makes sense....as stated previously, I am pretty new to this stuff.
0
 

Accepted Solution

by:
csimmons1324 earned 0 total points
ID: 40342152
After setting up DNS with a new forward lookup zone for Division.com I realized that when I opened IE and went to www.division.com it wouldn't resolve to our webhost.  I did some investigating and came across this article:

http://www.redflametech.com/blog_mod/split-dns-setup-for-exchange-server-internal-web-interface-mail-domain-com-and-external-dns-resolution-for-domain-com/

DNS now seems to resolve correctly as my internal users can visti www.division.com and the website loads properly.  They can also go to mail.division.com and DNS resolves and they are able to access OWA.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now